User`s guide
Table Of Contents
- VMware vCenter Configuration ManagerInstallation and Getting Started Guide
- About This Book
- Preparing for Installation
- Installation Manager
- Installation Configurations
- Tools Installation
- General Prerequisites to Install VCM
- Verify Hardware and Software Requirements
- Verify Administration Rights
- Set the Default Network Authority Account
- Specify the Collector Services Account
- Change the Collector Services Account Password in the Services Management Con...
- Change the Collector Services Account Password in the Component Services DCOM...
- Verify the VMware Application Services Account
- Determine the VCM Remote Virtual Directory
- Use Secure Communications Certificates
- Understand Server Authentication
- Verify the Foundation Checker System Checks
- Install UNIX Patch for HP-UX 11.11
- VCM Uses FIPS Cryptography
- Installing VCM
- Installing, Configuring, and Upgrading the OS Provisioning Server and Components
- Upgrading or Migrating VCM
- Upgrades
- Migrations
- Prerequisites to Migrate VCM
- Back Up Your Databases
- Back up Your Files
- Export and Back up Your Certificates
- Migrating VCM
- Migrate Only Your Database
- Replace Your Existing 32-Bit Environment with a Supported 64-bit Environment
- Migrate a 32-bit Environment Running VCM 5.3 or Earlier to VCM 5.4.1
- Migrate a 64-bit Environment Running VCM 5.3 or Earlier to VCM 5.4.1
- Migrate a Split Installation of VCM 5.3 or Earlier to a Single-Server Install...
- How to Recover Your Collector Machine if the Migration is not Successful
- Upgrading VCM and Components
- Maintaining VCM After Installation
- Getting Started with VCM Components and Tools
- Getting Started with VCM
- Discover, License, and Install Windows Machines
- Discover, License, and Install Windows Machines
- Verify Available Domains
- Check the Network Authority
- Assign Network Authority Accounts
- Discover Windows Machines
- License Windows Machines
- Disable User Account Control for VCM Agent Installation
- Install the VCM Windows Agent on Your Windows Machines
- Enable UAC After VCM Agent Installation
- Collect Windows Data
- Windows Collection Results
- Getting Started with Windows Custom Information
- Discover, License, and Install UNIX/Linux Machines
- Discover, License, and Install Mac OS X Machines
- Discover, Configure, and Collect Oracle Data from UNIX Machines
- Customize VCM for your Environment
- How to Set Up and Use VCM Auditing
- Discover, License, and Install Windows Machines
- Getting Started with VCM for Virtualization
- Getting Started with VCM Remote
- Getting Started with VCM Patching
- Getting Started with Operating System Provisioning
- Getting Started with Software Provisioning
- Using Package Studio to Create Software Packages and Publish to Repositories
- Software Repository for Windows
- Package Manager for Windows
- Software Provisioning Component Relationships
- Install the Software Provisioning Components
- Using Package Studio to Create Software Packages and Publish to Repositories
- Using VCM Software Provisioning for Windows
- Related Software Provisioning Actions
- Getting Started with VCM Management Extensions for Assets
- Getting Started with VCM Service Desk Integration
- Getting Started with VCM for Active Directory
- Installing and Getting Started with VCM Tools
- Index
n
In-line: The default WCI filter uses an in-line script to collect basic information about the PowerShell
version, .NET version, and execution policy settings. The in-line option requires a collection script that is
represented as a single line of PowerShell code. Because the filter runs an in-line script on the
PowerShell command line, instead of using a file, the execution policy does not apply.
n
Script file: For script-based filters in WCI, the default script type command line includes options to set
the process-level execution policy to Remote Signed. The script requires that the execution policy be set
to Remote Signed at the most restrictive level because the script runs from a file that resides locally on
the VCM managed Windows machine. For WCI, VCM can execute collection scripts on managed
machines where the machine and user level signing policies are set to any level, without requiring you
to change the setting.
Built-in PowerShell Policy Settings
Before you use the WCI collection filter to run file-based PowerShell scripts on the VCM Collector and
your VCM managed machines, you must change the execution policy on the VCM managed machines.
PowerShell contains built-in execution policies that limit its use as an attack vector. By default, the
execution policy is set to Restricted, which is the primary policy for script execution.
The following policy settings apply to PowerShell scripts.
n
AllSigned: PowerShell scripts must be signed by a verifiable certificate from the Software Publishing
Certificate store. The typical file extension is .ps1. For signed scripts, you can set the execution policy
to All Signed. You must sign the scripts and distribute the appropriate certificates before you collect
WCI data.
n
RemoteSigned: A verifiable certificate must sign any PowerShell script that you download from the
Internet using a supported browser such as Internet Explorer. Script files that are not required to be
signed are scripts that you create locally or scripts that you download using a method that does not
support flagging the file source. For un-signed scripts, you must set the execution policy to the most
restrictive level of Remote Signed. You can set the policy directly by using a Group Policy Object (GPO)
with a VCM remote command. You can use a registry change action or enforceable compliance. For
example:
HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
"ExecutionPolicy"="RemoteSigned"
n
Unrestricted: All PowerShell script files run regardless of whether they are signed by a verifiable
certificate.
n
Restricted: You can use PowerShell interactively or to run commands directly from the command line.
This setting is the default.
References on PowerShell and Script Signing
For information about Windows PowerShell and script signing policies, see the Microsoft Web site.
Create an Example PowerShell Script for Scheduled Tasks
Use a custom PowerShell script to collect Windows Custom Information (WCI) data from VCM managed
Windows machines. With this example, you can learn how to use PowerShell scripts to collect WCI data
for scheduled tasks.
Windows provides the schtasks.exe utility to report on scheduled tasks that you create in the Task
Scheduler user interface or by using the AT command. The schtasks.exe utility enables you to manage
scheduled tasks on a local or remote computer and to report on the scheduled tasks.
vCenter Configuration Manager Installation and Getting Started Guide
98 VMware, Inc.