voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e808a91fc5e45423727b4e6e7c1ed7d30f1e4b82
PowerCLI-Example-Scripts/Modules/apply-hardening/apply-hardening.psm1
Kevin Kirkpatrick e808a91fc5 Added folders for all .psm1 Files in /Modules 
Signed-off-by: Kevin Kirkpatrick <kevin@vmotioned.com>
2017-04-24 12:07:25 -04:00

93 lines
2.7 KiB
PowerShell
Raw Blame History

function Apply-Hardening {
<#
.NOTES
===========================================================================
Created by: Markus Kraus
Twitter: @VMarkus_K
Private Blog: mycloudrevolution.com
===========================================================================
Changelog:
2016.11 ver 2.0 Base Release
===========================================================================
External Code Sources:
===========================================================================
Tested Against Environment:
vSphere Version: 5.5 U2
PowerCLI Version: PowerCLI 6.3 R1, PowerCLI 6.5 R1
PowerShell Version: 4.0, 5.0
OS Version: Windows 8.1, Server 2012 R2
Keyword: VM, Hardening, Security
===========================================================================
.DESCRIPTION
Applys a set of Hardening options to your VMs
.Example
Get-VM TST* | Apply-Hardening
.Example
$SampleVMs = Get-VM "TST*"
Apply-Hardening -VMs $SampleVMs
.PARAMETER VMs
Specify the VMs
#Requires PS -Version 4.0
#Requires -Modules VMware.VimAutomation.Core, @{ModuleName="VMware.VimAutomation.Core";ModuleVersion="6.3.0.0"}
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$true,
ValueFromPipeline=$True,
Position=0)]
[VMware.VimAutomation.ViCore.Impl.V1.Inventory.InventoryItemImpl[]]
$VMs
)
Process {
#region: Create Options
$ExtraOptions = @{
"isolation.tools.diskShrink.disable"="true";
"isolation.tools.diskWiper.disable"="true";
"isolation.tools.copy.disable"="true";
"isolation.tools.paste.disable"="true";
"isolation.tools.dnd.disable"="true";
"isolation.tools.setGUIOptions.enable"="false";
"log.keepOld"="10";
"log.rotateSize"="100000"
"RemoteDisplay.maxConnections"="2";
"RemoteDisplay.vnc.enabled"="false";
}
if ($DebugPreference -eq "Inquire") {
Write-Output "VM Hardening Options:"
$ExtraOptions | Format-Table -AutoSize
}
$VMConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
Foreach ($Option in $ExtraOptions.GetEnumerator()) {
$OptionValue = New-Object VMware.Vim.optionvalue
$OptionValue.Key = $Option.Key
$OptionValue.Value = $Option.Value
$VMConfigSpec.extraconfig += $OptionValue
}
#endregion
#region: Apply Options
ForEach ($VM in $VMs){
$VMv = Get-VM $VM | Get-View
$state = $VMv.Summary.Runtime.PowerState
Write-Output "...Starting Reconfiguring VM: $VM "
$TaskConf = ($VMv).ReconfigVM_Task($VMConfigSpec)
if ($state -eq "poweredOn") {
Write-Output "...Migrating VM: $VM "
$TaskMig = $VMv.MigrateVM_Task($null, $_.Runtime.Host, 'highPriority', $null)
}
}
}
#endregion
}
Reference in New Issue View Git Blame Copy Permalink