Month: November 2015

Stop Brute Force Cold: How to Rename the Local Administrator via GPO | Lazy Admin Blog

Posted on November 21, 2015 Updated on March 23, 2026

The “Administrator” account is a universal target. Because every Windows machine has one by default, hackers already have 50% of the login equation—the username. By renaming this built-in account across your entire Active Directory domain, you significantly lower the risk of automated brute-force attacks.

Best of all? You don’t have to touch a single workstation. We can do this globally using Group Policy Preferences (GPP).

Step 1: Create or Edit your GPO

Open the Group Policy Management console (gpmc.msc).
Create a new GPO (e.g., “Security – Rename Local Admin”) or edit an existing one linked to your target Workstations or Servers OU.
Right-click the GPO and select Edit.

Step 2: Configure the Local User Preference

Navigate to the following path within the editor: Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups

Right-click Local Users and Groups and select New > Local User.
Configure the following settings in the dialog box:
- Action: Select Update.
- User name: Select Administrator (built-in) from the dropdown. (Using the built-in identifier ensures the rename works even if the account was previously renamed).
- Rename to: Enter your new, non-obvious username (e.g., SrvManager_Admin).
- Full name: Enter a descriptive name.
- Password: You can optionally reset the password here, though using LAPS (Local Administrator Password Solution) is recommended for password management.

Step 3: Deployment & Verification

By default, Group Policy refreshes every 90 minutes. If you want to see the change immediately on a specific client, run the following command in an elevated prompt:

DOS

gpupdate /force

Is it working?

If the name hasn’t changed, use the GPResult tool to see if the policy is being applied to the computer object:

DOS

gpresult /r

Troubleshooting Tips:

OU Check: Ensure the Computer object is actually inside the OU where the GPO is linked.
Security Filtering: Verify that Authenticated Users or Domain Computers have “Read” and “Apply Group Policy” permissions in the GPO’s Delegation tab.
Replication: If some sites see the change and others don’t, check your Domain Controller replication status.

Why this is a “Lazy Admin” Win

Instead of using scripts or manual intervention, GPO Preferences handle the logic for you. If you ever need to change the name again, you update one field in the GPO, and the entire domain follows suit.

This entry was posted in Active Directory, Windows and tagged Active Directory, CyberSecurity, GPO, GPP, Group Policy, IT Security Audit, Local Administrator, security, SysAdmin Tips, Windows Server.

Forgot Your ESXi Root Password? Reset It Without Reinstalling (vCenter Hack) | Lazy Admin Blog

Posted on November 21, 2015 Updated on March 23, 2026

We’ve all been there. You go to log into the DCUI or SSH into a host only to find the root password doesn’t work, and nobody documented the change.

According to VMware’s official stance, the only “supported” way to recover is a complete wipe and reinstall. But if your host is still managed by vCenter and you have Enterprise Plus licensing, there is a “lazy” (and highly effective) way out using Host Profiles.

How it works

When a host is added to vCenter, a special user called vpxa is created with full root privileges. We can use this existing “backdoor” to push a new configuration to the host, effectively overwriting the lost root password.

Step-by-Step Recovery

1. Extract the Profile

Right-click the “locked” host in the vSphere Web Client. Navigate to All vCenter Actions > Host Profiles > Extract Host Profile. Follow the wizard to create a template of that specific host’s configuration.

2. Edit the Security Settings

Go to Home > Host Profiles (under Management). Right-click your new profile and select Edit.

Expand Security and Services.
Expand Security Settings.
Click on Security Configuration.
In the dropdown, select: “Configure a fixed administrator password”.
Enter and confirm your new root password.

3. Attach and Remediate

Go back to Hosts and Clusters, right-click the host, and select Host Profiles > Attach Host Profile. Select the one you just edited.
Maintenance Mode: You must put the host into Maintenance Mode.
Remediate: Right-click the host again, select Host Profiles > Remediate. If you skip Maintenance Mode, vSphere will block the operation.

4. Finish

Once the remediation task completes, the host will reboot. Your new root password is now active!

Important Limitations

Licensing: This requires Enterprise Plus. Standard or Essentials kits do not include Host Profiles.
Connectivity: The host must be currently “Connected” in vCenter. If the management agent has crashed or the host is “Not Responding,” this method will not work.

The “Lazy Admin” Verdict

Reinstalling an ESXi host means reconfiguring networking, storage, and scratch partitions. Using a Host Profile takes about 10 minutes and keeps your uptime (and sanity) intact.

This entry was posted in VMware and tagged Disaster Recovery, Enterprise Plus, ESXi, Host Profiles, Password Reset, SysAdmin Hacks, vcenter, Virtualization, VMware, vSphere 5.x.

