Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, as well as the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.

Turn off the virtual machine.

1

Log in to a vCenter Server system using the vSphere Client and select the virtual machine.

2

On the Summary tab, click Edit Settings.

3

Select Options > Advanced > General and click Configuration Parameters.

4

Add or edit the following parameters.

Name

Value

isolation.device.connectable.disable

true

isolation.device.edit.disable

true

These options override any settings made in the guest operating system's VMware Tools control panel.

5

Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine Properties dialog box.

6

(Optional) If you made changes to the configuration parameters, restart the virtual machine.