I am looking for a way to get a copy of a suspended VMware View desktop via CLI prior to refreshing the image. The scenario is that I have dynamically detected a system as "compromised" and I want to refresh that desktop to get it back to a "good" state. However, before I do so I would like to keep a copy of the image for forensic purposes.
Ideally I would like to retrieve a copy of the memory as well but unfortunately it doesn't appear as though I can clone a running virtual machine.
The next best case would be to suspend or shutdown the VM and clone it however whenever you suspend or shutdown a View managed desktop the system will automatically power it back on unless it is placed in maintenance mode first.
I want to do all of this via a PowerShell script but unfortunately I can't find any information on a cmdlet to put the desktop into maintenance mode. Does anyone know if this is possible?
Alternatively, does anyone have any other suggestions on how to obtain my forensic image through CLI before I refresh the desktop?