Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, as well as the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.


Turn off the virtual machine.


  1. Log in to a vCenter Server system using the vSphere Client and select the virtual machine.
  2. On the Summary tab, click Edit Settings.
  3. Select Options > Advanced > General and click Configuration Parameters.
  4. Add or edit the following parameters.
    Name Value
    isolation.device.connectable.disable true
    isolation.device.edit.disable true
    These options override any settings made in the guest operating system's VMware Tools control panel.
  5. Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine Properties dialog box.
  6. (Optional) If you made changes to the configuration parameters, restart the virtual machine.