Installation of Power-CLI for CIS-CAT Pro Assessment of VMWareESXI target.

By Chris Boldiston
3 min

Product Name

CIS-CAT Pro Assessor v4

Product Version

v4.0.20+

Date

Aug 13, 2020

 

Problem

How do I install the required modules to assess an ESXi target with CIS-CAT Assessor v4?

Check to see if the required modules are already installed on the CIS-CAT Assessor Host system. In this example they are not installed;

PS C:\Windows\system32> Get-Module -ListAvailable -Name VMware.PowerCLI | Select Version, Name | ConvertTo-Csv -NoTypeInformation PS C:\Windows\system32> PS C:\Windows\system32> Get-Module -ListAvailable -Name VMware.* | Select Version, Name | ConvertTo-Csv -NoTypeInformation PS C:\Windows\system32>

 

Install the PowerCLI module. Note in this example installation fails. If there is not a failure proceed to the last step in this document.

PS C:\Windows\system32> Install-Module -Name VMware.PowerCLI NuGet provider is required to continue PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or 'C:\Users\bob\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now? [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21 + ...     $null = PackageManagement\Install-PackageProvider -Name $script:N ... +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + CategoryInfo          : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception     + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider -------SNIP

 

Please check this page for information on updating the Security Protocol which is the cause of the above failure to install PowerCLI. Some sample commands and output are provided below from a CIS test system.

Check of current security protocols;
PS C:\Windows\system32> [Net.ServicePointManager]::SecurityProtocol Ssl3, Tls PS C:\Windows\system32>

 

As per the link above, for this test system we ran this command to update the security protocols;
PS C:\Windows\system32> Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

 

Restart PowerShell

 

List the updated security protocols;
PS C:\Windows\system32> [Net.ServicePointManager]::SecurityProtocol Tls, Tls11, Tls12 PS C:\Windows\system32>

 

Install the PowerCLI module
PS C:\Windows\system32> Install-Module -Name VMware.PowerCLI NuGet provider is required to continue PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or 'C:\Users\bob\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now? [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y Untrusted repository You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'? [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): Y PS C:\Windows\system32>

 

Check to make sure we have PowerCLI and VMware.VimAutomation.Core installed;

PS C:\Windows\system32> Get-Module -ListAvailable -Name VMware*     Directory: C:\Program Files\WindowsPowerShell\Modules ModuleType Version    Name                                ExportedCommands --------- -------    ----                                ---------------- Script     12.0.0.... VMware.CloudServices                {Connect-Vcs, Get-VcsOrganizationRole, Get-VcsService, Get-VcsServiceRole...} Script     7.0.0.1... VMware.DeployAutomation             {Add-DeployRule, Add-ProxyServer, Add-ScriptBundle, Copy-DeployRule...} Script     7.0.0.1... VMware.ImageBuilder                 {Add-EsxSoftwareDepot, Add-EsxSoftwarePackage, Compare-EsxImageProfile, Export-EsxImageProfile...} Manifest   12.0.0.... VMware.PowerCLI Script     7.0.0.1... VMware.Vim Script     12.0.0.... VMware.VimAutomation.Cis.Core       {Connect-CisServer, Disconnect-CisServer, Get-CisService} Script     12.0.0.... VMware.VimAutomation.Cloud          {Add-CIDatastore, Connect-CIServer, Disconnect-CIServer, Get-Catalog...} Script     12.0.0.... VMware.VimAutomation.Common         {Get-Task, New-OAuthSecurityContext, Stop-Task, Wait-Task} Script     12.0.0.... VMware.VimAutomation.Core           {Add-PassthroughDevice, Add-VirtualSwitchPhysicalNetworkAdapter, Add-VMHost, Add-VMHostNtpServer...} Script     12.0.0.... VMware.VimAutomation.Hcx            {Connect-HCXServer, Disconnect-HCXServer, Get-HCXAppliance, Get-HCXComputeProfile...} Script     7.12.0.... VMware.VimAutomation.HorizonView    {Connect-HVServer, Disconnect-HVServer} Script     12.0.0.... VMware.VimAutomation.License        Get-LicenseDataManager Script     12.0.0.... VMware.VimAutomation.Nsxt           {Connect-NsxtServer, Disconnect-NsxtServer, Get-NsxtPolicyService, Get-NsxtService} Script     12.0.0.... VMware.VimAutomation.Sdk            Get-ErrorReport Script     12.0.0.... VMware.VimAutomation.Security       {Add-AttestationServiceInfo, Add-KeyProviderServiceInfo, Add-TrustAuthorityKeyProviderServer, Add-TrustAuthor... Script     11.5.0.... VMware.VimAutomation.Srm            {Connect-SrmServer, Disconnect-SrmServer} Script     12.0.0.... VMware.VimAutomation.Storage        {Add-EntityDefaultKeyProvider, Add-KeyManagementServer, Add-VsanFileServiceOvf, Add-VsanObjectToRepairQueue...} Script     1.3.0.0    VMware.VimAutomation.StorageUtility Update-VmfsDatastore Script     12.0.0.... VMware.VimAutomation.Vds            {Add-VDSwitchPhysicalNetworkAdapter, Add-VDSwitchVMHost, Export-VDPortGroup, Export-VDSwitch...} Script     12.0.0.... VMware.VimAutomation.Vmc            {Add-VmcSddcHost, Connect-Vmc, Disconnect-Vmc, Get-AwsAccount...} Script     12.0.0.... VMware.VimAutomation.vROps          {Connect-OMServer, Disconnect-OMServer, Get-OMAlert, Get-OMAlertDefinition...} Script     12.0.0.... VMware.VimAutomation.WorkloadMan... {Get-WMNamespace, Get-WMNamespacePermission, Get-WMNamespaceStoragePolicy, New-WMNamespace...} Script     6.5.1.7... VMware.VumAutomation                {Add-EntityBaseline, Copy-Patch, Get-Baseline, Get-Compliance...}

 

Copyright © 2020

Center for Internet Security®

 

Looking for labels? They can now be found in the details panel on the floating action bar.

Related content