5.9 Set DCUI.Access to allow trusted users to override lockdown mode


Create a list of highly trusted users that would be able to override lockdown mode and
access the DCUI in the event a host became isolated.


Lockdown disables direct host access requiring admins manage hosts from vCenter.
However, if a host becomes isolated from vCenter the admin would become locked out and
can no longer manage the host. To avoid potentially becoming locked out of an ESXi hosts
that is running in locked down mode, set the DCUI.Access to a list of highly trusted users
that are allowed to override the lockdown mode and access the DCUI.


From the vSphere web client-

1. Select the host.
2. Select 'Manage' -> 'Settings' -> 'System' -> 'Advanced System Settings'.
3. Type DCUI.Access in the filter.
4. Click on the attribute to highlight it.
5. Click the pencil icon to edit.
6. Set the DCUI.Access attribute to a comma-separated list of the users who are
allowed to override lockdown mode.
7. Click 'OK'

Impact-When you disable lockdown mode using the DCUI, all users with the DCUI Access privilege
are granted the Administrator role on the host.

Default Value-The prescribed state is not the default state.

See Also


Item Details


References: 800-53|AC-17(4), CSCv6|5.1

Plugin: VMware

Control ID: 22d71a7e9ad4f213fccf9ba5700b101ab11d74e0bb977171dae644b783f753f7