virtualbox.org

Greetings from a new member and VM newbie. I want to set up a guest VM so that the user cannot access the host machine. This isn't a question of isolating the guest VM from the host - that seems to have been done just fine. It's isolating the human user of the guest from the host machine. So basically the equivalent of me starting up the guest VM, and then performing a "WIN-L" lock on the host while still leaving the guest open - then turning that over to them.

I am running a Windows 10 x 64 bit host with Virtualbox 6.1. I have a guest Linux MINT VM, a guest Windows 7 VM and a guest Windows 10x64 VM. All seem to work fine. I can access internet from each, etc. The host machine is a standalone desktop wifi connected through my router to a printer and the outside world. No other network connections.

I want to set up the Windows 10 guest VM so that my kids can be turned loose on the guest VM without exposing the host machine to them. There are two things I want to achieve:

1. Do not allow them to use (or preferably even see) the taskbar or other features of the host machine. Do not let them exit the guest machine into the host in any way. Running the guest in full screen mode does hide the host a little but it is easy to exit full screen - even accidentally.

2. Do not allow them to return to the host just by closing the guest machine.

I have searched combinations of "+restrict +lock +host +guest +access" and other terms without finding an answer. I also spent time in the manual. If there was an answer in either location, I did not understand enough to recognize it as the answer. Apologies if I simply did not search or understand deeply enough.

Advice?

Thanks
Geoff

I doubt that you will ever get that to work. The whole point of VirtualBox is to allow you to install a vm on your machine and be able to move back and forth between host and guest with ease.

I agree with Bill. If your kids have access to the physical PC then they can get out of the Virtualbox guest. As the security gurus say,

If the hackers get physical access to your computer, then it's no longer your computer.

And let's face it, Kids are hackers, in everything, not just computers. They're like velociraptors, always testing the fences.

One possible method: Get a different-manufacturer USB keyboard and mouse, that can be differentiated from the existing keyboard and mouse by the Virtualbox USB filters. Then get a second monitor, start the guest fullscreen on the second monitor, plug the filtered keyboard and mouse in, then let the young'uns use the second monitor, keyboard & mouse. Turn off the fullscreen mini-tool-bar too. The USB-filtered keyboard and mouse will be pumped directly into the guest and won't be seen by the host, so the kiddies won't be able to break out of the guest, as long as they cannot access the host keyboard and mouse.

Or get them their own cheap PC. Decent refurbished good-strength PCs are available. I got new workstations for my boss's office for low cost by going to Newegg and getting refurbished PCs where the seller was willing to put a 1-year warranty on the PC. Maybe $150-ish, 3GHz, 4-8GB ram, Dell or HP, Windows 10 OS, never had trouble. A $50 video card to supplement the on-board video and we were good for 3D CNC cabinetry modelling and CAD. Should be more than enough for kids' gaming. Then put free Macrium Reflect on it and schedule regular full & differential disk images to network storage, so if/when the kiddies break it a restore to yesterday's state is a half-hour away.

(fwiw 3D on Windows 10 in a Virtualbox guest is a work in progress now, expect possible glitches & forum troubleshooting, and gaming has not been a strong point in a virtual machine. Not to dissuade you from using Virtualbox, just so you aren't shocked if you hit an issue.)

Thanks Bill and Scott. When I had no luck finding any instructions I assumed that I would strike out on getting this to work. Not the right tool for the job.

Scott, I completely agree about kids being hackers, either intentionally or not! I'm actually not worried in my case about them intentional doing something untoward. Just that one of them can be a bit (a lot) careless about accidentally installing spamware of various sorts. For a longer term solution getting an entirely separate physical machine would be the best solution for sure. In my case the kids are home from school for ... a while ... until the COVID-19 social distancing thing gets sorted out. I'm hoping they will be able to head back by September, and this VM thing will be an academic (no pun intended) question. So for what I hope is "the short term." perhaps a full-screen VM to minimize the problem, with a nightly restore to reverse the problem, is probably the way to go.

Thanks both for your valuable insight(s).
Geoff

Re the nightly restore, you can either run something like Macrium in the guest, or shut down the guest and make a copy on the host of the guest folder and virtual drive file.