Solved: Re: How to start Encrypted VM without prompt ?

gmnenad · ‎10-17-2021

Workstation Pro is asking manual entry of encryption password on any start of encrypted VM. I expected that "vmrun -T ws -vp password ..." would allow me to start encrypted VM without being prompted, but it does not work - even if it is listed both in online wmware documentation and in help output of vmrun itself ( when run without any parameter ). I tried with several builds, including latest 16.1.2 build-17966106. Only 'workaround' that I found was to start with 'nogui' , which is useless for Windows guest. On the other hand, 'vmware.exe' does not have at all command line option for encryption password.

Is there any way to start encrypted Windows 10+ guest VM without being prompted for password every time?

This will become HUGE problem for 'default' new Windows 11 guests with "Memory Integrity" turned on ( since they require TPM, and Workstation Pro require encrypted VM before adding TPM).

wila · ‎10-17-2021

Hi,

Upgrade to Workstation 16.2 released a few days ago. It allows for adding a vTPM without encrypting the disk.

See:
https://blogs.vmware.com/workstation/2021/10/workstation-16-2-now-available.html

A few notes:

- first upgrade to the latest virtual hardware version (ironically called "Beta")

- beware that there is no official option for this in the user interface yet, the above feature is still considered experimental.

- Not related, but in case that it matters, Workstation 16.2 has a bug where it forgot to include the dark mode feature.

2022-02-09 edit:
Please read my post below if you want to use the experimental vTPM feature.

https://www.vimalin.com/blog/what-you-should-know-about-vmwares-experimental-vtpm/

--
Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

View solution in original post

gmnenad · ‎10-19-2021

Unfortunately, it seems that this workaround resulted in another issue:

- when using this new TPM, guest VM will not automatically power on, even if -X ( or -x) switches are used with "vmware.exe"

- it also does not work with "vmrun start ...", seems due to same issue as in my original question (VM is marked as 'encrypted')

Bottom line is that it is STILL not possible to start VM with one click if TPM is enabled .

View solution in original post

wila · ‎10-17-2021

Hi,

Upgrade to Workstation 16.2 released a few days ago. It allows for adding a vTPM without encrypting the disk.

See:
https://blogs.vmware.com/workstation/2021/10/workstation-16-2-now-available.html

A few notes:

- first upgrade to the latest virtual hardware version (ironically called "Beta")

- beware that there is no official option for this in the user interface yet, the above feature is still considered experimental.

- Not related, but in case that it matters, Workstation 16.2 has a bug where it forgot to include the dark mode feature.

2022-02-09 edit:
Please read my post below if you want to use the experimental vTPM feature.

https://www.vimalin.com/blog/what-you-should-know-about-vmwares-experimental-vtpm/

--
Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

gmnenad · ‎10-18-2021

Thanks, that is better option for TPM. I tried it, and it works, so I guess I will not be needing encrypted VM ( although original question is still interesting one).

Curiously, while Windows recognized this new vmware TPM (and it was possible to activate "Memory Integrity" , and even "Credential Guard"), it did not recognize TPM from Power Shell (get-tpm failed ), and it was also not possible to activate "System Guard" (aka "Firmware protection" aka "Secure Launch"). When "Secure Launch" is set up via Group policy, it get shown as 'configured', but not as 'running'. Alternative was to use suggested 'tool' to install it , but that tool uses PowerShell script which uses aforementioned get-tpm which does not recognize tpm.

I'm not certain if PowerShell "get-tpm" is not working due to bug in PowerShell or due to vmware new TPM implementation. But that is not so important issue for me, since new vmware TPM works without problems for my main purpose ( compliancy with basic Windows 11 requirements, and "Memory Integrity").

gmnenad · ‎10-19-2021

Unfortunately, it seems that this workaround resulted in another issue:

- when using this new TPM, guest VM will not automatically power on, even if -X ( or -x) switches are used with "vmware.exe"

- it also does not work with "vmrun start ...", seems due to same issue as in my original question (VM is marked as 'encrypted')

Bottom line is that it is STILL not possible to start VM with one click if TPM is enabled .

Robbie-65 · ‎02-09-2022

Hi,

I followed the blog, and added the line managedVM.autoAddVTPM="software" to skip encryption.

That worked perfectly, I was able to configure my Server 2022. I don't want encryption, because I share an extra unencrypted disk in my VM Workstation between a few VM's.

But unfortunately...

Today I restarted my laptop, and started the VM again.

This without a warning started to encrypt the image and the extra disk.
I pressed cancel as soon as I noticed but was to late.

I cannot use the VM and the External disk anymore.

Any tips how I connect a unencrypted disk to a server 2022 VM?

KAPUHY · ‎12-08-2023

Good morning Everyone 😀

Assuming you are using VMware Workstation 17.5 on Windows 11, you can use PowerShell to enter your password into the pop-up window asking for your password.

To launch your encrypted MyVM virtual machine by double-clicking, write the following batch file on your desktop (name it e.g. MyVM.bat):

@ECHO OFF
C:
CD "\Program Files (x86)\VMware\VMware Workstation"
START vmware-kvm.exe "D:\MyVM\MyVM.vmx"
PowerShell -command "Add-Type -AssemblyName System.Windows.Forms ; sleep 5 ; [System.Windows.Forms.SendKeys]::SendWait('YourPassword{ENTER}')"

Of course, tune the MyVM name and path of your virtual machine, the 5-second wait time for the window to appear before entering the password, and YourPassword.

You all can freely use my solution in your works 😀

All

How to start Encrypted VM without prompt ?