Sometimes it is worth while having another account on the compute host; whether it is for monitoring or another external process that needs to authenticate.
For example, in my last two positions, we used this so that the root account wasn’t exposed to the monitoring application itself yet we were able to do everything required to fully check the health of our infrastructure.
If you care: I am a huge fan of LogicMonitor as I haven’t found anything nearly as nice to get up and running quickly while giving me more data points than I would ever need.
This script uses a CSV file as the base of hosts to connect to and will then prompt you for your credentials (the root account). The CSV file needs a header line, in this case I use the word Hostname.
Caveat: You will still need to log into each host directly (again, the root account) and give permission to login as vSphere 5.1 and above no longer uses groups to give access and there isn’t an option in the PowerCLI cmdlets to do this.
Aside: you could do this by tying the compute notes via Active Directory and then just adding the permissions via an A/D group, though you would still need to touch each host to get the initial set up done.
CSV example:
Hostname 192.168.32.107 192.168.32.108 192.168.42.109 192.168.42.136
And the short script:
# change $userName to the name you wish to use
#change $password to be the password
$userName = "monitor"
$password = "that-passw0rd"
Import-Csv "C:\temp\vmhosts.csv" | %{
Connect-VIServer -server $_.Hostname -Credential (Get-Credential)
New-VMHostAccount -Id $userName -Password $password -Description "Monitor User" -Server $_.Hostname
Disconnect-VIServer -Confirm:$false
}
and there you have it!