Through PowerCLI it's possible to execute commands inside a guest with invoke-vmscript if you have the right privileges inside vCenter - so far so good, this works very well.
We now just want the direct opposite, where we want VMware admins not being able to execute anything in some highly protected/confidential guests. I figured that it's the VIX API-plugin in VMware tools, which is responsible for handling these calls.
So far we just disabled the vmtools-service (and that works effectively), but I'm wondering if there is some more elegant option to just disable this feature/plugin from the guest-side and still have the insights in vCenter.
I couldn't find anything in the official documentation, but I know that they have some options for tools.conf, which aren't documented (or only as needed, for instance here: VMware Knowledge Base)
Did anyone else came across this issue?
Regards
Stefan