Solved

admin role in vcenter

Posted on 2013-11-12
3
365 Views
Last Modified: 2013-11-12
can anyone provide some examples of the kind of issue/risk if an unauthorised user gained access to vcenter with an account with the admin role permissions. I am trying to gauge the potential risk if this ever happened.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 39641044
1. Stop Virtual Machines
2. Delete Virtual Machines
3. Remove ESXi Hosts from vCenter Server.
4. Shutdown ESXi Hosts
5. Reboot ESXi Hosts
6. Potentially Access Console or Hosts
7. Potentially obtain files from VMs
8. Many Risks.....
0
 
LVL 3

Author Comment

by:pma111
ID: 39641047
Any risks from a data security standpoint, i.e. a virtual file server with sensitive payroll xls - can they access that from there?
0
 
LVL 121
ID: 39641185
Yes, an Admin could do the following:-

1. Power off VM.
2. Copy the Virtual Machine Disk to local laptop.
3. Mount the virtual machine disk (VMDK) as a drive letter, overcoming ANY OS Active Directory or Unix Login.
4. Inspect the data.

Easy!

if you wanted to do this secretly, without turning off the VM.

1. Clone the VM, whilst the VM was on.
2. Copy the Virtual Machine CLONE Disk to local laptop.
3. Delete the CLONE VM.
4. 3. Mount the virtual machine disk (VMDK) as a drive letter, overcoming ANY OS Active Directory or Unix Login.
4. Inspect the data.

Easy!

Virtualisation Administrators have more POWER, than your usual Domain Administrators!

Domain Administrators are responsible for Microsoft Active Directory Management (e.g  Domain, usernames and accounts, passwords , group policy).

Virtualisation Administrators are not often Domain Administrators, but they can be!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question