The Clean Exit: How to Safely Remove Storage Devices from ESXi | Lazy Admin Blog

Posted on November 21, 2015 Updated on March 23, 2026

In the world of storage, “unpresenting” a LUN is more than just a right-click. If you don’t follow the proper decommissioning workflow, ESXi will keep trying to talk to a ghost device, leading to host instability and long boot times.

Follow this definitive checklist and procedure to ensure your environment stays clean and APD-free.

The “Safe-to-Remove” Checklist

Before you even touch the unmount button, verify these 7 critical points:

Evacuate Data: Move or unregister all VMs, snapshots, templates, and ISO images from the datastore.
HA Heartbeats: Ensure the datastore is NOT being used for vSphere HA heartbeats.
No Clusters: Remove the datastore from any Datastore Clusters or Storage DRS management.
Coredump: Confirm the LUN isn’t configured as a diagnostic coredump partition.
SIOC: Disable Storage I/O Control (SIOC) for the datastore.
RDMs: If the LUN is an Raw Device Mapping, remove the RDM from the VM settings (select “Delete from disk” to kill the mapping file).
Scratch Location: Ensure the host isn’t using this LUN for its persistent scratch partition.

Pro Tip: Check Scratch Location via PowerCLI

Use this script to verify your scratch config across a cluster:

$cluster = "YourClusterName"
foreach ($esx in Get-Cluster $cluster | Get-VMHost) {
    Get-VMHostAdvancedConfiguration -VMHost $esx -Name "ScratchConfig.ConfiguredScratchLocation"
}

Step 1: Identify your NAA ID

You need the unique Network Address Authority (NAA) ID to ensure you are pulling the right plug.

Via GUI: Check the Properties window of the datastore.
Via CLI: Run esxcli storage vmfs extent list

Step 2: The Unmount & Detach Workflow

1. Unmount the File System

In the Configuration tab > Storage, right-click the datastore and select Unmount. If you are doing this for multiple hosts, use the Datastores view (Ctrl+Shift+D) to unmount from the entire cluster at once.

2. Detach the Device (The Most Important Step)

Unmounting removes the “logical” access, but Detaching tells the kernel to stop looking for the “physical” device.

Switch to the Devices view.
Right-click the NAA ID and select Detach.
The state should now show as Unmounted.

Note: Detaching is a per-host operation. You must perform this on every host that has visibility to the LUN to avoid APD states.

Step 3: Cleanup the SAN & Host

Once the state is “Unmounted” across all hosts, you can safely unmap/unpresent the LUN from your SAN array.

Permanent Decommissioning

To prevent “ghost” entries from appearing in your detached list, run these commands on the host:

List detached devices: esxcli storage core device detached list
Remove the configuration permanently: esxcli storage core device detached remove -d <NAA_ID>

This entry was posted in VMware and tagged Datastore, ESXi, LUN, PowerCLI, SAN, Storage, StorageManagement, SysAdmin, Troubleshooting, VMware, vSphere.

Standard Windows Monitoring Threshold Parameters | Lazy Admin Blog

Posted on November 21, 2015 Updated on March 23, 2026

Monitoring thresholds are often dictated by the Service Level Agreement (SLA) or Statement of Work (SoW) signed with your client. However, if you are setting up a new environment or looking for baseline recommendations, these industry standards are a great place to start.

The Performance Monitoring Matrix

Below are the typical thresholds used for enterprise Windows environments. These are designed to minimize “alert fatigue” while ensuring you have enough time to react before a service failure occurs.

Metric	Polling Interval	Warning (Yellow)	High/Critical (Orange)	Alert/Emergency (Red)
CPU Utilization	5 Minutes	> 80% for 3 polls	> 90% for 2 polls	> 95% for 2 polls
Memory (Available MBytes)	5 Minutes	< 100 MB	< 50 MB	< 20 MB
Memory (Pages/sec)	5 Minutes	> 500	> 1000	> 5000
Disk Free Space (%)	15 Minutes	< 15%	< 10%	< 5%
Disk Queue Length	5 Minutes	> 2 per spindle	> 5 per spindle	> 10 per spindle
Network Utilization	5 Minutes	> 60%	> 80%	> 90%
Service Status	1 Minute	N/A	Stopped (Manual)	Stopped (Automatic)

Understanding “Remedy on Demand” (RoD) Integration

In many enterprise environments, these thresholds are tied directly to an ITSM tool like Remedy on Demand (RoD).

Warning levels usually trigger an email notification or a low-priority ticket.
Alert levels generate a high-priority incident in RoD, often triggering an automated page to the on-call engineer.

