Lock VMX file for secure environment, disable Unit...

MinacsITGB · ‎10-05-2011

Fusion 4.0.2

I'm trying to completely segregate my guest OS (win xp sp3) from my main OS (OS X 10.6.8).

I've been playing a little with the VMX file, and i can turn file sharing off, and disable drag and drop and copy/paste...

Until I turn on Unity mode.

I can't find a way to disable unity mode either.

So what I'm trying to do is: lock the VMX file so it can't be edited, and disable unity mode.

I changed permissions on the vmx file, but as soon as I take away write permissions, the VM windows XP won't launch at all.

I appreciate any assistance you can give me!

VMX contents:

.encoding = "UTF-8"

config.version = "8"

virtualHW.version = "8"

memsize = "512"

MemAllowAutoScaleDown = "FALSE"

displayName = "Windows XP Professional"

guestOS = "winxppro"

sound.present = "TRUE"

sound.filename = "-1"

sound.autodetect = "TRUE"

usb.present = "TRUE"

ethernet0.present = "TRUE"

ethernet0.addressType = "generated"

ethernet0.connectionType = "bridged"

ethernet0.startConnected = "TRUE"

ide0:0.present = "TRUE"

ide0:0.autodetect = "TRUE"

ide0:0.filename = "auto detect"

ide0:0.deviceType = "cdrom-raw"

scsi0.present = "TRUE"

scsi0.virtualDev = "buslogic"

scsi0:0.present = "TRUE"

scsi0:0.fileName = "Windows XP Professional.vmdk"

scsi0:0.mode = "independent-nonpersistent"

snapshot.disabled = "TRUE"

snapshot.action = "keep"

mks.enable3d = "TRUE"

vmci0.present = "TRUE"

buslogic.noDriver = "FALSE"

ehci.present = "TRUE"

pciBridge0.present = "TRUE"

tools.upgrade.policy = "upgradeAtPowerCycle"

pciBridge4.present = "TRUE"

pciBridge4.virtualDev = "pcieRootPort"

pciBridge5.present = "TRUE"

pciBridge5.virtualDev = "pcieRootPort"

pciBridge6.present = "TRUE"

pciBridge6.virtualDev = "pcieRootPort"

pciBridge7.present = "TRUE"

pciBridge7.virtualDev = "pcieRootPort"

tools.syncTime = "TRUE"

pciBridge4.functions = "8"

pciBridge5.functions = "8"

pciBridge6.functions = "8"

pciBridge7.functions = "8"

powerType.powerOff = "soft"

powerType.powerOn = "soft"

powerType.suspend = "soft"

powerType.reset = "soft"

serial0.present = "TRUE"

serial0.fileType = "thinprint"

printers.enabled = "TRUE"

extendedConfigFile = "Windows XP Professional.vmxf"

virtualHW.productCompatibility = "hosted"

hpet0.present = "TRUE"

usb.vbluetooth.startConnected = "TRUE"

checkpoint.vmState = ""

ethernet0.generatedAddress = "00:0C:29:11:77:7E"

ethernet0.linkStatePropagation.enable = "TRUE"

vmci0.id = "772896638"

uuid.location = "56 4d 34 9d 5b 86 b3 85-83 a0 87 6f 2e 11 77 7e"

uuid.bios = "56 4d 34 9d 5b 86 b3 85-83 a0 87 6f 2e 11 77 7e"

cleanShutdown = "TRUE"

replay.supported = "FALSE"

gui.lastPoweredViewMode = "windowed"

RemoteDisplay.vnc.enabled = "TRUE"

RemoteDisplay.vnc.key = "HD49Lz8QEz0eLSwrJD0bNT8GDwsnAj0zIj8zJxUuGTUfGC8XGzY4NgQvNicLOw0vHTk9FiYlDzIvFzIaLgotHxUREjc9DiwbMzo7NAw7PigeOig/Ow0mDzgHPSgvNS4rJzcZOjAlNwctID05PR44HTo8DzEQOzMvCSYNLx87Nyw="

unity.wasCapable = "FALSE"

replay.filename = ""

scsi0:0.redo = ""

pciBridge0.pciSlotNumber = "17"

pciBridge4.pciSlotNumber = "21"

pciBridge5.pciSlotNumber = "22"

pciBridge6.pciSlotNumber = "23"

pciBridge7.pciSlotNumber = "24"

scsi0.pciSlotNumber = "16"

usb.pciSlotNumber = "32"

ethernet0.pciSlotNumber = "33"

sound.pciSlotNumber = "34"

ehci.pciSlotNumber = "35"

vmci0.pciSlotNumber = "36"

usb:1.present = "TRUE"

ethernet0.generatedAddressOffset = "0"

vmotion.checkpointFBSize = "134217728"

usb:1.speed = "2"

usb:1.deviceType = "hub"

usb:1.port = "1"

usb:1.parent = "-1"

ethernet0.vnet = "vmnet2"

ethernet0.bsdName = "en0"

ethernet0.displayName = "Ethernet"

gui.viewModeAtPowerOn = "windowed"

serial0.startConnected = "FALSE"

gui.exitOnCLIHLT = "TRUE"

isolation.tools.dnd.disable = "FALSE"

isolation.tools.HGFS.disable = "FALSE"

ide0:0.startConnected = "TRUE"

tools.remindInstall = "FALSE"

floppy0.present = "FALSE"

usb:0.present = "TRUE"

usb:0.deviceType = "hid"

usb:0.port = "0"

usb:0.parent = "-1"

anthonyu · ‎10-11-2011

not sure about fusion but in VMware workstation 8 you can edit the settings of the vm --> go to options --> go to unity and under Applications unclick "Enable applications menu" . this will not allow the vm to go into unity mode.

as for the securing the vmx file in the options menu of the vm you have encryption and here you can enable encryption of the vm and files... then if you open the vmx file with notepad (again on a windows machine with workstation 😎 you will not be able to edit the file. but then you can just give the users VMware player to run the vm.

hope this helps

MinacsITGB · ‎10-11-2011

I'm running os x 10.7 as the primary os, with windows xp as the virtual machine. I was under the impression vmplayer was designed to be run In windows...

I'll get back to you regarding disabling unity

Grant Barron

IT systems support

Phone: 19053800612

pin:235D89C3

Aditya Birla Minacs

WoodyZ · ‎10-11-2011

I was under the impression vmplayer was designed to be run In windows...

VMware Player can be used under Windows and Linux and does not run under OS X.

BTW... When a reply in the VMware Fusion Forum start off with "not sure about fusion" that by itself says a lot! While VMware Workstation and VMware Fusion share some code in common they are not the same and not all settings from one work with the other and vice versa.

anthonyu · ‎10-11-2011

I guess one more reason why windows is better then mac :smileysilly:

MinacsITGB · ‎10-17-2011

I appreciate the responses so far. The option to turn off the Application menu did not disable Unity - but simply uninstalling VM Tools successfully disabled Unity mode. I was then able to use Bootcamp drivers to replace the hardware drivers that were removed when unity was uninstalled.

I still can't prevent users from changing these settings though - any other ideas out there?

MinacsITGB · ‎10-17-2011

While I appreciate the clarification - any idea how to achieve the lockdown I require?

All

Lock VMX file for secure environment, disable Unity