Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1100
  • Last Modified:

Locked out of Virtual Machine?

I tried googling but didn't find anything.

Basically, someone assisgned the Read-Only role to the users group in our virtual machines and locked everybody out.

As you know, the most restrictive permissions take presedence in VM.

Any ideas how I can override this?
0
snyderkv
Asked:
snyderkv
  • 8
  • 5
  • 2
  • +2
4 Solutions
 
chkdsk01Commented:
You might want to try logging into the host server as root user and changing permissions.
0
 
TiMMay333Commented:
im assuming that your using AD to authenticate (vcenter or in esx 4.1) why dont you create a dummy user in active directory thats only in the administrators group and not in users, this will get rid of the problem for your most restrictive permissions issue.

its worth a shot
0
 
snyderkvAuthor Commented:
Ok I will try

Yes using AD permissions not local permissions.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
snyderkvAuthor Commented:
I created another user without any users in the membership inheritence.

Still had the same problem.

Am I doing something wrong?
0
 
bgoeringCommented:
Can you connect your vSphere client directly to the host ESX server and log in as the root user?
0
 
TiMMay333Commented:
try this:

if this is virtual center (vCenter) then try to authenticate to it using a local user that is part of the local administrators group only, like in the image
memberships.png
0
 
chkdsk01Commented:
Like I mentioned in the very first post. Can you connect to the host as root?
0
 
snyderkvAuthor Commented:
Yup it's VCenter but that did not work.

I created test user and added it to the local administrators group only. No luck

I even tried creating an AD user and removed domain users and added a groups with rights within that VMachine but not with any "users" membership. Still no luck.

Any other ideas? What about this?
http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
0
 
snyderkvAuthor Commented:
Chk
Yes I can connect to the ESX server as host (not the vcenter because it's running server 2003)
I login as root which has administrator role.
I can perform all actions.

Like I asked though. Is this a workaround or is their something I can do once I'm in? We use VCenter for administration so I can't ask everybody to start logging into individual servers to access certain machines. That defeats the purpose of VCenter.

Any ideas?  What about this link? http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
Only problem is I don't know how to access the vpxd.cfg file after shutting it down or where in the config file I need to edit.
0
 
Paul SolovyovskySenior IT AdvisorCommented:
On the vCenter server make sure the account is the local admin and give it a try.

If you don't have custom settings in vCenter you could just uninstall and re-install, add the hosts back in and recreate cluster and permissions correctly.  Should take less then an hour.
0
 
snyderkvAuthor Commented:
Chk,
How do I change active directory permissions via loggin in as root?
It only allows me to change local accounuts like root exc.
0
 
chkdsk01Commented:
Snyderkv, my apologies.  I didn't quite understand the problem.  Here is a VMware KB article stating how to change the permissions back by modifying the SQL Table.  It's nearly the same process as in the link you provided.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005680 
0
 
snyderkvAuthor Commented:
Ok sweet now were talkin

I'll get back
0
 
chkdsk01Commented:
Also, the vpxd.cfg file is located at the following path on the vCenter server.
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter
As to where to insert the security line, I'm not sure
0
 
snyderkvAuthor Commented:
looks like I'm going to have to dig deeper for the vpxd.cfg fix. I don't have the sql management studio on the Vcenter. I tried installing workstation components but it said it was already installed.

 
0
 
bgoeringCommented:
You can install management stiudio and connect to the database on the vcenter server
0
 
chkdsk01Commented:
sql management studio should be installed on the SQL server.  OR is the database installed local on vCenter?
The vpxd file is at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\vpxd.cfg.
You'll need to stop at least the VirtualCenter Server service before modifying it.  Like I said above, I'm not really sure where to edit it. I don't think it makes a difference.  Just make a copy of the file as a backup, just in case.
0
 
snyderkvAuthor Commented:
Ah ok I had to install the SqlRun_Tools.msi in order to install the management studio.

The document was easy to follow after that.

Thanks

0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 8
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now