What happens to the status of users already logged into ESXi Shell when a vSphere administrator
enables lockdown mode?
A.
Users remain logged in and can run commands, except to disable lockdown mode.
B.
Users remain logged in and can run commands, including disabling lockdown mode.
C.
Users are immediately logged out of ESXi Shell.
D.
Users are logged out after a timeout specified by the vSphere administrator.
Explanation:
A is correct
Enabling lockdown mode affects which users are authorized to access host services.
Users who were logged in to the ESXi Shell before lockdown mode was enabled remain logged in and can run commands. However, these users cannot disable lockdown mode. No other users, including the root user and users with the Administrator role on the host, can use the ESXi Shell to log in to a host that is in lockdown mode.
http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html
I am able to disable/enable lockdownmode by the accessed user after enabling lockdown mode by vcenter webclient using following commands;
~ # vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled
true
~ # vim-cmd -U dcui vimsvc/auth/lockdown_mode_exit
~ # vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled
false
~ # vim-cmd -U dcui vimsvc/auth/lockdown_mode_enter
~ # vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled
true
So, I think B is the correct answer.
I confirm, at least with 5.0 you can enable/disable, a bug???
however, given that on VMware documentation is not possible, the answer must be the A.