Users Guide

Appendix B — Security profile details

The policies that match the VMware Security Hardening Guide for vSphere 5.5 Update 1 (http://

www.vmware.com/security/hardening-guides) are found in the VM advanced settings (key/value) for

each of the three security risk profiles.

Risk Profile 1

Guidelines that should only be implemented in the highest security environments, for example, top-

secret government or military-sensitive data.

isolation.tools.autoInstall.disable = true

isolation.tools.diskShrink.disable = true

isolation.tools.diskWiper.disable = true

isolation.tools.hgfsServerSet.disable = true

logging = false

isolation.monitor.control.disable = true

isolation.tools.ghi.autologon.disable = true

isolation.bios.bbs.disable = true

isolation.tools.getCreds.disable = true

isolation.tools.ghi.launchmenu.change = true

isolation.tools.memSchedFakeSampleStats.disable = true

isolation.tools.ghi.protocolhandler.info.disable = true

isolation.ghi.host.shellAction.disable = true

isolation.tools.dispTopoRequest.disable = true

isolation.tools.trashFolderState.disable = true

isolation.tools.ghi.trayicon.disable = true

isolation.tools.unity.disable = true

isolation.tools.unityInterlockOperation.disable = true

isolation.tools.unity.taskbar.disable = true

isolation.tools.unityActive.disable = true

isolation.tools.unity.windowContents.disable = true

isolation.tools.vmxDnDVersionGet.disable = true

isolation.tools.guestDnDVersionSet.disable = true

isolation.tools.vixMessage.disable = true

RemoteDisplay.maxConnections = 1

tools.setInfo.sizeLimit = 1048576

isolation.device.connectable.disable = true

isolation.device.edit.disable = true

Risk Profile 2

Guidelines that should be implemented for more sensitive environments. For example, those handling

more sensitive data, are subjected to stricter compliance rules.

isolation.tools.autoInstall.disable = true

isolation.tools.diskShrink.disable = true

isolation.tools.diskWiper.disable = true

RemoteDisplay.maxConnections = 1

log.keepOld = 10