8.2.7 Ensure unauthorized connection of devices is disabled


In a virtual machine, users and processes without root or administrator privileges can connect devices, such as network adapters and CD-ROM drives. This should be prevented.


Disabling unauthorized connection of devices helps prevents unauthorized changes within the guest operating system, which could be used to gain unauthorized access, cause denial of service conditions, and otherwise negatively affect the security of the guest operating system.


To prevent unauthorized device connections, run the following PowerCLI command:

# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name 'isolation.device.connectable.disable' -value $true

See Also