I am looking for some direction on creating a script to find all VM's with HGFS running, or where the feature is actually being used.
Apparently VMware posted this Security advisory VMSA-2016-0001 | United States yesterday and my Security people are freaking out.
Any information you may have would be helpful.
Thanks
Ludi
The only way I'm aware of is by querying the guest operating system itself and checking the registry path:
HKLM\System\CurrentControlSet\Control\NetworkProvider\Order
and check the ProviderOrder string value for hgfs, vmhgs, or vmhgfs.
You have to remove those values and reboot the VM for the change to take effect.
Powershell wise:
$VM = Get-VM NameofVM
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $vm.extensiondata.summary.guest.hostname)
$RegKey= $Reg.OpenSubKey("System\CurrentControlSet\Control\NetworkProvider\Order")
$RegKey.GetValue("ProviderOrder")
VMware KB: Windows guest cannot update hgfs.dat or vmhgs.dat
The only way I'm aware of is by querying the guest operating system itself and checking the registry path:
HKLM\System\CurrentControlSet\Control\NetworkProvider\Order
and check the ProviderOrder string value for hgfs, vmhgs, or vmhgfs.
You have to remove those values and reboot the VM for the change to take effect.
Powershell wise:
$VM = Get-VM NameofVM
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $vm.extensiondata.summary.guest.hostname)
$RegKey= $Reg.OpenSubKey("System\CurrentControlSet\Control\NetworkProvider\Order")
$RegKey.GetValue("ProviderOrder")
VMware KB: Windows guest cannot update hgfs.dat or vmhgs.dat