Question

Mounting Guest tools without admin account from script?

  • 29 May 2020
  • 1 reply
  • 607 views

Hi community, I’m fairly new to interacting with Nutanix for automation and was hoping my VM build task would be a simple process but I’ve hit a wall with the guest tools install.

I’m building a RDS environment where I need as little human interaction as I can get to make administration easier so I’m building my host VM using SCCM. I’ve multiple good reasons for approach but its mainly in support for application deployment via happening at build time.

I’ve tried to install the guest tools manually but I believe they are failing due to the files being copied from a mounted ISO which has some dynamically created certificates involved so this isn’t going to work. I can see the ISO can be mounted using the API calls but every reference I’ve seen looks to need  a username/password passing in the script and I’m not overly keen in hard coding creds into script. Most of what i’ve seen is a few years old so I wondered if there has been any changes to the approach to mounting guest tools?

It is possible it can be done from a limited account?  Is there a way to create a granular user role which would just allow mounting / unmounting of the tools iso so this could be included in the script and lower the risk of stored creds?

Any guidance much appreciated as I’m keen to remove the manual task of jumping on each VM to install the tools each time we build :)


1 reply

Userlevel 4
Badge +4

Hi @davidkwasniak-68146 

This is the excerpt from Prism Central Guide 5.17 (the latest there is)

Local VM accounts with administrative privileges are required.

Unfortunately, you do need to have a local admin account configured on the VMs (maybe by the use of a group policy push from AD?).

And you don’t have to pass credentials in clear text, of course (I’m sure you know it). There are a few methods around with PowerShell of handling credentials that must be passed securely. They still have to be passed, there’s no way around it.

Maybe someone within the community found the list of limited permissions. Or an optimal way to pass those credentials and could share it here. I’d be keen to see myself.

Reply