hello and welcome to lab number 14.
And this lab will be exploring some of the properties of access control. So one of the things we can do is
see what happens when you log into
your E S X I host with a non privileged account.
So far, in all these videos, I've been logging in
and the log in directly to the host 100
and I've created a new account called Student
Student is just a regular user.
Let's see what happens here,
and then we get a message. I do not have permission to log into the server.
So that's good, right? That's that means you've got some built in security features,
preventing a regular user from getting logged unless they've been granted permission.
Now, if I'm intentionally typing a bad password, we can see that we'll get another message,
and this message is basically going to tell us that the user name or the password is incorrect,
and that's an important
thing to think about. We don't want to just have a message that says that the passwords incorrect is that could tell someone they use your name is actually valid.
In either case, we can't log in with this account. So
access to this user.
Okay, So in order to give access to the user, we need to
log directly into the host
And what we're going to do now is
We have the permissions tab.
This shows all the permissions currently on this host. We have V P X user,
for the privileges of running the demons that communicate with VP with the View Center.
There's another one for the
direct counsel user interface of D C. U I.
And then we have root
and a group that gets created by default. TSX advance.
So we're just going to right click in this space. Or you could right click on the host itself
Then we have to click the add button
I need to make sure I pick the correct server. The domain I'm in his vm where?
and what I want to do is add the student to come,
so click the add button gets added down here.
Theme. Our domain student account.
And we're just gonna leave. This has read only
also, it could be sent to administrator.
you can drill down into all of these
categories of controls.
For instance, you could, you know, set on account up. That can only disable alarms.
A group that can only create switches.
You could use this permission.
In this case, we're just gonna stick with read only.
Okay, Now you can see that that rolls created
so I should be able to log into my host now is to read only user.
So logging in a student this time around.
Now this log in succeeds. That means that the host is getting the authentication information from the active directory controller
getting messages about the expiration of the license and
the fact that this hose is managed by V Center. I've just been acknowledging those.
Okay, so now I'm logged in as student,
and we can tell that a log in a student if you notice in the lower right corner,
that tells you what your log in name is.
And I've got 53 days in my license and evaluation mode.
All right, So now what is freed? Only mon really mean.
So if I go to one of my V ems and right click, I get my usual menus.
I got the power menu. Everything is great out.
Unless it's a read only function. I can't do it.
I can run the snapshot manager, okay,
but can't do much else.
So this is a good log in permission to give to somebody who needs to maybe do an inventory type activities, but
doesn't actually need to do administrative tasks.
All right, so the last thing for us to do is go look at the TSX.
so we'll go to home,
And we can see we've got our administrator role.
So when you create administrators in the future, just add them to the CSX Avon's group
Just make things easier.
Otherwise, these three rules that are ready here are ready administrators.
And we have our read only role, which was student.
And as far as no access, no, those air currently defined.
Okay, so that wraps up lab number 14
and land over 15. We will be further exploring
access controlled by making some settings changes regarding user permissions.
Thank you. See little next lab