NDPF vmware tips
Assorted tricks and tips for the generation of vmware images
Managing Removable Devices for Virtual Machines
(from http://kb.vmware.com/selfservice/viewContent.do?externalId=1042#devices)
Normal (non-root or non-administrator) users and processes within virtual machines have the capability to connect or disconnect devices, such as network adapters and CD-ROM drives.
For example, by default, a rogue user within a virtual machine can:
- Connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive.
- Disconnect a network adapter to isolate the virtual machine from its network, which is a denial of service.
In general, you should use the virtual machine settings editor/Configuration Editor to remove any unneeded or unused hardware devices. However, you may want to use the device again, so removing it is not a good solution. In this case, you can prevent a user or running process in the virtual machine from connecting or disconnecting a device from within the guest operating system by adding the following option to the virtual machine's configuration file (.vmx):
<device name>.allowGuestConnectionControl = "FALSE"
You must specify a device name for <device name> (for example, ethernet0):
Ethernet0.allowGuestConnectionControl = "FALSE" floppy0.allowGuestConnectionControl = "FALSE"