Details

VM console drag and drop operations should be disabled.

Rationale:

VM console drag and drop operations are disabled by default (not explicitly specified); however, explicitly disabling this feature enables audit controls to check that this setting is correct.

Solution

To set this configuration utilize the vSphere interface as follows:

Select the VM then select Actions followed by Edit Settings.

Click on the VM Options tab then expand Advanced.

Click on EDIT CONFIGURATION.

Click on ADD CONFIGURATION PARAMS then input isolation.tools.dnd.disable with a value of TRUE.

Click OK, then OK again.

To explicitly disable VM console drag and drop operations, run the following PowerCLI command:

# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘isolation.tools.dnd.disable’ -value $true

Default Value:

Disabled

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3473

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-7
• CSCv7|9.2

Source

• Tenable.com/audits