OK, so every environment has “That Guy”… if you don’t know what I’m on about, take a look at what floated past on Twitter this evening from @vSeanClark:
RT @techmute: Some people really make me wish vSphere had the option "take a snapshot when this guy logs in as an admin" <- startup idea?
Well… if anyone has some venture capital or Angel funds… I’m your guy. Why? Well with vSphere Alarms and PowerCLI, one can indeed snapshot a VM when a specific user pulls a remote console, here’s how:
Setup the Alarm:
At the vCenter level (after all… “that guy” is sneaky) create an alarm like so: 
Under conditions you’ll setup the user you wish to… protect against: 
With the following actions:
- Send a notification email
- Run a command: C:\WINDOWS\system32\cmd.exe“ “/c echo .|powershell.exe -nologo -noprofile -noninteractive C:\Scripts\OMG-ThatGuy.ps1”
Like so: 
* A few notes here: The “Run a command” is all one really long line…
Next the script:
If you copy/paste it from here you’ll want to make sure that everything after Get-VM is on a single line.
# OMG-ThatGuy.ps1
# ProfessionalVMware.com
# Add the snapin:
add-pssnapin VMware.VimAutomation.Core
#Take the snapshot!
Connect-VIServer -Server localhost -User something -Password something
$vmId = "VirtualMachine-" + $env:VMWARE_ALARM_TARGET_ID
Get-VM -Id $vmId | New-Snapshot -Name ((Get-Date).ToShortDateString())
The first bit adds the PowerCLI snapin, the second gets the VM that triggered the alarm and creates a snapshot with today’s date. Save this in c:\scripts, or another location of your choosing, and we’re ready to go!
In action:
So I’m not really sure where this script would be all that practical in real use. It is however an example of the power of both PowerCLI and vSphere. Here’s a screenshot of this working, btw:
Sources:
What good would this post be if I didn’t link back to all the random places I found the info on how to do this on:
- The PS Snapin & Command Line way to launch a script:
- VMware’s PowerCLI and Alarms (Pay attention to the environment variables):
- Accessing said environment variables:
- Manipulating the Get-Date cmdlet:
- My old post on alarms:
- The actual bit that got this working:
Another “preventative” sysadmin idea is to have a “Lock” on a VM so you cannot delete or accidentally start a VM. That way turbo clicking won’t lead to a restore and lack of forethought won’t lead to duplicate IP/name found on the network.
how can can set a trigger to email me when backups of vm’s are complete?
What are you using for backups. It “Should” have it’s own mechanisim for
alerting.