ESXi Ruleset & Firewall Correlation

Working with VMware is usually a breeze. Unfortunately, this time I ran into an issue while setting up a new Host Profile, specifically the Ruleset Configuration for the Firewall, during the configuration for a DISA STIG. Almost all of the rules match a Firewall named rule but there are Firewall rules that do not have corresponding Ruleset names. I looked through VMware documentation, Reddit, and of course Google. I was unable to find any information where the two were together. So…I decided I would take on the task myself and of course share this with everyone.

VMware does provide an Incoming and Outgoing Firewall Ports for ESXi Hosts article ( but the service is only listed, not the corresponding Ruleset Configuration name. This is what the following table will help fill-in.

ESXi Ruleset & Firewall Correlation Table
  • Default – The service is enabled upon initial install
  • Survive Reboot – The service will be enabled after rebooting the host
  • Ruleset Name – Host Profile > Security and Services > Firewall Configuration > Firewall Configuration > Ruleset Configuration
  • Ruleset Order – This is the order the rules are presented in the Host Profile
  • Firewall Name – The name from Configure > System > Security Profile > Firewall menu
  • In-Ord – This is the order of the incoming rules in the UI
  • In – These are the ingress TCP/UDP ports
  • Out-Ord – This is the order of the outgoing rules in the UI
  • Out – These are the egress TCP/UDP ports

How to Dot Source a PowerShell Script

So I wrote a script the other day in PowerShell ISE and it worked fine. But when I wanted to use the function in a standard PowerShell window, I was perplexed. It is actually a really easy thing to take care of.

In the case of my server, I wrote a PowerShell function and stored it in my Documents folder. So when opening a new PowerShell window, all I had to do was run the following command:

PS C:\Users\<username>\Documents> . .\New-Function.ps1

This made all of the functions written in the script available for use during my current session. For me and this case, I am OK with only running the script when needed.

Change the Canonical Name (CN) of an Active Directory User

One of the most annoying things for me (and I assume many other Systems Administrators) is going into an organization and querying users to find all variations of name formats. Some are ‘first name last name’, ‘last name, first name’, or some other variation. It’s almost like an archeological dig where you can see periods of time that there was one format and then later on another format came along.

What’s frustrating is knowing how easy it is to change the format and that it doesn’t happen. It’s fine if the organization wants to change the format, but if that’s the case, then be sure to change the information already contained to match. There is nothing wrong with periodically running a “cleanup” script over Active Directory to make everything uniform. The great thing about Active Directory is that it is a database, it already contains the information. The DisplayName property and the cn are display properties, they can be changed whenever without affecting the user object. Also, running a script like the one below can clean up and make Active Directory uniform in a matter of seconds, if not less.

	# Where the users are located that you want to change
	$exerciseUsersOU = 'OU=USERS,OU=TEMPORARY,DC=aaronrombaut,DC=com'
	# An array of the users (adjust Properties as needed)
	$exerciseUsers = Get-ADUser -Filter * -SearchBase $exerciseUsersOU -Properties Title, GivenName, Surname
	# Loop through all the users
	foreach ($exerciseUser in $exerciseUsers)
		$title = $exerciseUser.Title
		$firstName = $exerciseUser.GivenName
		$lastName = $exerciseUser.Surname
		# The following line will adjust the DisplayName
		Set-ADUser -Identity $exerciseUser -DisplayName "$lastName, $firstName, $title"
		# The following line will adjust the cn
		Rename-ADObject -Identity $exerciseUser -NewName "$lastName, $firstName"

The following images show a before and after but are only a representation of what you can rename from and to. Your organization may use different naming standards. Either way, when standards change, be sure to adjust the objects already present. This will be much more professional and organized.

Before renaming the User
After renaming the User