VM : disable-unexposed-features-shellaction

Information

Disable certain unexposed features.

Some VMX parameters don't apply on vSphere because VMware virtual machines work on vSphere and hosted virtualization platforms such as Workstation and Fusion. Explicitly disabling these features reduces the potential for vulnerabilities because it reduces the number of ways in which a guest can affect the host.

Solution

# Add the setting to all VMs -
Get-VM | New-AdvancedSetting -Name "isolation.ghi.host.shellAction.disable" -value $true

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: VMware

Control ID: dd6f8c1bbfbc8e24cbd80fad878f9ba7e3934c6c4bf6d55a6856416c1f8422d1