Released: VMware View 4.0.1
Feb 19th
VMware View 4.0.1 is a maintenance release that adds a small number of features / enhancements:
- Localisation of the View client in a number of languages including French and German.
- Support for vCenter 2.5 Update 6 and ESX 3.5 Update 5
- PCoIP now supports Virtual Printing, a couple of Single Sign-On Providers and International keyboards.
There are a few bug fixes included also. The best thing to do is to head over to the release notes and check them out. Then it’s time to download and update 
.
PowerCLI: Documenting vCenter Permissions (Part 1)
Feb 12th
It’s a nice feeling being asked to do something challenging and new. There I was writing lots of lovely documentation and I was asked if I could document the permissions in vCenter. I said “Ok” without really thinking about it. Do you know how many different privileges there are in vCenter? Quite a few, I realised a few seconds later.
After consulting the PowerCLI cmdlets reference I found out exactly how many there were.
(get-VIPrivilege).count
Only 249. Multiply that by 14 default roles and you get 3486 permissions to document. It’s not quite that bad really. You only need to document permissions that have been assigned so that cuts the number down considerably. Still, there must be an easier way.
I’ve all but hit you over the head with the solution. Let’s take the default “Admin” role as an example. The following shows exactly which permissions it has:
get-VIPrivilege -role Admin
The output isn’t pretty but it gets the job done. Suppose you want the privileges for all roles. To borrow Apple’s catch-phrase, there’s a cmdlet for that.
get-VIRole
This is all well and good but we need to combine these cmdlets, their output and present it in some sort of meaningful way. PowerShell has a number of builtin cmdlets for formatting and / or exporting data. What I wanted was something that didn’t require me to do any extra formatting afterwards and that I can use again. Given the nature of the data we’re trying to extract, one of the best ways of presenting it is in an Excel spreadsheet. For this we could use the export-csv cmdlet but to avoid any extra formatting I decided to experiment with Excel interaction. That is the part that took most of the time and has made the script below such an ungainly beast. Thanks though to the magic of Google and inspiration from one of Alan Renouf’s scripts, I cobbled together the following:
####################################################################
# List-Privileges.ps1 #
# #
# Author: Michael Poore (www.wekabyte.co.uk) #
# Version: 0.1 #
# Date: 12/02/2010 #
# #
# Change History: #
# - 0.1 - First working version #
# #
####################################################################
$vcserver = "myvcserver"
$startrow = 3
$date = get-date -format F
# Connect to VC Server
Connect-VIServer $vcserver
# Get a list of all privileges from the VC Server
$privs = @()
foreach ($priv in Get-VIPrivilege | sort Id)
{
$objecta = "" | select-Object ID,Description
$objecta.ID = $priv.Id
$objecta.Description = $priv.Description
$privs += $objecta
}
# Get a list of all roles from the VC Server and determine which privileges they hold
$roles = @()
foreach ($role in Get-VIRole)
{
$objectb = "" | select-Object Name,System,Description,Privileges
$objectb.Name = $role.Name
$objectb.System = $role.IsSystem
$objectb.Description = $role.Description
$myprivs = @()
$roleprivs = $role.PrivilegeList | Sort
$roleprivs
foreach ($priv in $privs)
{
$myprivs += $roleprivs -contains $priv.ID
}
$objectb.Privileges = $myprivs
$roles += $objectb
}
# Create new Excel object
$Excel = New-Object -Com Excel.Application
$Excel.visible = $True
$Excel = $Excel.Workbooks.Add(1)
$Sheet = $Excel.WorkSheets.Item(1)
# Write Worksheet title
$Sheet.Cells.Item(1,1) = "Roles and Privileges Report for $vcserver - $date"
$Sheet.Cells.Item(1,1).font.bold = $true
$Sheet.Cells.Item(1,1).font.underline = $true
$Sheet.Cells.Item(1,1).font.size = 18
# Write worksheet column headers
$row = $startrow
$Sheet.Cells.Item($row,3) = "ROLE:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$row++
$Sheet.Cells.Item($row,3) = "DESCRIPTION:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$row++
