If there is a catastrophic failure, the DCUI.Access advanced option allows you to exit lockdown mode when you cannot access the host from vCenter Server. You add users to the list by editing the Advanced Settings for the host from the vSphere Web Client.

About this task

Note:

Users in the DCUI.Access list can change lockdown mode settings regardless of their privileges. The ability to change lockdown modes can impact the security of your host. For service accounts that need direct access to the host, consider adding users to the Exception Users list instead. Exception users can only perform tasks for which they have privileges. See Specify Lockdown Mode Exception Users.

Procedure

  1. Browse to the host in the vSphere Web Client object navigator.
  2. Click Configure.
  3. Under System, click Advanced System Settings, and click Edit.
  4. Filter for DCUI.
  5. In the DCUI.Access text box, enter the local ESXi user names, separated by commas.

    By default, the root user is included. Consider removing the root user from the DCUI.Access list, and specifying a named account for better auditability.

  6. Click OK.