Yes Greg and I have looked over all the documentation and guidelines for VMWare patching. The list of privileges needed are not complete. Digging through the net for other threads and trial and error, we have come up with the minimal list need to patch a VMware 5.5 template in a cluster environment:
Global Licenses Manage licenses
Datastore Browse datastore Browse a datastore
Resource Assign virtual machine to resource pool Assign a virtual machine to a resource pool
VirtualMachine.Interact Answer question Answer a virtual machine run-time question
VirtualMachine.Interact Console interaction Interact with the virtual machine console
VirtualMachine.Interact Guest operating system management by VIX API Perform management operations within the guest operating system via the VIX API
VirtualMachine.Interact Device connection Connect/disconnect media and network devices
VirtualMachine.Interact Power On Power On or resume a virtual machine
VirtualMachine.Interact Power Off Power Off a virtual machine
VirtualMachine.GuestOperations Guest Operation Queries Queries in a virtual machine guest operating system
VirtualMachine.GuestOperations Guest Operation Modifications Modifications in a virtual machine guest operating system
VirtualMachine.GuestOperations Guest Operation Program Execution Running processes in a virtual machine guest operating system
VirtualMachine.State Create snapshot Create a snapshot
VirtualMachine.State Remove Snapshot Remove a snapshot
VirtualMachine.Provisioning Allow disk access Allow random access to disk files through a separate NFC connection
VirtualMachine.Provisioning Mark as template Mark a virtual machine as a template
VirtualMachine.Provisioning Mark as virtual machine Mark a template as a virtual machine
Does this mean you were able to scan and patch the template after granting the account these rights? If yes, I will give this information to our QA department where they will validate the information. Once validated, we can update our guides.
1 of 1 people found this helpful
Yes I was able to patch a VMWare version 10 template of Windows 2012 r2 on a VMware 5.5 host in a HA cluster environment with the privileges below. The only one that my be in question is "VirtualMachine.Interact.Answer question" All other privileges were required or it failed.
Also The patching server needs TCP/UDP port 902 open to the VMhost storing the template along with 443 to the WMware vSphere server. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012382
VMWare 5.5 Privileges need to patch a windows template"
Resource.Assign virtual machine to resource pool
VirtualMachine.Interact.Guest operating system management by VIX API
VirtualMachine.GuestOperations.Guest Operation Queries
VirtualMachine.GuestOperations.Guest Operation Modifications
VirtualMachine.GuestOperations.Guest Operation Program Execution
VirtualMachine.Provisioning.Allow disk access
VirtualMachine.Provisioning.Mark as template
VirtualMachine.Provisioning.Mark as virtual machine
James Madison University
Thank you for the confirmation and also for gathering this information. IWe update our documentation once our QA department has time to confirm this.
I'm sure this information will be beneficial to other customers searching this site for similar information in the meantime!