How-to restrict VMs in VMware Workstation 9

VMware Workstation 9 has the possibility to restrict VMs. But How-to restrict VMs in VMware Workstation 9, and for which use cases? The first thing that I have in mind is learning. You might want to restrict a modification for VM which is preconfigured with specific hardware, and distribute this VM to the students. optionally, there is an option to obligatory change the encryption password after the VM is copied or moved somewhere else.

By Restricting access means that configuration changes will be restricted only. Not the start up of the VM. For example, you won’t be able to add or remove virtual hard drives, Network cards or other devices, or modify in any other way the configuration of the VM. All virtual hardware modification is restricted. You’ll need to enter the encryption password to make changes to the configuration of that particular VM.

To enable restrictions, you must first encrypt the VM. To encrypt the VM:

  1. Go and right-click the VM > Settings > Options TAB > Restrictions
  2. Click the Encrypt button
  3. Provide Encryption password

How-To restrict Virtual Machine in VMware Workstation 9

Once the VM is encrypted, you’ll be able to apply the restrictions. The restrictions operates on the config level, but also on the operations level.

Optionally you have also a possibility to disable the usage or USB devices inside of the VM. (a simple checkbook which can be un-checked).

How-To restrict Virtual Machine in VMware Workstation 9

The encryption is effective for All snapshots in the VM. Here are further details from the Admin’s guide:

Encryption applies to all snapshots in a virtual machine. If you restore a snapshot in an encrypted virtual machine, the virtual machine remains encrypted whether or not it was encrypted when the snapshot was taken. If you change the password for an encrypted virtual machine, the new password applies to any snapshot you restore, regardless of the password in effect when the snapshot was taken.

A VM has to be powered Off, before you Add (or remove) encryption. If you need to change the encryption password, the VM has to be powered OFF as well.

As you can see on the image bellow, there is a small lock on the icon on the W8 virtual machine. It means that to start up this VM you’ll need first to unlock this VM.

If you don’t enter the right password you won’t be able to do anything, the VM does not even provides you with the Green triangle icon to start it up. If you loose the protection password, then you can’t use that VM any more…

VMware Workstation 9 - Protecting your VMs

To remove protection you must clear the password. The same for encryption. To remove encryption, you must first provide the encryption password…

You might want to know if there are any limitations, concerning the encryption and protection:

  • Encryption of VMs is supported since Virtual Hardware version 5.X and later
  • Linked clones aren’t supported – you cannot create linked clone from encrypted VM
  • If you share disk (disk is used by more than one VM) and you encrypt one of those VMs, the other VM won’t be able to start
  • VMs which has been shared cannot be encrypted
  • VMs on remote locations cannot be encrypted
  • Encrypted VMs cannot be uploaded to remote server

Here is a quick video of the encryption features.


Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *