Installation guide
Table Of Contents
- VMware vCenter Configuration Manager Administration Guide
- Contents
- About This Book
- Getting Started with VCM
- Installing and Getting Started with VCM Tools
- Configuring VMware Cloud Infrastructure
- Virtual Environments Configuration
- Configure Virtual Environments Collections
- Configure Managing Agent Machines for Virtual Environment Management
- Obtain the SSL Certificate Thumbprint
- Configure vCenter Server Data Collections
- Configure vCenter Server Virtual Machine Collections
- Configure vCloud Director Collections
- Configure vCloud Director vApp Virtual Machines Collections
- Configure vShield Manager Collections
- Configure ESX Service Console OS Collections
- Configure the vSphere Client VCM Plug-In
- Running Compliance for the VMware Cloud Infrastructure
- Create and Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Rule Groups
- Create and Test Virtual Environment Compliance Rules
- Create and Test Virtual Environment Compliance Filters
- Preview Virtual Environment Compliance Rule Groups
- Create Virtual Environment Compliance Templates
- Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Exceptions
- Resolve Noncompliant Virtual Environments Template Results
- Configure Alerts and Schedule Virtual Environment Compliance Runs
- Configuring vCenter Operations Manager Integration
- Auditing Security Changes in Your Environment
- Configuring Windows Machines
- Configure Windows Machines
- Windows Collection Results
- Getting Started with Windows Custom Information
- Prerequisites to Collect Windows Custom Information
- Using PowerShell Scripts for WCI Collections
- Windows Custom Information Change Management
- Collecting Windows Custom Information
- Create Your Own WCI PowerShell Collection Script
- Verify that Your Custom PowerShell Script is Valid
- Install PowerShell
- Collect Windows Custom Information Data
- Run the Script-Based Collection Filter
- View Windows Custom Information Job Status Details
- Windows Custom Information Collection Results
- Run Windows Custom Information Reports
- Troubleshooting Custom PowerShell Scripts
- Configuring Linux, UNIX, and Mac OS X Machines
- Linux, UNIX, and Mac OS X Machine Management
- Linux, UNIX, or Mac OS X Installation Credentials
- Configure Collections from Linux, UNIX, and Mac OS X Machines
- Configure Installation Delegate Machines to Install Linux, UNIX, and Mac OS X...
- Configure the HTTPS Bypass Setting for Linux Agent Installations
- Enable Linux, UNIX, and Mac OS X Agent Installation
- Add and License Linux, UNIX, and Mac OS X Machines for Agent Installation
- Install the VCM Agent on Linux, UNIX, and Mac OS X Operating Systems
- Collect Linux, UNIX, and Mac OS X Data
- Linux, UNIX, and Mac OS X Collection Results
- Configure Scheduled Linux, UNIX, and Mac OS X Collections
- Patching Managed Machines
- Patch Assessment and Deployment
- Prerequisite Tasks and Requirements
- Manually Patching Managed Machines
- Getting Started with VCM Manual Patching
- Configuring An Automated Patch Deployment Environment
- Deploying Patches with Automated Patch Assessment and Deployment
- Configure VCM for Automatic Event-Driven Patch Assessment and Deployment
- Generate a Patch Assessment Template
- Run a Patch Assessment on Managed Machines
- Add Exceptions for Patching Managed Machines
- Configure the VCM Administration Settings
- Generate a Patch Deployment Mapping
- Configure VCM for Automatic Scheduled Patch Assessment and Deployment
- How the Linux and UNIX Patch Staging Works
- How the Linux and UNIX Patching Job Chain Works
- How the Deploy Action Works
- Patch Deployment Wizards
- Running Patching Reports
- Running and Enforcing Compliance
- Provisioning Physical or Virtual Machine Operating Systems
- Provisioning Software on Managed Machines
- Using Package Studio to Create Software Packages and Publish to Repositories
- Software Repository for Windows
- Package Manager for Windows
- Software Provisioning Component Relationships
- Install the Software Provisioning Components
- Using Package Studio to Create Software Packages and Publish to Repositories
- Using VCM Software Provisioning for Windows
- Related Software Provisioning Actions
- Configuring Active Directory Environments
- Configuring Remote Machines
- Tracking Unmanaged Hardware and Software Asset Data
- Managing Changes with Service Desk Integration
- Index
n
In-line: The default WCI filter uses an in-line script to collect basic information about the PowerShell
version, .NET version, and execution policy settings. The in-line option requires a collection script that is
represented as a single line of PowerShell code. Because the filter runs an in-line script on the
PowerShell command line, instead of using a file, the execution policy does not apply.
n
Script file: For script-based filters in WCI, the default script type command line includes options to set
the process-level execution policy to Remote Signed. The script requires that the execution policy be set
to Remote Signed at the most restrictive level because the script runs from a file that resides locally on
the VCM managed Windows machine. For WCI, VCM can execute collection scripts on managed
machines where the machine and user level signing policies are set to any level, without requiring you
to change the setting.
Built-In PowerShell Policy Settings
Before you use the WCI collection filter to run file-based PowerShell scripts on the VCM Collector and
your VCM managed machines, you must change the execution policy on the VCM managed machines.
PowerShell contains built-in execution policies that limit its use as an attack vector. By default, the
execution policy is set to Restricted, which is the primary policy for script execution.
The following policy settings apply to PowerShell scripts.
n
AllSigned: PowerShell scripts must be signed by a verifiable certificate from the Software Publishing
Certificate store. The typical file extension is .ps1. For signed scripts, you can set the execution policy
to All Signed. You must sign the scripts and distribute the appropriate certificates before you
collectWCI data.
n
RemoteSigned: A verifiable certificate must sign any PowerShell script that you download from the
Internet using a supported browser such as Internet Explorer. Script files that are not required to be
signed are scripts that you create locally or scripts that you download using a method that does not
support flagging the file source. For unsigned scripts, you must set the execution policy to the most
restrictive level of Remote Signed. You can set the policy directly by using a Group Policy Object (GPO)
with a VCM remote command. You can use a registry change action or enforceable compliance. For
example:
HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
"ExecutionPolicy"="RemoteSigned"
n
Unrestricted: All PowerShell script files run regardless of whether they are signed by a verifiable
certificate.
n
Restricted: You can use PowerShell interactively or to run commands directly from the command line.
This setting is the default.
References on PowerShell and Script Signing
For information about Windows PowerShell and script signing policies, see the Microsoft Web site.
Create an Example PowerShell Script for Scheduled Tasks
Use a custom PowerShell script to collect Windows Custom Information (WCI) data from VCM managed
Windows machines. With this example, you can learn how to use PowerShell scripts to collect WCI data
for scheduled tasks.
Windows provides the schtasks.exe utility to report on scheduled tasks that you create in the Task
Scheduler user interface or by using the AT command. The schtasks.exe utility enables you to manage
scheduled tasks on a local or remote computer and to report on the scheduled tasks.
vCenter Configuration Manager Administration Guide
102
VMware, Inc.