Lab 14 - Exploring Properties of Access Control
Video Activity
Lab 14. Exploring Properties of Access Control This lesson discusses access control and allows participants to see what happens when you try to log into an ESXi host with an unprivileged account. Participants see this is not allowed, which is a good sign because it means a system has good security features. Participants in this lesson learn step by...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
Lab 14. Exploring Properties of Access Control This lesson discusses access control and allows participants to see what happens when you try to log into an ESXi host with an unprivileged account. Participants see this is not allowed, which is a good sign because it means a system has good security features. Participants in this lesson learn step by step instructions on how to add a user and give them user privileges in this lab-based class.
Video Transcription
00:04
hello and welcome to lab number 14.
00:07
And this lab will be exploring some of the properties of access control. So one of the things we can do is
00:15
see what happens when you log into
00:18
your E S X I host with a non privileged account.
00:22
So far, in all these videos, I've been logging in
00:25
as route.
00:29
So let's
00:30
open up our client
00:32
and the log in directly to the host 100
00:37
and I've created a new account called Student
00:49
Student is just a regular user.
00:52
Let's see what happens here,
00:55
and then we get a message. I do not have permission to log into the server.
00:59
So that's good, right? That's that means you've got some built in security features,
01:03
preventing a regular user from getting logged unless they've been granted permission.
01:08
Now, if I'm intentionally typing a bad password, we can see that we'll get another message,
01:14
and this message is basically going to tell us that the user name or the password is incorrect,
01:19
and that's an important
01:22
thing to think about. We don't want to just have a message that says that the passwords incorrect is that could tell someone they use your name is actually valid.
01:30
In either case, we can't log in with this account. So
01:34
we need to do
01:36
is give
01:38
access to this user.
01:40
Okay, So in order to give access to the user, we need to
01:44
log directly into the host
01:47
along in his roots.
01:53
And what we're going to do now is
02:00
select our host.
02:01
We have the permissions tab.
02:07
This shows all the permissions currently on this host. We have V P X user,
02:13
which is used
02:14
for the privileges of running the demons that communicate with VP with the View Center.
02:21
There's another one for the
02:23
direct counsel user interface of D C. U I.
02:25
And then we have root
02:28
and a group that gets created by default. TSX advance.
02:31
So we're just going to right click in this space. Or you could right click on the host itself
02:38
toe apparition.
02:44
Then we have to click the add button
02:49
and my server.
02:50
I need to make sure I pick the correct server. The domain I'm in his vm where?
02:54
So these are all my
02:58
my accounts
03:02
and what I want to do is add the student to come,
03:07
so click the add button gets added down here.
03:09
Theme. Our domain student account.
03:12
Click. Okay.
03:13
And we're just gonna leave. This has read only
03:15
also, it could be sent to administrator.
03:19
Or
03:21
you can drill down into all of these
03:23
categories of controls.
03:29
For instance, you could, you know, set on account up. That can only disable alarms.
03:36
Or maybe it's a
03:38
A group that can only create switches.
03:42
You could use this permission.
03:46
In this case, we're just gonna stick with read only.
03:50
Okay, Now you can see that that rolls created
03:53
so I should be able to log into my host now is to read only user.
04:02
So logging in a student this time around.
04:10
Now this log in succeeds. That means that the host is getting the authentication information from the active directory controller
04:17
getting messages about the expiration of the license and
04:21
the fact that this hose is managed by V Center. I've just been acknowledging those.
04:27
Okay, so now I'm logged in as student,
04:30
and we can tell that a log in a student if you notice in the lower right corner,
04:34
that tells you what your log in name is.
04:39
And I've got 53 days in my license and evaluation mode.
04:43
Life is good.
04:45
All right, So now what is freed? Only mon really mean.
04:47
So if I go to one of my V ems and right click, I get my usual menus.
04:53
I got the power menu. Everything is great out.
04:57
Unless it's a read only function. I can't do it.
05:01
I can run the snapshot manager, okay,
05:04
but can't do much else.
05:05
So this is a good log in permission to give to somebody who needs to maybe do an inventory type activities, but
05:13
doesn't actually need to do administrative tasks.
05:15
All right, so the last thing for us to do is go look at the TSX.
05:20
Add men's group
05:23
so we'll go to home,
05:26
Could rolls.
05:28
And we can see we've got our administrator role.
05:30
So when you create administrators in the future, just add them to the CSX Avon's group
05:36
Just make things easier.
05:39
Otherwise, these three rules that are ready here are ready administrators.
05:44
And we have our read only role, which was student.
05:46
And as far as no access, no, those air currently defined.
05:49
Okay, so that wraps up lab number 14
05:53
and land over 15. We will be further exploring
05:57
access controlled by making some settings changes regarding user permissions.
06:02
Thank you. See little next lab
Up Next
Similar Content
