Hi,
I wonder if anyone else ran into this issue: If used as a user not posessing administrator rights Fusion is unable to launch the Bootcamp windows.
What was remarkable: As admin user I got 3 kext ... something was downloaded from the internet do you want to execute messages and had to click "open" on each pop-up. As user without admin rights I did not get this.
And when the bootcamp virtual machine is launched: Fusion just sits there for >20min and then I get an error message.
Tormen
Hi again,
in case someone runs into this as well:
Here is how I solved the problem:
I completely removed any trace from VMware / Fusion from the mac. (brew cask remove vmware-fusion, reboot,
sudo kextcache -invalidate /, find / -iname "vmware\|fusion", rm -Rf on what was to remove (NOT all hits are to remove! ).
And reinstalled it.
... but the thing is: I used brew cask install vmware-fusion the first time I had installed it.
Now I downloaded the dmg installer from VMware and used this.
When double clicking the installer: It also warned saying, "Downloaded from the internet... do you really want to open..." and the message had an "Open" button... but ALSO had a checkbox: "Do not ask for other content from this image" and I checked this box.
<<< maybe this checkbox, maybe the fact that I avoided brew... but right after the installer I created the VM (yellow exclamation mark was still there ... but this time it started right away.
Hi again,
in case someone runs into this as well:
Here is how I solved the problem:
I completely removed any trace from VMware / Fusion from the mac. (brew cask remove vmware-fusion, reboot,
sudo kextcache -invalidate /, find / -iname "vmware\|fusion", rm -Rf on what was to remove (NOT all hits are to remove! ).
And reinstalled it.
... but the thing is: I used brew cask install vmware-fusion the first time I had installed it.
Now I downloaded the dmg installer from VMware and used this.
When double clicking the installer: It also warned saying, "Downloaded from the internet... do you really want to open..." and the message had an "Open" button... but ALSO had a checkbox: "Do not ask for other content from this image" and I checked this box.
<<< maybe this checkbox, maybe the fact that I avoided brew... but right after the installer I created the VM (yellow exclamation mark was still there ... but this time it started right away.
I reported and documented the issue also here:
For what it's worth, Fusion is not intended to run as a non-admin account. Frankly, most Mac software falls into that category - 'standard' users are intended only for things like unattended kiosks, and is largely there for certain technical certifications, not for real-world use.
"Fusion is not intended to run as a non-admin account." -- Where is that written?
Under System Requirements on the Product you can only read the Operating System... this is where something like this should be mentioned.
For what it's worth: I use all my software (Fusion, Office-365, Slack, Teams, Steam, ...) without ANY problem as non-admin user. Like it is possible under Windows 10 as well.
And from a security standpoint this is a very good thing!
I do cybersecurity for a living, so understand why it may be important in Windows for some situations, but OSX is not windows. On the Mac, the default - and the only option that Apple recommends - is to run as an administrator account, which is what most software assumes - most vendors don't even test with standard accounts. There's little practical security to be gained from running as a standard user, and it absolutely does cause issues with a wide spectrum of software, Fusion included.
OS X/macOS: Do you use a standard user account (non-admin) or an administrator account? : apple
<<< this is a good sum-up IMHO.
But where does it cause issues with Fusion? I don't have any issues running it as non-admin (see my post).
I might not know all technical details, but admin users have more write access to the system, this is certain!
And reducing attack surface is always a good thing in IT Security.
It can't hurt for sure.
And all it costs me is entering my admin password when installing software.
Plus: MacOS supports me in running as non-admin by allowing me to authenticate with my admin finger-print.
This is easy enough. So I am not bothered.
Apple writes themselve:
"
An administrator can add and manage other users, install apps and change settings. The new user you create when you first set up your Mac is an administrator.
Your Mac can have multiple administrators. You can create new ones, and convert standard users to administrators.
Don’t set up automatic login for an administrator. If you do, someone could simply restart your Mac and gain access with administrator privileges. To keep your Mac secure, don’t share administrator names and passwords.
"
FROM: Set up users, guests and groups on Mac - Apple Support
"To keep your Mac secure, don’t share administrator names and passwords." !
And for sure this does not sound as if Apple would not recommend running software as non-admin user. Not at all. They exist and they explain how to create them. That's all.
So I will stay a happy, potentially more-secure, non-admin user
Sharing credentials is never a good idea, regardless of the account time, but we'll agree to disagree on any value of downgrading user rights. An 'administrator' account isn't the same on OSX and Windows, and the threat model is very different. For example, on Windows when logged in as an administrator, you can install software by simply clicking yes in a dialog. On OSX, you have to reauthenticate. Apple's built a lot of security on top of the UNIX core that obviates the need for downgraded rights. The net is that if you have issues with Fusion or any other software, the first troubleshooting step would be to try running as an admin account. The same is true of using a case-sensitive file system. They are there for compatibility and niche use cases, but a large number of software applications simply won't function properly when chosen.
Hi again
Yup, to this I fully agree :))