Hello,
I want to prohibit to create VMs for my users.
On a computer, we allow the use of VMs. The creation of VMs is done with administrative rights by the IT team.
Our users works on Windows 10 (21H2). The computers are in the domain and the users are simple users.
Is it possible to prohibit the creation of VMs for a simple user?
Thanks in advance.
Prohibit to create VM
-
- Site Moderator
- Posts: 20965
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Prohibit to create VM
No. Virtualbox does not have lock-down capabilities like that. All of Virtualbox's control files are in the local non-admin user's account, and all of those files require write access by the local non-admin user. So a non-admin user can undo anything the IT dept locks down.
Note that many modern OS's require write access to their disks. So storing a VM disk file on a read-only shared folder won't work, because the VM OS will fail when being unable to write to its disk because of read-only restrictions on the VM disk file.
Note too that your IT dept might come up with a creative method to wrangle such a locked-down environment. But Virtualbox may have problems, And these problems may be undiagnosable because of the non-standard environment.
As a Stack-Exchange-style frame challenge: Let the users make their own VMs if they want. But use the restrictions on the IT-controlled LAN to keep these unauthorized VMs from accessing the LAN or Internet, in the same way one might keep a BYOD device from accessing restricted network services.
Note that many modern OS's require write access to their disks. So storing a VM disk file on a read-only shared folder won't work, because the VM OS will fail when being unable to write to its disk because of read-only restrictions on the VM disk file.
Note too that your IT dept might come up with a creative method to wrangle such a locked-down environment. But Virtualbox may have problems, And these problems may be undiagnosable because of the non-standard environment.
As a Stack-Exchange-style frame challenge: Let the users make their own VMs if they want. But use the restrictions on the IT-controlled LAN to keep these unauthorized VMs from accessing the LAN or Internet, in the same way one might keep a BYOD device from accessing restricted network services.