Hi,
Every now and then this question pops up.
First off it is impossible to completely hide the fact when a user has complete access to the virtual machine. There's too many ways in which you can detect this.
For example:
- An ancient chipset used with a modern processor (an impossible combination in the physical world)
- All of the hardware is virtualized, so checking any of the hardware ID's will reveal this
- The MAC address of the NIC is in the VMware range
- one can use timing attacks in order to determine the code runs virtual
OTOH if this is just to get past the "but virtualisation is slow" mind set then it might be enough to just hide the toolbox from the traybar icon which you can do by editing the registry key “HKEY_CURRENT_USER\Software\VMware, Inc.\VMware Tools” and set the ShowTray value equal to 0
--
Wil
I don't think that is even remotely possible as you would then need "false" drivers for all supported operating systems as well. You do want your virtual machine to be able to run not? 
If I'm not mistaken you can now assign MAC addresses which are no longer restricted to the VMWare range in the latest ESX 3.5 version.
But even if that was possible to mask then it still is possible to detect that code runs in a virtual machine, there are simply too many clues.
For example there's a backdoor channel that VMware uses in order to communicate for vmware tools with the host. Yes you can disable that, but then your vmware tools will be disabled and you are probably hurting your users more as by leaving it in.
In order to do so, add this line to your vmx file:
monitor_control.restrict_backdoor = "TRUE"
I was just saying that you cannot hide this for advanced computer users as they might try something as simple as install vmware workstation in your VM... (which by default is restricted)
--
Wil
