?
Solved

Add a windows security group to the VMWare vSphere Administrors Role

Posted on 2011-05-04
15
Medium Priority
?
908 Views
Last Modified: 2012-05-11
How do I Add a windows security group to the VMWare vSphere Administrors Role. So I can give a user full Admin access of vSphere without giving them domain admin access as well?
0
Comment
Question by:mattolan
  • 8
  • 6
15 Comments
 
LVL 124
ID: 35694488
0
 
LVL 124
ID: 35694495
also Page 213 of the Administrator Manual Chapter 18 has a complete chapter on roles, groups and users

http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf
0
 
LVL 124
ID: 35694501
Yes, you can give them full access to vSphere without being a Domain Admin.

You could Add a Global Security Active Directory Group called vSphere Admins to the Administrator Role in vCenter.

and then add users into the vSphere Admins group, and they would be a vSphere Administrator, but not a Domain Admin.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 2

Author Comment

by:mattolan
ID: 35694529
yes, that is what I am trying to do, but I don't know how to add the windows security group I created into the vSphere Administrator Group
0
 
LVL 124
ID: 35694552
1 Select an object and click the Permissions tab.

2 Right-click the Permissions tab and select Add Permission.

3 Select a role from the Assigned Role drop-down menu. (Administrator in you case)

This menu displays all the roles that are assigned to the object. When the role appears, the privileges contained in the role are listed in the section below the role title for reference purposes.

4 (Optional) Deselect the Propagate to Child Objects check box.

If you deselect this check box, the role is applied only to the selected object, and does not propagate to the child objects.

5 Click Add to open the Select Users or Groups dialog box.

6 Identify the user or group to assign to this role.

a Select the domain where the user or group is located from the Domain drop-down menu.

b Type a name in the Search box or select a name from the Name list.

c Click Add.

The name is added to either the Users or Groups list.

d Repeat Step 6a through Step 6c to add additional users or groups.

e Click OK when finished.

7 Verify the users and groups are assigned to the appropriate permissions, and click OK.

8 To finish the task, click OK.

The server adds the permission to the list of permissions for the object.

The list of permissions references all users and groups that have roles assigned to the object, and indicates where in the vCenter Server hierarchy the role is assigned.
0
 
LVL 2

Author Comment

by:mattolan
ID: 35694568
This works if I want to go through Every object in my vSphere set up individually, but how do I add my group as a member to the existing vmware Adminstrators group so it has access to everything by default?
0
 
LVL 124
ID: 35694580
Are you selecting the Datacentre Object?
0
 
LVL 2

Author Comment

by:mattolan
ID: 35694587
If I select the Datacentre object I see the Administrators group but can't edit it.
0
 
LVL 124
ID: 35694588
Edit the Administrators Group and add your Secrity Group in there.
0
 
LVL 2

Author Comment

by:mattolan
ID: 35694594
Sounds simple but I can't seem to figure that part out.
0
 
LVL 124
ID: 35694627
Select Hosts & Cluster, add your security group under administrator role
0
 
LVL 2

Author Comment

by:mattolan
ID: 35694629
yes, That works. but is there no way to add my group to the default vmware adminsitrators group that is already assigned to everything?
0
 
LVL 124
ID: 35694710
Click on the Admin button and go to the Roles tab.

Edit the Administrator Role.

Add your AD Security Group in the Left Hand Panel.

The AD Security Group you've added will be granted Administrator role throughout, as Administrator has been defined as default throughout the tree.
0
 
LVL 28

Accepted Solution

by:
bgoering earned 1000 total points
ID: 35694719
Probably the simplest way to do this is to create your active directory security group, add your users to it, then include the active directory group in the Local Administrators group on your vCenter server.

That will give those users administrative access to vCenter and the hosts that it manages, as well as administrative access to the vCenter server, but no domain admin access.

This route does not require you to mess with roles or permissions in vCenter at all.

Hope this helps
0
 
LVL 2

Author Closing Comment

by:mattolan
ID: 35697951
worked perfectly
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question