Change the default ESX Admins group to achieve greater levels of security by removing a known administrative access point.

Procedure

  1. Log in to the Compute vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://comp01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. Change the default ESX Admins group.
    1. In the Navigator, click Hosts and Clusters
    2. Expand the vCenter Server inventory tree, and select the comp01.esx01.sfo01.rainpole.local host.
    3. Click the Configure tab and under System, click Advanced System Settings.
    4. Click the Edit button.
    5. In the filter box, enter esxAdmins and wait for the search results.
    6. Change the value of Config.HostAgent.plugins.hostsvc.esxAdminsGroup to SDDC-Admins and click OK.
  3. Disable the SSH warning banner.
    1. In the Navigator, click Hosts and Clusters
    2. Expand the vCenter Server inventory tree, and select the comp01.esx01.sfo01.rainpole.local host.
    3. Click the Configure tab and under System, click Advanced System Settings.
    4. Click the Edit button.
    5. In the filter box, enter ssh and wait for the search results.
    6. Change the value of UserVars.SuppressShellWarning to 1 and click OK.