Configure Password Policies for VMware Cloud Foundation
In a recent blog (
see here
) I provided an overview of Password Policy Configuration for VMware Cloud Foundation, in this blog we will take a deep dive on using Start-PasswordPolicyConfig which actually performs the configuration of all password policies across the VMware Cloud Foundation instance.
The Start-PasswordPolicyConfig cmdlet is part of the PowerShell Module for VMware Cloud Foundation Password Management
and provides the ability to automate the configuration of password policies using the provided configuration JSON for the following components:
- ESXi
- vCenter Single Sign-On
- vCenter Server
- NSX Manager
- NSX Edge
- SDDC Manager
The cmdlet has the following command line parameters:
| CLI Parameters | Required | Description |
|---|---|---|
| sddcManagerFqdn | required | FQDN for SDDC Manager appliance |
| sddcManagerUser | required | User account for SDDC Manager with ADMIN role |
| sddcManagerPass | required | Password for the SDDC Manager user |
| sddcRootPass | required | Password of the root account |
| reportPath | required | Folder location where reports are created and configuration JSON file resides |
| policyFile | optional | Name of the configuration JSON file used set the configuration |
Now lets take a look at an example of how to run the configuration.
Configure Password Policies for All Workload Domains
- Start Windows PowerShell.
- Change to the report folder.
1cd F:\Reporting - Generate the configuration JSON with product defaults by running the command in the PowerShell console:
1Get-PasswordPolicyDefault -generateJson -jsonFile 'passwordPolicyConfig.json' - Open the generated configuration JSON file and updated with desired values and save.
- Configure the password policies by running the following command in the PowerShell console:
1Start-PasswordPolicyConfig -sddcManagerFqdn 'sfo-vcf01.sfo.rainpole.io' -sddcManagerUser 'admin@local' -sddcManagerPass 'VMw@re1!VMw@re1!' -sddcRootPass 'VMw@re1!' -reportPath 'F:\Reporting' -policyFile 'PasswordPolicyConfig.json'
Conclusion
Using the Start-PasswordPolicyConfig cmdlet contained within the PowerShell Module for VMware Cloud Foundation Password Management
you can now easily configure the password policies for password expiration, password complexity and account lockout for all components within VMware Cloud Foundation instance.
If you have feedback, suggestions or want to report an issues with using the PowerShell Module for VMware Cloud Foundation Password Management visit GitHub and open an issue