• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 926
  • Last Modified:

Add a windows security group to the VMWare vSphere Administrors Role

How do I Add a windows security group to the VMWare vSphere Administrors Role. So I can give a user full Admin access of vSphere without giving them domain admin access as well?
0
mattolan
Asked:
mattolan
  • 8
  • 6
1 Solution
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
also Page 213 of the Administrator Manual Chapter 18 has a complete chapter on roles, groups and users

http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Yes, you can give them full access to vSphere without being a Domain Admin.

You could Add a Global Security Active Directory Group called vSphere Admins to the Administrator Role in vCenter.

and then add users into the vSphere Admins group, and they would be a vSphere Administrator, but not a Domain Admin.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
mattolanAuthor Commented:
yes, that is what I am trying to do, but I don't know how to add the windows security group I created into the vSphere Administrator Group
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
1 Select an object and click the Permissions tab.

2 Right-click the Permissions tab and select Add Permission.

3 Select a role from the Assigned Role drop-down menu. (Administrator in you case)

This menu displays all the roles that are assigned to the object. When the role appears, the privileges contained in the role are listed in the section below the role title for reference purposes.

4 (Optional) Deselect the Propagate to Child Objects check box.

If you deselect this check box, the role is applied only to the selected object, and does not propagate to the child objects.

5 Click Add to open the Select Users or Groups dialog box.

6 Identify the user or group to assign to this role.

a Select the domain where the user or group is located from the Domain drop-down menu.

b Type a name in the Search box or select a name from the Name list.

c Click Add.

The name is added to either the Users or Groups list.

d Repeat Step 6a through Step 6c to add additional users or groups.

e Click OK when finished.

7 Verify the users and groups are assigned to the appropriate permissions, and click OK.

8 To finish the task, click OK.

The server adds the permission to the list of permissions for the object.

The list of permissions references all users and groups that have roles assigned to the object, and indicates where in the vCenter Server hierarchy the role is assigned.
0
 
mattolanAuthor Commented:
This works if I want to go through Every object in my vSphere set up individually, but how do I add my group as a member to the existing vmware Adminstrators group so it has access to everything by default?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Are you selecting the Datacentre Object?
0
 
mattolanAuthor Commented:
If I select the Datacentre object I see the Administrators group but can't edit it.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Edit the Administrators Group and add your Secrity Group in there.
0
 
mattolanAuthor Commented:
Sounds simple but I can't seem to figure that part out.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Select Hosts & Cluster, add your security group under administrator role
0
 
mattolanAuthor Commented:
yes, That works. but is there no way to add my group to the default vmware adminsitrators group that is already assigned to everything?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Click on the Admin button and go to the Roles tab.

Edit the Administrator Role.

Add your AD Security Group in the Left Hand Panel.

The AD Security Group you've added will be granted Administrator role throughout, as Administrator has been defined as default throughout the tree.
0
 
bgoeringCommented:
Probably the simplest way to do this is to create your active directory security group, add your users to it, then include the active directory group in the Local Administrators group on your vCenter server.

That will give those users administrative access to vCenter and the hosts that it manages, as well as administrative access to the vCenter server, but no domain admin access.

This route does not require you to mess with roles or permissions in vCenter at all.

Hope this helps
0
 
mattolanAuthor Commented:
worked perfectly
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now