Using Powershell to work with vRealize Automation work items

I’m going to show how to use Powershell to access a vRealize Automation (vRA) work item and use the work item data to add the machine requestor to the local admins group of the provisioned machine.

This script is for demonstration purposes only and not intended for production use. Please do not call VMware GSS with questions relating to this post as they will not be able to assist.

Work Item

A vRA work item is pushed down to a machine during provisioning and contains a lot of info that we can use. The info is stored in an XML filed located at c:\VRMGuestAgent\site\workitem.xml. Here is what this file looks like:


We can use Powershell go parse the XML and print the above in an easier to read format.

 [xml] $workitem = gc “c:\VRMGuestAgent\site\workitem.xml”
$item = $workitem.GetElementsByTagName(“workitem”)


Now that we know how we can access this data, let’s build a vRA Software Component that will execute during machine provisioning.

Software Component

The Software Component is pretty basic. Give it a name and set the Container dropdown to Machine.


There are no Properties for this example:


Set the Script Type to powershell:


Here are the contents of the script where we perform the following steps:

1. Parse the XML and store the results in $workitem
2. Actually get the workitem item.
4. Query the childnodes for a node (vRA Property) for an item named Lab.AddRequestorToAdmins. We will add this property to our blueprint later.
6. If the above value exist and is set to true:
7. Set $owner to the value of the Virtualmachine.Admin.Owner property
8. Add $owner to the local admins group
11. Echo $owner to a file for logging purposes


Here is the code if you need to easily copy:

[xml] $workitem = gc “c:\VRMGuestAgent\site\workitem.xml”
$item = $workitem.GetElementsByTagName(“workitem”)

$addUserToLocalAdmins = $ | ? { $ -eq “lab.addrequestortoadmins” }

if ($addUserToLocalAdmins -and $addUserToLocalAdmins.value -eq ‘true’) {
$owner = $ | ? { $ -eq “virtualmachine.admin.owner” } | select -expandproperty value
net localgroup administrators $owner /add

echo $owner > c:\owner.txt


We need to add the property Lab.AddRequestorToAdmins and set it to true on the blueprint.


Now when you provision a machine you’ll see that your account is in the local admins group. I was logged in as the cloudadmin user in this example:






Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s