Random VI Hardening Tip – Automating MOTD Updates

This post started out as a bit of nonsense. A bit of an exploration into what could be done via the API using PowerShell. What better place to start I thought than the MOTD. Who doesn’t love the way VMware greets you… sometimes repeatedly in the same session with it.

Then, I got to thinking… (and I really should stop that, thinking that is… bad things happen). What if one had, I dunno, 20-30 Virtual Centers? and on each vCenter server they needed to set a localized MOTD? Other than being annoying, what would that look like, and better yet, how would you do it?

Step One – Exploring the API

This was actually the easy part, as most of the VMware API (at least the vCenter 2.5 API) is published on the web, and is quite searchable. So after a quick search for “Message”, I was brought to “UpdateServiceMessage”. Which from its description, does just what we need:

Updates the system global message. If not blank, the message is immediately displayed to currently logged-on users. When set, the message is shown by new clients upon logging in.

It requires some special permissions, if you don’t already have them.

Step Two – Setting a Test MOTD

Here is where things got a bit more complex. After all, there is no cmdlet for this, so what do we do? we do a few things… take a look:

$serviceInstance = get-view serviceinstance
$sessionManager = get-view $serviceInstance.Content.SessionManager

It should be noted here, that I was already connected to a vCenter server. Looking over what I did, In the first line, we get a “view” of the ServiceInstance object. From there, we get a view of the Content.SessionManager object. In the next line we check the current message… in our case nothing. Finally, we use the Update method to change our message.


Cool no? Well, lets make it better.

Step Three – Propagation!

Well, it was either that section header or something with a bit more innuendo, but this is a family show, don’t cha know. This time through, I’ll give you the example script first, and then spell some of it out for you:

$creds = Get-VICredentialStoreItem -file "c:\credentials"

ForEach ($vCenter in $creds.Host){
    Connect-VIServer -Server $vCenter -User $_.User -Password $_.Password
    $serviceInstance = get-view serviceinstance
    $sessionManager = get-view $serviceInstance.Content.SessionManager
    if ($sessionManager.Message -ne "") {
        Write-Host "Current Message: $sessionManager.Message \nSkipping $vCenter"

Now here you’ll have to forgive me and use a bit of imagination, as I’m not 114% certain that my loop condition or ‘continue’ block actually function as advertised, but after looking it over, you should get the concept enough to be able to set your own up.

Now a bit about what goes on. In the first line we set get our credential store from the drive and store its contents in $creds (we looked at credential stores here). We then process each vCenter in that file, using much the same code as we did in “Step Two” above, the major difference being the “if” statement, basically we’re telling the script to skip a host if it already has a MOTD set. Finally, we update the message.

You can get more creative with it, but alas, that will remain an exercise to the end user.

6 thoughts on “Random VI Hardening Tip – Automating MOTD Updates

Comments are closed.