Users and processes without root or administrator privileges within virtual machines can connect or disconnect devices, such as network adapters and CD-ROM drives, and can modify device settings. To increase virtual machine security, remove these devices.
You can prevent virtual machine users in the guest OS, and processes running in the guest OS, from making any changes to the devices by changing the virtual machine advanced settings.
Turn off the virtual machine.
- Browse to the virtual machine in the vSphere Client inventory.
- Right-click the virtual machine and click Edit Settings.
- Select VM Options.
- Click Advanced and click Edit Configuration.
- Verify that the following values are in the Name and Value columns, or add them.
Name Value isolation.device.connectable.disable true isolation.device.edit.disable trueThese settings do not affect a vSphere administrator's ability to connect or disconnect the devices attached to the virtual machine.
- Click OK to close the Configuration Parameters dialog box, and click OK again.