This question is asked a lot. How do I enable lock down mode and what does it do.
To enable lock down mode, there are two options.
- From the DCUI (Direct Console User Interface)
- From within vCenter
My preffered option is through vCenter, it is very easy and you dont need to be in front of the host or have remote console access.
To enable lock down mode through vCenter follow these steps:
- Login to vCenter
- Select the host
- Select the configuration tab
- Select Security Profile under software
- Scroll down to Lockdown mode
- Click Edit
- Tick Enable Lockdown Mode
- Click OK
- Lockdown mode is now enabled
The table below shows what features are enabled and disabled with Lockdown mode (this was taken from Yellow-bricks)
|Access method||Lockdown Disabled Access granted||Lockdown Enabled Access granted|
|Physical Console access with root||Yes||Yes|
|Physical Console access with anyother user||No||No|
|vSphere Client directly to ESXi with root||Yes||No|
|vSphere Client directly to ESXi with anyother user||Yes||Yes|
|PowerCLI / RCLI to ESXi with root||Yes||No|
|PowerCLI / RCLI to ESXi with anyother user||Yes||Yes|
You can watch a video on how to enable Lockdown mode from the VMware KBTV page by clicking here