Key Considerations for Polling Intervals

Short Intervals (1-2 mins): Great for critical services, but increases the load on the monitoring server and the target agent.
Long Intervals (15-30 mins): Ideal for Disk Space or non-critical capacity trends.
The “3-Poll Rule”: To avoid alerts caused by temporary spikes (bursty CPU usage), set your monitoring tool to only trigger a ticket if the threshold is exceeded for 3 consecutive polling intervals.

A Sample Template:

This entry was posted in Windows and tagged Baseline Monitoring, CPU Monitoring, Disk Space Alert, ITSM, Performance Counters, Remedy on Demand, SLA, SysAdmin Tools, Threshold Parameters, Windows Monitoring.

The Master List: VMware vCenter Release & Build Number History (Updated 2026) | Lazy Admin Blog

Posted on November 4, 2015 Updated on March 23, 2026

Version tracking is the backbone of lifecycle management. Whether you are patching against the latest security vulnerability or verifying compatibility for a backup agent, you need the exact build number.

Below is the comprehensive history of vCenter Server, from the cutting-edge vSphere 9.0 down to the legacy VirtualCenter 2.5.

vCenter Server 9.0 Build Numbers (Latest)

vSphere 9.0 represents the latest shift toward AI-integrated infrastructure and cloud-native operations.

Name	Version	Release Date	Build Number
vCenter Server 9.0.2.0	9.0.2	01/20/2026	25148086
vCenter Server 9.0.1.0	9.0.1	09/29/2025	24957454
vCenter Server 9.0 GA	9.0.0	06/17/2025	24755230

vCenter Server 8.0 Build Numbers

The 8.0 Update 3 branch is the current stable “workhorse” for most enterprise environments.

Name	Version	Release Date	Build Number
vCenter Server 8.0 Update 3i	8.0.3.00800	02/24/2026	25197330
vCenter Server 8.0 Update 3h	8.0.3.00700	12/15/2025	25092719
vCenter Server 8.0 Update 3g	8.0.3.00600	07/29/2025	24853646
vCenter Server 8.0 Update 3e	8.0.3.00500	04/11/2025	24674346
vCenter Server 8.0 Update 3	8.0.3.00000	06/25/2024	24022515
vCenter Server 8.0 Update 2	8.0.2.00000	09/21/2023	22385739
vCenter Server 8.0 Update 1	8.0.1.00000	04/18/2023	21560480
vCenter Server 8.0 GA	8.0.0.10000	10/11/2022	20519528

vCenter Server 7.0 Build Numbers

Note: vCenter for Windows was officially removed starting with version 7.0.

Name	Version	Release Date	Build Number
vCenter Server 7.0 Update 3w	7.0.3.02500	09/29/2025	24927011
vCenter Server 7.0 Update 3l	7.0.3.01400	03/30/2023	21477706
vCenter Server 7.0 Update 2	7.0.2.00000	03/09/2021	17694817
vCenter Server 7.0 GA	7.0.0.10100	04/02/2020	15952498

Legacy vCenter Server Build Numbers (vSphere 4.0 – 6.7)

Name	Version	Release Date	Build Number
vCenter Server 6.7 Update 3w	6.7.0.58000	10/28/2024	24337536
vCenter Server 6.5 Update 3w	6.5.0.43000	07/04/2024	24045034
vCenter Server 6.0 Update 1	6.0 U1	09/10/2015	3018524
vCenter Server 5.5 Update 3	5.5 U3	09/16/2015	3000241
vCenter Server 5.1 Update 3	5.1 U3	12/04/2014	2306353
vCenter Server 5.0 GA	5.0 GA	08/24/2011	456005
vCenter Server 4.1 GA	4.1 GA	07/13/2010	259021
vCenter Server 4.0 GA	4.0 GA	05/21/2009	162856
VirtualCenter 2.5.0 GA	2.5.0	12/10/2007	64192

Quick Tips for the Lazy Admin

Check via VAMI: For 6.7 and newer, go to https://<vcenter-ip>:5480. The version and build are right on the login screen.
Compatibility: Before upgrading vCenter, check the VMware Interoperability Matrix. Just because vCenter 9.0 is out doesn’t mean your older ESXi 6.7 hosts can talk to it!
VCSA Migration: If you are still on version 6.5 or 6.7, your next step is a migration to the Appliance (VCSA). There is no “in-place” upgrade for Windows-based vCenter to 7.0+.

#VMware #vSphere9 #vCenter #SysAdmin #Virtualization #Datacenter #LazyAdmin #BuildNumbers #ITOps #PatchManagement

This entry was posted in VMware and tagged Build Numbers, IT Infrastructure, Patching, SysAdmin Reference, vcenter, VCSA, Virtualization, VMware, vSphere 8, vSphere 9.