Open the VMware Tools applet again and on the Options tab, uncheck Time synchronization between the virtual machine and the host operating system. Open another Remote Desktop Connection to your test VM, and log in as testuser. This next VMware Tools vulnerability could also ruin your day if one of your Citrix users gets some malicious ideas. Lucky for us, this is very easy to disable by simply adding these two directives to the. That's right, a non-administrator account just disconnected the VM's NIC, taking it completely off the network! If you have virtual Citrix servers, you should already be getting an idea of just how serious a vulnerability this is. Uncheck the NIC device and click Apply, and then watch as your RDP connection dies. Once you have a desktop, right click the VMware Tools icon and open it, then click on the Devices tab. Open a Remote Desktop Connection session to your test server and log in with the testuser account. We'll start by looking at the ability to connect and disconnect CD-ROM, floppy, and network devices from the VMware tools applet. This is exactly how a typical Citrix user account is configured, so if you've got virtualized Citrix servers in your environment, you're going to want to test this out for yourself.Īnd if you're thinking this doesn't apply to your environment because you have hidden the VMware Tools icon in your VMs, think again, as any user can simply open up a Run window and launch "C:\Program Files\VMware\VMware Tools\VMControlPanel.cpl". This account should only be a member of the Users and Remote Desktop Users groups, and should not be in the Administrators group. We'll add a new local user account to the server named testuser, and add this user to the Remote Desktop Users group.
#VMX TOOLS SYNCTIME WINDOWS#
To demonstrate, we're going to bring up a new virtual machine installed with Windows 2003 Server Standard and VMware Tools. You really have to see the vulnerabilities in VMware Tools with your own eyes to get a sense of their scope. vmx of a running VM, your changes are going to be discarded when the VM shuts down. Note that for whatever method you choose to add the parameters, the VM must be shut down. But that is a lot of work compared to the vi method. You can also add these parameters from the VI Client by right clicking a VM, choosing Edit Settings., Options tab, Advanced - General, and clicking the Configuration Parameters. If you've never used vi, or just find it scary, see the very bottom for a quick tutorial. vmx in vi, and right click with vi in insert mode to paste them all in. Just copy the list of parameters at the end of this posting, open the. I like using a combination of putty and vi to make changes to. If you have not gotten around to hardening your virtual machine configuration files, keep reading, as this may open your eyes to some pretty serious security holes in your environment. Many of the lists out there have parameters that don't even apply to the VI3 / ESX 3.5 products! So rather than just post another list, we're going to really explore what each parameter changes or fixes. But there is very little information describing exactly what they do and what issues they are intended to fix. vmx file parameters we'll discuss have already been recommended by different sources on the Internet, so this may seem like old news. In this tutorial, we'll explore a few parameters that can be used to eliminate some serious vulnerabilities with VMware Tools and lock down the communications channel between a guest VM and the ESX server hosting it. This single text file stores almost all of a virtual machine's configurable parameters, and has several optional settings that are not available from the administration tools and must be added by hand to the file. If you've been working with any of the VMware products for even a short amount of time, you've probably explored the.