2 Replies Latest reply on Nov 25, 2015 3:40 PM by Texiwill

    Why would you want to disable copy and paste between vm and host?  That is very convenient.

    cypherx Hot Shot

      There's nothing more frustrating than working on a VM and finding out you can't copy and paste links or command snippits, or anything between the VM and the host machine.  Many times doing research on websites to find the proper download link or command, its is better to do that on a workstation than do web browsing on a server.  So you find the link or command and you copy it, but cannot paste it into the VM?  The security hardining guide explains that the features are disabled by default but its still recommended to put isolation.tools.copy.disable = true and isolation.tools.paste.disable = true.  However its a nuisance to have to use the network to browse an SMB share to grab a text file with pasted texts, licence keys, links, webex links for vendors, commands, etc....  If anything I think that is more of a security hole because now your using SMB and traversing the network via a file.  Access to the VM through vSphere is protected by a username and password anyway.  Then the VM itself likely goes into a lock screen or you lock it manually (or logoff in *nix vm's) where even if someone broke into vCenter, now they have to guess the password to the Vm, for what, copy and paste?  Well if they made it that far, there are far more things to worry about than copy and paste.

       

      So I'll admit, In PowerCLI I ran Get-VM | NewAdvancedSetting -Name "isolation.tools.paste.diable" -value $false and Get-VM | NewAdvancedSetting -Name "isolation.tools.copy.diable" -value $false just because its more convenient.

       

      Anyone here know what really makes copy and paste a security concern?  Heck if I copy something sensitive to the clipboard, before I am done I will usually overwrite it and copy just the letter A or something into the clip board to clear it anyway.