As you know there are some parameters for vsphere7 Hardening for virtual machines such as follow :
isolation.tools.copy.disable
isolation.tools.paste.disable
isolation.tools.diskShrink.disable
isolation.tools.diskWiper.disable
But There are not any of above parameters on my vms . What should I do ?
Do I have to insert them manually on all of VM ?
yes exactly. you should enter them manually. via Edit Settings
That is so strange in security configuration guide just mentioned edit these parameters not saying about add parameters as new configuration
You should find these parameters first if they are there and in case of need to edit them.
When they are not listed there you should add them and adjust accordingly your needs
I wonder if these parameters are saved as part of a template configuration?
I also wonder if you can apply them to an existing VM estate with something like PowerCLI?
Yes . We n add these parameters but want to know Does it recommend ? For example when we don't have :
vm-7.disable-console-copy
vm-7.disable-console-paste
so we cannot do copy -paste between system and console so why should ass this parameter and change its value to True ?
I believe if the parameters are not defined for a VM, then the default behaviour is the most secure one.
So your audit should be to see if the key is specified in the advanced settings for the VM, and if it is then checks the value with the Key is the value required for hardening the VM.
Alternatively, remove the advanced setting altogether.