How to replace root user with different user name with same privileges


There are always two important things in credentials one is the user name and other is password. In ESX world root is default user name. So every knows at least one part of it. It is standard security concern raised by IT Risk. Let’s de-Risk it.

In Windows world it is standard practice rename administrator account and add other user in administrators group. That is exact method we are going to do. Create a user esx-admin and assign it same group as root and then delete root user.

Do not delete root user

So here are how to steps

  1. Login to esxi host directly using vi client
  2. Go to users & group as shown below
  3. image
  4. Create new user. In my case I took esx-admin name
  5. image
  6. Only fill up Login name, password and leave User name and UID blank which are optional. User name here is description that is it. Do not get confused with windows user creation style
  7. Add localadmin and root group  under group membership and Press ok
  8. At this point you can access console i.e. DCUI using esx-admin user credentials but you cannot access vCenter
  9. To get it working, go provide at the root of esx host administrator permission to esx-admin
  10. image 
  11. Last and important step, stop using Root user for doing any administration purpose for 1 month and then safely delete root user.
  12. Last and important step, stop using Root user for doing any administration purpose and use it only when VMsupport or other emergency case only.Do not delete it
  13. Store root credentials at some safe place.
Advertisements

6 comments on “How to replace root user with different user name with same privileges

  1. Do not, ever, ever, ever x million delete the root user account.

    Just leave it there, change the password to something super secure and store that in a secure, break-glass vault (well, software version of one).

    A bazillion things expect root to be there, including VMware support. If you delete the root user then have problems, you are likely to be pilloried in public. http://en.wikipedia.org/wiki/Pillory

    You have been warned!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s