There is no problem with the tools. The issue is that, any normal windows user with the basic rights woh just has the login rights on to server can open the Vmware tools console and can disconnect the device like network card or IDE controller connected to the Virtual machine.

See the attached screenshot.

Hello,

Moved to Security and Compliance forum

I would open this up as a bug with your VMware Support SPecialist. In the meantime you will need to disable the showing of the tray and set the permissions on the VMware Tools applications to deny access if you are not an administrator. Or use an application firewall, etc.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

Hi,

I have already disable the showing of the tray icon by seting up the registry value but not sure about how to set the permission on the Vmware tools application to restrict user access.Do you have any idea about how we can do this.

Also do inform me if you get any reply from Vmware regarding this issue.

Regards,

Sumit Gupta

Vmware Certified Professional

Hello,

You should open a support case. I can not do that on your behalf.

CHange the permissions of the application within the guest OS. Deny non-administrators from starting the toolbox and anything else vmware related. There is nothing you can do from the virtual hardware, it is a guest OS issue regarding permissions.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

Hi,

You didn't say which OS you are using (well OK windows) so here is a possible workaround with general notes (should work on any windows machine, but detaisl might be slightly different)

If you open services under Control Panel -> administrative tools and browse to the "VMware Tools Service", select properties and look for tab page "Log On"

You'll see the user the service runs under and you can change that down there.

However, there's also an option "interact with desktop" and unchecking that will normally disable all UI interactions for the service.

Haven't tried it here, but it should work.

As always, make backups before changing this.

--

Wil

Message was edited by: wila, PS: You might have to restart the service (or the machine) in order to see the changes take effect.

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva