Lockdown is a new feature for VMware ESXi 4.x. It adds security by restricting access to your ESXi hosts to either the root user on the local console or from a vCenter management server. With Lockdown enabled, the vSphere client cannot be used to connect directly to the host, local and remote troubleshooting are disabled and existing direct vSphere client connections are dropped but existing local or remote troubleshooting sessions are not.
If you enable Lockdown Mode from the console, local accounts have their permissions/roles removed. However, this doesn’t happen if you enable it from vCenter.
Existing console logins are retained, but only the root account can initiate a new log in. Troubleshooting modes are disabled, but current logins are maintained.
If you enable lockdown from vCenter, local user accounts and permissions are retained (after you disable Lockdown). If you enable Lockdown from the local console, local users are retained but permissions are removed. If you enable and disable from the vCenter console, the status is updated correctly in the console, but if you enable/disable from the console vCenter doesn’t get updated.
Use Lockdown mode to enhance security.
Manage Lockdown mode from vCenter console.
Check my follow up post about local and remote troubleshooting with local users other than root.