Users and processes without root or Administrator privileges within virtual machines can connect or disconnect devices, such as network adapters and CD-ROM drives, and can modify device settings. To increase virtual machine security, remove these devices. If you do not want to remove a device, you can change guest operating system settings to prevent virtual machine users or processes from changing the device status.


Turn off the virtual machine.


  1. Log in to a vCenter Server system using the vSphere Web Client and find the virtual machine.
    1. In the Navigator, select VMs and Templates.
    2. Find the virtual machine in the hierarchy.
  2. Right-click the virtual machine and click Edit Settings.
  3. Select VM Options.
  4. Click Advanced and click Edit Configuration.
  5. Verify that the following values are in the Name and Value columns, or click Add Row to add them.
    Name Value
    isolation.device.connectable.disable true
    isolation.device.edit.disable true
    These options override any settings made in the guest operating system's VMware Tools control panel.
  6. Click OK to close the Configuration Parameters dialog box, and click OK again.