Information
Deactivating console copy operations is critical for preventing data transfer between the virtual machine and the local client, irrespective of the access method, whether via Web Console, VMRC, or others. The parameter governing this behavior is isolation.tools.copy.disable with a recommended setting of TRUE or Undefined.
Deactivating console copy operations minimizes the risk of unauthorized data access or leakage, enforcing a higher level of data security and integrity across the virtual environment.
Solution
To set this configuration utilize the vSphere interface as follows:
- Select the VM then select Actions followed by Edit Settings
- Click on the VM Options tab then expand Advanced
- Click on EDIT CONFIGURATION
- Click on ADD CONFIGURATION PARAMS then input isolation.tools.copy.disable with a value of TRUE
- Click OK then OK again.
To explicitly disable VM console copy operations, run the following PowerCLI command:
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name "isolation.tools.copy.disable" -value $true
Impact:
There is no identified functional impact; however, this restriction enhances data security by minimizing unauthorized data transfer channels.