Here is the second video that I referred to in our previous blog post.
The latest release of Workstation provides this feature which offers the ability to restrict your virtual machines.
This video provides a brief demonstration of how you can restrict your virtual machines in VMware Workstation 9.x.
Restricting a virtual machine prevents users from changing configuration settings unless they first enter the correct restrictions password. You can also set other restriction policies.
If you enable restrictions, users are prevented from modifying the virtual machine. For example, you can enable restrictions to prevent users from removing virtual devices, changing the memory allocation, modifying removable devices, changing the network connection type, and changing the virtual hardware compatibility.
A password prompt appears whenever anyone tries to modify or change the virtual machine properties.
In order for this restricting ability to function, the virtual machine first needs to be encrypted. See our other tutorial video “Encrypting virtual machines in VMware Workstation 9.x” here for instructions concerning virtual machine encryption in Workstation.
For additional information and instructions regarding this virtual machine restriction feature, see page 92 of the Using VMware Workstation guide.
Very interesting feature indeed. What is the purpose of this, why would I want to restrict what users can do with the machine? I can see there being some point to preventing accidental breaking of a setup involving particular contents of virtually removable devices, but the main value of passing a VmWare setup around is in the installed disk image, right?
Or is the purpose more to restrict who can access a machine image? Like typical passwords on Excel docs and PDFs?
There a few different use cases or scenarios actually in which may want to restrict a virtual machine. I will try to do a follow up blog concerning them at some point in the future. For now, I can say that maybe you are supplying a pre-configured virtual machine to a contractor and you do not want that contractor to be able to modify the virtual machine in any way or even insert removable USB devices into the virtual machine. That is just one example. I will try to talk about this more as soon as I can in the future.
@Jakob: typical example: the IT dept creates a VM containing corporate VPN client and remote access software, fully up to corporate standards. They give this VM to everyone who needs to work from home now and then. VPN access will always happen from the “clean” VM image, never from the potentially unclean home PC these users might have.
As an example, they don’t want the VM to be booted from CD/floppy/PXE, because that could allow a breakin into the corporate locked-down VM.
This was exactly what the VMware ACE product was made to do a long time ago (with a central policy server added into the mix). Part of that functionality made its way into Workstation now.