Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, as well as the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.


Turn off the virtual machine.


  1. Find the virtual machine in the vSphere Web Client inventory.
    1. To find a virtual machine, select a datacenter, folder, cluster, resource pool, or host.
    2. Click the Related Objects tab and click Virtual Machines.
  2. Right-click the virtual machine and click Edit Settings.
  3. Select VM Options > Advanced and click Edit Configuration.
  4. Verify that the following values are in the Name and Value columns, or click Add Row to add them.







    These options override any settings made in the guest operating system's VMware Tools control panel.

  5. Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine Properties dialog box.