During VMworld I attended the session SEC1662: Protecting Workloads: Tips, Tricks and Best Practices with Bob Plankers and I made a suggestion on a customisation I make to my VMs. Bob thought this was a great one so I thought I’d document it in this blog post.
Default in a Windows VM
In this example I created a Windows Server 2022 VM with default options in Workstation. When the VM boots and you look in the system tray the Safely Remove and Eject Hardware option in the System Tray shows the following:
Clicking down the list it will let you eject everything apart from the
VMware Virtual NVMe Disk and the
This is not really ideal when a user of the VM can eject critical hardware such as the NIC
Intel(R) 82574 Gigabit Network Connection. I have experienced this before when someone (ok me) mis-clicked and ejected the NIC. Goodbye VM connectivity.
What can be done to change this ‘capability’?
The fix is actually very easy. In the VMX configuration file you add the following line:
devices.hotplug = "FALSE"
Once the VM is started up you can now see in the OS:
Only the mounted CD is available to be be ejected now which is exactly what we want to see.
This is a simple thing to do on your VMs which I have added to my Packer builds. I’m a firm believer in hiding or removing ‘features’ or ‘capabilities’ from users/builds that don’t need to be there. This is a prime example of something that is there by default that can cause issues on a VM with little effort.
Think about if you should be doing this too on your Windows builds.