VM : disable-unexposed-features-autologon

Information

Disable certain unexposed features.

Some VMX parameters don't apply on vSphere because VMware virtual machines work on both vSphere and hosted virtualization platforms such as Workstation and Fusion. Explicitly disabling these features reduces the potential for vulnerabilities because it reduces the number of ways in which a guest can affect the host.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-60E83710-8295-41A2-9C9D-83DEBB6872C2.html

Solution

# Add the setting to all VMs -
Get-VM | New-AdvancedSetting -Name "isolation.tools.ghi.autologon.disable" -value $true

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-14a.

Plugin: VMware

Control ID: c362c17cbcc7590737fceaa672a5f451a1671a55142f090740e7817e012dd29c