In vSphere 8.x environments, ESXi host password policies can be centrally managed using vSphere Configuration Profiles. This approach allows administrators to apply consistent settings across all hosts within a cluster. This article describes how to use vSphere Configuration Profiles to batch modify ESXi host password policies.

VMware vCenter Server 8.x

VMware vSphere ESXi 8.x

Steps to configure ESXi password policies：

1. For instructions on enabling vSphere Configuration Profiles, refer to: Using vSphere Configuration Profiles in VMware vSphere 8 Update 3 with baseline-managed clusters
   Note:
   
   • Once vSphere Configuration Profiles are enabled on a cluster, the operation cannot be undone. This change is permanent.
   • Host Profiles cannot be used once this feature is enabled.
   • Before 8.0U3, the feature is only available when the cluster is an image-managed cluster.
   • This feature is available with Enterprise Plus license.
2. Log in to the vCenter web client.
3. Navigate to Cluster > Configure > Desired State > Configuration > Draft.
4. In the left pane, select Security > Settings.
5. Click CONFIGURE SETTINGS.
6. Configure the parameters:
   • account_unlock_time
     Number of consecutive failed login attempts before an account is locked.
   • password_quality_control
     Time in seconds before a locked account is automatically unlocked.
   • password_quality_control
     Defines password complexity and strength requirements based on pam_passwdqc rules.
   • password_history
     Number of previous passwords that cannot be reused.
   • password_max_days
     Maximum number of days a password is valid before expiration.
   • ssh_session_limit
     Maximum number of concurrent SSH sessions allowed on an ESXi host.
   • default_shell_access
     Determines whether ESXi Shell access is enabled by default.
7. Click Save to store the configuration.
8. Click Apply Changes.
9. After the Pre-check task completes, click NEXT.
10. Click REMEDIATE to apply the configuration to all ESXi hosts in the cluster.