Setting up accounts for use with Nessus Scans on ESXi


Recently had a request to add a non-root/out of the box root user for some Nessus scans recently. For ESXi hosts it’s a process of creating a localuser and running the contents of the below in a Powershell Script.


$esx_hosts = Get-VMHost | where {$_.ConnectionState -ne “NotResponding”}

foreach ($esx_host in $esx_hosts) {

Write-Host $esx_host -ForegroundColor Green

$esxcli = Get-EsxCli -VMhost $esx_host -V2

$arguments1 = $esxcli.system.account.add.CreateArgs()

$ = ‘<INSERT “USERNAME” Here>’

$arguments1.password = ‘<INSERT 20 Char Password Here>’

$arguments1.passwordconfirmation = ‘<INSERT 20 Char Password Here>’

$arguments1.description = ‘Tenable user’


$arguments2 = $esxcli.system.permission.set.CreateArgs()

$ = ‘<Username>’

$arguments2.role = ‘Admin’




Virtual Apps (VCSA, VROPS, VRLIA etc)


Log in as root user and run these from the console.


useradd <Username>

mkdir /home/<Username>

chown tenable /home/<username>

usermod -G root,wheel <username>

passwd tenable ‘<INSERT 20 Char Password Here>’