$Sheet.Cells.Item($row,3) = "SYSTEM:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$Sheet.Rows.Item($row).Borders.Item(9).LineStyle = 1
$Sheet.Rows.Item($row).Borders.Item(9).Weight = 4
$row++
$sheet.columns.item(1).columnwidth = 5
$sheet.columns.item(2).columnwidth = 5
$sheet.columns.item(3).columnwidth = 30
$sheet.columns.item(4).columnwidth = 2
foreach ($priv in $privs)
{
$level = [regex]::matches($priv.ID,"\.").count
switch ($level)
{
0 {$col = 1}
1 {$col = 2}
default {$col = 3}
}
$Sheet.Cells.Item($row,$col) = $priv.Description
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
#$Sheet.Cells.Item($row,3).WrapText = $true
$Sheet.Cells.Item($row,4) = " "
$row++
}
$col = 5
foreach ($role in $roles)
{
$row = $startrow
$Sheet.Cells.Item($row,$col).Orientation = 90
$Sheet.Cells.Item($row++,$col) = $role.Name
$Sheet.Cells.Item($row,$col).HorizontalAlignment = 3
$Sheet.Cells.Item($row++,$col) = $role.System
$Sheet.Cells.Item($row,$col).HorizontalAlignment = 5
$Sheet.Cells.Item($row++,$col) = $role.Description
foreach ($priv in $role.Privileges)
{
if ($priv)
{
$Sheet.Cells.Item($row,$col).HorizontalAlignment = 3
$Sheet.Cells.Item($row,$col) = "Yes"
}
$row++
}
$sheet.columns.item($col).columnwidth = 6
$col++
}
Clear
It’s a little slow to run but fairly easy to read the output. These are the default roles in vCenter 4.0.
So that’s part 1. The next step is already underway – tidying the script and adding to it to try and give some indication of which AD users and groups map to which roles.
vSphere Client Silent Install
Feb 11th
I was asked yesterday if I knew how to do a silent installation of the vSphere client. My client wanted to roll out the vSphere client to their Operations team automatically. They had experimented with getting it working and even asked a company about producing a custom MSI for them.
The solution is a little easier than that though. The key thing is using the right file. The VMware-viclient.exe file that can be downloaded from the vCenter server or an ESX / ESXi host is a self-extracting archive and doesn’t pay any attention to the normal parameters and switches that you can try to add to get a silent installation performed.
The right file to use is from the vCenter installation media (zip file or iso). In the “vpx” folder is a VMware-viclient.exe file that is 137Mb in size (the archive file mentioned above is about 114Mb). If you place the file on the root of your C:\ drive then a silent installation (an unattended one at least) can be performed using the following command line:
start /wait C:\VMware-viclient.exe /q /s /w /L1033 /v" /qr"
If you’d like a log file created, use this instead to write a logfile to the user’s temp directory:
start /wait C:\VMware-viclient.exe /q /s /w /L1033 /v" /qr /L*v \"%TEMP%\vmvcc.log\""
PowerShell 2.0 Installation Error
Feb 11th
I was trying to install PowerShell 2.0 and kept getting an error part way through that simply told me that access was denied while installing the Windows Management Framework Core. The installation was then rolled back. I tried a few times, with local and domain administrator accounts but to no avail. The following event was logged each time in the system event log:
After some poking around I found that the local Administrators group did not not have Full Control of the registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost to which it was trying to write.
Just thought I’d share this in case anyone else encountered it.
VI3 Extended Support
Feb 1st
Sorry to keep going on about VI3 but I alluded to the end of General Support in a previous post and thought it might be nice just to expand on it a bit.
VMware explain their support lifecycle policies here and basically the clock started ticking for VI3 support the day that vSphere went GA. VI3 moves into extended support on 21st May 2010. That’s only 4 months away.
So what does Extended Support mean? This is VMware’s definition:
New hardware platforms are no longer supported, new guest OS updates may or may not be applied, and bug fixes are limited to critical issues. Critical bugs are deviations from specified product functionality that cause data corruption, data loss, system crash, or significant customer application down time and there is no work-around that can be implemented.
