Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, and the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.

Prerequisites

Turn off the virtual machine.

Procedure

  1. Find the virtual machine in the vSphere Web Client inventory.
    1. Select a data center, folder, cluster, resource pool, or host.
    2. Click the Related Objects tab and click Virtual Machines.
  2. Right-click the virtual machine and click Edit Settings.
  3. Select VM Options.
  4. Click Advanced and click Edit Configuration.
  5. Verify that the following values are in the Name and Value columns, or click Add Row to add them.

    Name

    Value

    isolation.device.connectable.disable

    true

    isolation.device.edit.disable

    true

    These options override any settings made in the guest operating system's VMware Tools control panel.

  6. Click OK to close the Configuration Parameters dialog box, and click OK again.