Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, as well as the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.
Turn off the virtual machine.
- Log in to a vCenter Server system using the vSphere Client and select the virtual machine.
- On the Summary tab, click Edit Settings.
- Select Configuration Parameters. and click
- Add or edit the following parameters.
Name Value isolation.device.connectable.disable true isolation.device.edit.disable trueThese options override any settings made in the guest operating system's VMware Tools control panel.
- Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine Properties dialog box.
- (Optional) If you made changes to the configuration parameters, restart the virtual machine.