VMWare 5.1 Security Hardening Guide 5.1

According to the VMWare hardening guide for vSphere 5.1, I had some time to edit all the templates with the desired settings.
http://www.vmware.com/files/xls/hardeningguide-vsphere5-1-ga-release-public.xlsx

I created a list of VM’s which will be edited in D:\template.txt, with a simple loop all the settings will be applied.


foreach ($VM in gc D:\template.txt){
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.copy.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.dnd.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.setGUIOptions.enable" -value $false -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.paste.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.diskShrink.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.diskWiper.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.hgfsServerSet.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "vmci0.unrestricted" -value $false -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.autologon.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.bios.bbs.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.getCreds.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.launchmenu.change" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.memSchedFakeSampleStats.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.protocolhandler.info.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.ghi.host.shellAction.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.dispTopoRequest.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.trashFolderState.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.trayicon.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unityInterlockOperation.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.taskbar.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unityActive.disable" -value $True -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.windowContents.disable" -value $True -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.push.update.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.vmxDnDVersionGet.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.guestDnDVersionSet.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "RemoteDisplay.maxConnections" -value 2 -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "log.keepOld" -value "10" -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "log.rotateSize" -value "100000" -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "tools.setInfo.sizeLimit" -value 1048576 -Force:$true -confirm:$false
}

07-04-2014 Removed:

Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.autoInstall.disable" -value $true -confirm:$false

This setting disabled “VMware tools installation from the vCenter console”. It still was possible to do it manually, but not anymore by right clicking  “Upgrade VMware tools”

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.