Users and processes without root or administrator privileges within virtual machines can connect or disconnect devices, such as network adapters and CD-ROM drives, and can modify device settings. To increase virtual machine security, remove these devices.

You can prevent virtual machine users in the guest operating system, and processes running in the guest operating system, from making any changes to the devices by changing the virtual machine advanced settings.

Prerequisites

Turn off the virtual machine.

Procedure

  1. Browse to the virtual machine in the vSphere Client inventory.
  2. Right-click the virtual machine and click Edit Settings.
  3. Click the Advanced Parameters tab.
  4. Verify the following parameter, or add it.
    Name Value
    isolation.device.connectable.disable true
    This setting does not affect a vSphere administrator's ability to connect or disconnect the devices attached to the virtual machine.
  5. Click OK.