My servers are running inside VMWARE workstation 15 pro. I would like to lock down the host computers. Specifically, I want to use a non-administrator account on the host (after initial setup of the VPN). I’ve configured the group policy setting, “User Configuration > Administrative Templates, -> System -> Run only specified Windows applications,“ and applied it to non-administrators. After doing this and logging in as a non-administrator, I was not able to run anything as expected. I then added vmware.exe to the list of exceptions but I was not able to open it. I then added every executable inside the VMWARE program directory but, still, I was not able to open it. I then added, as a test, cmd and notepad, and both of those started working. I also turned off the setting and the non-administrator was able to run vmware then. My suspicion is that VMWARE is relying on one or more windows processes that are getting blocked by the group policy setting but I can’t find anything that lists it. Does anyone know or has anyone tried this?
I am aware that there is the reverse setting, “Don’t run specified Windows applications,” but it seems like an awful lot of work when, essentially, I don’t want anything to work for this regular user (not regedit, not powershell, and so many more), except I want them to be able to double click the VMWARE icon and start the virtual server.
I figured it out. I needed to also DLLhost.exe as an exception. As soon as I did that, I was able to run VMWARE.
I figured it out. I needed to also DLLhost.exe as an exception. As soon as I did that, I was able to run VMWARE.