Press "Enter" to skip to content

VM Hardening

Similar pages:
ESXi – Hardening
– VM Hardening
vCenter Hardening
In-Guest Hardening

Explicitly disable copy operations.

Get-VM | Get-AdvancedSetting isolation.tools.copy.disable

Explicitly disable paste operations.

Get-VM | Get-AdvancedSetting isolation.tools.paste.disable

Disable virtual disk shrinking.

Get-VM | Get-AdvancedSetting isolation.tools.diskShrink.disable

Disable virtual disk wiping.

Get-VM | Get-AdvancedSetting isolation.tools.diskWiper.disable

Disable 3D features if not needed.

Get-VM | Get-AdvancedSetting mks.enable3d | Format-Table Entity, Value

Limit the number of console connections.

Get-VM | Get-AdvancedSetting RemoteDisplay.maxConnections | Format-Table Entity, Value

Limit informational messages from the VM to the VMX file.

Get-VM | Get-AdvancedSetting tools.setInfo.sizeLimit

Limit the number of retained VM diagnostic logs.

Get-VM | Get-AdvancedSetting log.keepOld | Format-Table Entity, Value

Limit the size of VM diagnostic logs.

Get-VM | Get-AdvancedSetting log.rotateSize | Format-Table Entity, Value

Limit PCI/PCIe passthrough functionality.

Get-VM | Get-AdvancedSetting -Name "pciPassthru*.present" | Select Entity, Name, Value

Do not send host information to guests.

Get-VM | Get-AdvancedSetting tools.guestlib.enableHostInfo

Check for enablement of salted VMs that are sharing memory pages

Get-VM | Get-AdvancedSetting sched.mem.pshare.salt

Control access to VMs through the dvfilter network APIs

Get-VM | Get-AdvancedSetting -Name  "ethernet*.filter*.name*" | Select Entity, Name, Value

Encrypt VMs during vMotion.

Lock the VM guest session when the remote console is disconnected.

Get-VM | Get-AdvancedSetting tools.guest.desktop.autolock | Format-Table Entity, Value

Sources and useful links

https://bit.ly/vcf-scg

Was this page helpful?