VMware Communities
quiettime
Enthusiast
Enthusiast
‎03-26-2013 11:32 AM
Jump to solution

How can I disable a VM pref retroactively or by policy override? (e.g. to stop USB auto connect)

I am using VMWare Workstation 7. One problem I've come across in a lot of the VMs we have is that they didn't have "Automatically connect new USB devices" disabled when their snapshots were created. Although I can disable this preference in future snapshots by powering off the virtual machine, disabling the preference and taking another snapshot, that is a big nuisance. Is there any way I can override all virtual machines I load and resume on my system to basically default that preference to off, regardless of how an individual VM may be configured, essentially overriding the individual preference?

It has become very annoying. I've got all these snapshots with USB auto connect enabled. I could disable the vmware USB pass through on the host entirely but I still need USB. I just don't want the devices connecting automatically.

If there is a way to override policy I would also like to add something like bios.bootDelay = "5000" as an override preference so that all VMs regardless of snapshot would use that preference.

Thanks for any help or insight you can offer

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
quiettime
Enthusiast
Enthusiast
‎06-15-2013 09:34 PM
Jump to solution

WoodyZ thanks for your help. I was able to stop new devices from being autoconnected. I looked in vmware.log for some of my virtual machines. Workstation looks for three config files:

DICT --- USER DEFAULTS C:\Users\<username>\AppData\Roaming\VMware\config.ini

DICT --- HOST DEFAULTS C:\ProgramData\VMware\VMware Workstation\config.ini

DICT --- GLOBAL SETTINGS C:\ProgramData\VMware\VMware Workstation\settings.ini

First I tried the HOST file. I added:

usb.generic.autoconnect = "FALSE"

That worked, but only if the vmx file does not explicitly state the opposite (in other words, there's no override). Because autoconnect is by default TRUE, many vmx files won't have that explicitly in the vmx file so it's still a good solution to stop the autoconnect of new devices. But for example I put in a vmx file usb.generic.autoconnect = "TRUE" , and even with autoconnect set in the HOST file to "FALSE" , autoconnect was still enabled when I resumed the VM.

Next I moved that line from the HOST to the GLOBAL config file:

usb.generic.autoconnect = "FALSE"

That appears to work as an override. I tried several times to confirm, closing out the VMWare Workstation 9 and reopening it. Each time I resumed a VM, even if it had usb.generic.autoconnect = "TRUE" in the vmx file, the autoconnect of new devices was disabled. Therefore it appears the correct way to override and disable usb.generic.autoconnect regardless of how it's defined in a vmx file is to place the preference in the GLOBAL file. Note that changing that option only prevents against new devices being autoconnected; in other words it prevents devices that don't already have an explicit device autoconnect entry in the vmx file like usb.autoConnect.device0, usb.autoConnect.device1, etc. Also note that when a vm is paused the USB Controller "Automatically connect new USB devices" setting in the GUI may still show as checked, but when the VM is resumed it will be unchecked.

Stopping autoconnect entirely: I did experiment with putting usb.autoConnect.device0 = "" in the GLOBAL config and that can stop a device that has a usb.autoConnect.device0 entry in the vmx file from being autoconnected on resume. And once the VM is resumed the device can still be manually connected. (Although there will be a warning on connect "The value of usb.autoConnect.device0 cannot be redefined" so maybe this isn't ideal). If someone wanted to extend this idea they could add a line for each up to usb.autoConnect.deviceN with N being whatever the max is. Anyone know what it is?

If anyone that reads this is aware of any data sheet that does a best practices for containing malware in a VM then this information really should be added. I don't know if many people are aware that if your virtual machine is the active window, and you plugin a usb drive, and VMWare tools is installed on the guest then the drive by default is autoconnected to the guest.

I'm also playing around with adding other prefs to the different files; like right now I've got bios.bootDelay = "5000" in my HOST file and that works to delay my VMs from booting by 5 sec so that it's a little easier to access the BIOS.

View solution in original post

0 Kudos
4 Replies
quiettime
Enthusiast
Enthusiast
‎03-28-2013 09:06 PM
Jump to solution

anyone...

0 Kudos
quiettime
Enthusiast
Enthusiast
‎05-14-2013 12:16 PM
Jump to solution

We just upgraded to VMWare Workstation 9 and it appears there is not a way to stop auto connect retroactively in this version either.

0 Kudos
WoodyZ
Immortal
Immortal
‎05-14-2013 01:04 PM
Jump to solution

I have not tested this however when you do it through the GUI ( Disable Automatic Connection of USB Devices) it places usb.generic.autoconnect = "FALSE" in the VM's .vmx configuration file.  You could try putting this in the config.ini file, the path to which is shown in the vmware.log file and unless you've previously created it you'll probably have to.  It's just a text file.  Let us know if it works.

quiettime
Enthusiast
Enthusiast
‎06-15-2013 09:34 PM
Jump to solution

WoodyZ thanks for your help. I was able to stop new devices from being autoconnected. I looked in vmware.log for some of my virtual machines. Workstation looks for three config files:

DICT --- USER DEFAULTS C:\Users\<username>\AppData\Roaming\VMware\config.ini

DICT --- HOST DEFAULTS C:\ProgramData\VMware\VMware Workstation\config.ini

DICT --- GLOBAL SETTINGS C:\ProgramData\VMware\VMware Workstation\settings.ini

First I tried the HOST file. I added:

usb.generic.autoconnect = "FALSE"

That worked, but only if the vmx file does not explicitly state the opposite (in other words, there's no override). Because autoconnect is by default TRUE, many vmx files won't have that explicitly in the vmx file so it's still a good solution to stop the autoconnect of new devices. But for example I put in a vmx file usb.generic.autoconnect = "TRUE" , and even with autoconnect set in the HOST file to "FALSE" , autoconnect was still enabled when I resumed the VM.

Next I moved that line from the HOST to the GLOBAL config file:

usb.generic.autoconnect = "FALSE"

That appears to work as an override. I tried several times to confirm, closing out the VMWare Workstation 9 and reopening it. Each time I resumed a VM, even if it had usb.generic.autoconnect = "TRUE" in the vmx file, the autoconnect of new devices was disabled. Therefore it appears the correct way to override and disable usb.generic.autoconnect regardless of how it's defined in a vmx file is to place the preference in the GLOBAL file. Note that changing that option only prevents against new devices being autoconnected; in other words it prevents devices that don't already have an explicit device autoconnect entry in the vmx file like usb.autoConnect.device0, usb.autoConnect.device1, etc. Also note that when a vm is paused the USB Controller "Automatically connect new USB devices" setting in the GUI may still show as checked, but when the VM is resumed it will be unchecked.

Stopping autoconnect entirely: I did experiment with putting usb.autoConnect.device0 = "" in the GLOBAL config and that can stop a device that has a usb.autoConnect.device0 entry in the vmx file from being autoconnected on resume. And once the VM is resumed the device can still be manually connected. (Although there will be a warning on connect "The value of usb.autoConnect.device0 cannot be redefined" so maybe this isn't ideal). If someone wanted to extend this idea they could add a line for each up to usb.autoConnect.deviceN with N being whatever the max is. Anyone know what it is?

If anyone that reads this is aware of any data sheet that does a best practices for containing malware in a VM then this information really should be added. I don't know if many people are aware that if your virtual machine is the active window, and you plugin a usb drive, and VMWare tools is installed on the guest then the drive by default is autoconnected to the guest.

I'm also playing around with adding other prefs to the different files; like right now I've got bios.bootDelay = "5000" in my HOST file and that works to delay my VMs from booting by 5 sec so that it's a little easier to access the BIOS.

0 Kudos