8.4.5 Disable Autologon

Information

Disable unneeded autologon to reduce the potential for vulnerabilities.

*Rationale*

Some VMX parameters don't apply on vSphere because VMware virtual machines work on
vSphere and hosted virtualization platforms such as Workstation and Fusion. The code
paths for these features are not implemented in ESXi. Explicitly disabling these features
reduces the potential for vulnerabilities because it reduces the number of ways in which a
guest can affect the host. Note that these are referenced for organizations that insist any
documented setting, regardless of whether it is implemented in code or not, must have a
value.

Solution

To implement the recommended configuration state, run the following PowerCLI
command-
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name 'isolation.tools.ghi.autologon.disable' -value
$true

Default Value-The prescribed state is not the default state.

See Also

https://workbench.cisecurity.org/files/145

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-14a.

Plugin: VMware

Control ID: cdc837c3973ae56557306c72715154e0c836398efd65c9dca80d3d41401f4d50