ESXi: esxi-8.lockdown-dcui-access

Information

The ESXi host must have an accurate DCUI.Access list. Ensures that only authorized users have direct console user interface (DCUI) access to the ESXi host when Lockdown Mode is enabled. The root user cannot be removed from the list. To control ESXi Shell and/or SSH access use the Lockdown Mode Exception Users list.

Solution

Get-VMHost -Name $ESXi | Get-AdvancedSetting DCUI.Access | Set-AdvancedSetting -Value root

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/