For additional security, an administrator can place one or more hosts managed by a vCenter Server system in lockdown mode. Lockdown mode affects login privileges for the ESXi host.
See the vSphere Security document in the vSphere Documentation Center for a detailed discussion of normal lockdown mode and strict lockdown mode, and of how to enable and disable them.
To make changes to ESXi systems in lockdown mode, you must go through a vCenter Server system that manages the ESXi system as the user vpxuser
and include both the --server and --vihost parameters.
esxcli --server MyVC --vihost MyESXi storage filesystem list
The command prompts for the vCenter Server system user name and password.
The following commands cannot run against vCenter Server systems and are therefore not available in lockdown mode.
- vifs
- vicfg-user
- vicfg-cfgbackup
- vihostupdate
- vmkfstools
If you have problems running a command on an ESXi host directly, without specifying a vCenter Server target, check whether lockdown mode is enabled on that host.