To prevent anonymous users such as root from accessing the host with the Direct Console User Interface (DCUI) or ESXi Shell, remove the user's administrator privileges on the root folder of the host. This applies to both local users and Active Directory users and groups.


  1. Log in to ESXi using the vSphere Client.
  2. Click the Local Users & Groups tab and click Users.
  3. Right-click the anonymous user (for example, root) in the Users table and click Properties.
  4. Select an access role from the drop-down list.
  5. Click OK.

What to do next

By default, available roles are No access, Administrator, and Read-only. You can create new roles to apply to the user, as described in Managing ESXi Roles.