Information
By default, each ESXi host has a single 'root' admin account that is used for local administration and to connect the host to vCenter Server. Use of this shared account should be limited, and named (non-root) user accounts with admin privileges should be used instead.
Rationale:
To avoid sharing a common root account, it is recommended on each host to create at least one named user account and assign it full admin privileges, and to use this account in lieu of a shared 'root' account. Limit the use of 'root', including setting a highly complex password for the account, but do not remove the 'root' account.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To create one or more named user accounts (local ESXi user accounts), perform the following using the vSphere client (not the vSphere web client) for each ESXi host:
Connect directly to the ESXi host using the vSphere Client.
Login as root.
Select Manage, then select the Security & Users tab.
Select User and view the local users.
Add a local user and grant shell access to this user.
Select the Host, then select 'Actions' and 'Permissions'.
Assign the 'Administrator' role to the user.
Notes:
Even if you add your ESXi host to an Active Directory domain, it is still recommended to add at least one local user account to ensure admins can still login in the event the host ever becomes isolated and unable to access Active Directory.
Adding local user accounts can be automated using Host Profiles.