VCENTER-000027 - The system must set a timeout for all thick-client logins without activity.


An inactivity timeout must be set for the vSphere Client (Thick Client). This client-side setting can be changed by users, so this must be set by default and re-audited. Automatic session termination minimizes risk and reduces the potential for unauthorized access to vCenter.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


On each Windows computer with the vSphere Client installed:
Set a 15 minute (maximum) timeout in the VpxClient.exe.config file:
Locate the VpxClient.exe.config file using the Windows OS search facility. Next, right click on VpxClient.exe.config and edit the file using an editor, such as Notepad. In the <cmdlineFallback>... </cmdlineFallback> section, modify the <inactivityTimeout>X</inactivityTimeout> where X is the (maximum=15) number of minutes before the vSphere Client will automatically disconnect from the server. Exit, saving the file.

Set a 15 minute (maximum) timeout execution flag when starting the vSphere Client executable:
Locate the vSphere Client executable icon on the desktop, right click, and select properties. Add '-inactivityTimeout X', where X is the (maximum=15) number of minutes before the vSphere Client will automatically disconnect from the server.

See Also

Item Details


References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-39563, Rule-ID|SV-250744r799922_rule, STIG-ID|VCENTER-000027, STIG-Legacy|SV-51421, STIG-Legacy|V-39563, Vuln-ID|V-250744

Plugin: VMware

Control ID: 368c85176ffde33941e57cc14e6dec5e53a91136b32f64f42af28056330b1c22