baber
Expert
Expert

Why virtual machine hardening parameters are not define for vms

As you know there are some parameters for vsphere7 Hardening for virtual machines such as follow :

isolation.tools.copy.disable

isolation.tools.paste.disable

isolation.tools.diskShrink.disable

isolation.tools.diskWiper.disable

But There are not any of above parameters on my vms . What should I do ?

Do I have to insert them manually on all of VM ?

Please mark helpful or correct if my answer resolved your issue.
0 Kudos
6 Replies
maksym007
Hot Shot
Hot Shot

yes exactly. you should enter them manually. via Edit Settings

maksym007_0-1670187566706.jpeg

0 Kudos
baber
Expert
Expert

That is so strange in security configuration guide just mentioned edit these parameters not saying about add parameters as new configuration

Please mark helpful or correct if my answer resolved your issue.
0 Kudos
maksym007
Hot Shot
Hot Shot

You should find these parameters first if they are there and in case of need to edit them.

When they are not listed there you should add them and adjust accordingly your needs

0 Kudos
scott28tt
VMware Employee
VMware Employee

I wonder if these parameters are saved as part of a template configuration?

I also wonder if you can apply them to an existing VM estate with something like PowerCLI?


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
baber
Expert
Expert

Yes . We n add these parameters but want to know Does it recommend ? For example when we don't have :

vm-7.disable-console-copy
vm-7.disable-console-paste

so we cannot do copy -paste between system and console so why should ass this parameter and change its value to True ?

Please mark helpful or correct if my answer resolved your issue.
0 Kudos

I believe if the parameters are not defined for a VM, then the default behaviour is the most secure one.

So your audit should be to see if the key is specified in the advanced settings for the VM, and if it is then checks the value with the Key is the value required for hardening the VM.

Alternatively, remove the advanced setting altogether.

0 Kudos