Details
Disable unexposed GetCreds feature.
*Rationale*
Some VMX parameters don’t apply on vSphere because VMware virtual machines work on
vSphere and hosted virtualization platforms such as Workstation and Fusion. The code
paths for these features are not implemented in ESXi. Explicitly disabling these features
reduces the potential for vulnerabilities because it reduces the number of ways in which a
guest can affect the host. Note that these are referenced for organizations that insist any
documented setting, regardless of whether it is implemented in code or not, must have a
value.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘isolation.tools.getCreds.disable’ -value $true
Impact-Some automated tools and process may cease to function.
Default Value-The prescribed state is not the default state.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.