VCENTER-000006 - The Web datastore browser must be disabled, unless required for normal day-to-day operations.


The Web datastore browser enables viewing of all the datastores associated with the vSphere deployment, including all folders and files, such as VM files. This functionality is controlled by the organization-specific, user permissions on vCenter Server.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


If the Web datastore browser is enabled and required for normal, daily operational tasks, no fix is required.

Disable the Web datastore browser:
Determine the location of the vpxd.cfg file on the Windows host.
Edit the file and locate the <vpxd> ... </vpxd> element.
Ensure the following element is set <enableHttpDatastoreAccess>false</enableHttpDatastoreAccess>

Restart the vCenter Service to ensure the config file change(s) are in effect.

See Also

Item Details


References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Group-ID|V-39546, Rule-ID|SV-250728r799874_rule, STIG-ID|VCENTER-000006, STIG-Legacy|SV-51404, STIG-Legacy|V-39546, Vuln-ID|V-250728

Plugin: VMware

Control ID: 7b27d9602b060ef465659769b269f30c52ac4aaa1b3134daeccc625d449ffd2e