| Grade: 18% F |
| HOST Report Check | 36 total checks | PASS - 11.1 % | FAIL - 33.3 % | REQUIRE MANUAL VALIDATION - 55.6 % |
| Entity | Code | Description | Status | Parameter Check | Resolution/Fix |
| himalaya.primp-industries.com | verify-install-media | Verify integrity of software before installation | MANUAL | N/A | Verify SHA1 hash after downloading from VMware |
| himalaya.primp-industries.com | apply-patches | Keep ESX/ESXi system properly patched | MANUAL | N/A | N/A |
| himalaya.primp-industries.com | enable-chap-auth | Ensure Bidirectional CHAP Authentication is enabled for iSCSI traffic | FAIL | N/A | Please refer to the HOST doc for further details |
| himalaya.primp-industries.com | enable-chap-auth | Ensure Bidirectional CHAP Authentication is enabled for iSCSI traffic | FAIL | N/A | CHAP should not be disabled when using iSCSI |
| himalaya.primp-industries.com | enable-chap-auth | Ensure Bidirectional CHAP Authentication is enabled for iSCSI traffic | FAIL | N/A | CHAP name should be configured |
| himalaya.primp-industries.com | vmdk-zero-out | Zero out VMDK files prior to deletion | MANUAL | N/A | Please refer to the HOST doc for further details |
| himalaya.primp-industries.com | mask-zone-san | Mask and zone SAN resources appropriately | MANUAL | N/A | Zoning and masking capabilities for each SAN switch and disk array are vendor specific as are the tools for managing LUN masking |
| himalaya.primp-industries.com | esxi-no-self-signed-certs | Do not use default self-signed certificates for ESX/ESXi communication | FAIL | N/A | VMware default SSL cert should not be used |
| himalaya.primp-industries.com | disable-mob | Disable Managed Object Browser | FAIL | N/A | https://himalaya.primp-industries.com/mob should be disabled |
| himalaya.primp-industries.com | enable-nfc-ssl | Use SSL for Network File Copy (NFC) | MANUAL | N/A | Add <nfc><useSSL>true</useSSL></nfc> to vCenter vpxd.cfg |
| himalaya.primp-industries.com | enable-remote-syslog | Configure remote syslog | PASS | N/A | N/A |
| himalaya.primp-industries.com | config-persistent-logs | Configure persistent logging | PASS | N/A | N/A |
| himalaya.primp-industries.com | enable-ad-auth | Use Active Directory for local user authentication | FAIL | N/A | Please refer to the HOST doc for further details |
| himalaya.primp-industries.com | enable-auth-proxy | When adding ESXi hosts to Active Directory use the vSphere Authentication Proxy to protect passwords | MANUAL | N/A | Please refer to the HOST doc for further details |
| himalaya.primp-industries.com | config-firewall-access | Configure the ESXi host firewall to restrict access to services running on the host | MANUAL | N/A | Please refer to the HOST doc for further details |
| himalaya.primp-industries.com | config-ntp | Configure NTP time synchronization | PASS | N/A | N/A |
| himalaya.primp-industries.com | limit-cim-access | Do not provide root/administrator level access to CIM-based hardware monitoring tools or other 3rd party applications | MANUAL | N/A | Please refer to the HOST doc for further details |
| himalaya.primp-industries.com | remove-authorized-keys | Remove keys from SSH authorized_keys file | MANUAL | N/A | Please refer to the HOST doc for further details |
| himalaya.primp-industries.com | config-snmp | Ensure proper SNMP configuration | FAIL | N/A | SNMP is not configured on the host |
| himalaya.primp-industries.com | verify-config-files | Verify contents of exposed configuration files | MANUAL | N/A | https://himalaya.primp-industries.com/host is available and should be monitored for file intergrity |
| himalaya.primp-industries.com | verify-dvfilter-bind | Prevent unintended use of VMsafe network APIs | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | verify-kernel-modules | Verify no unauthorized kernel modules are loaded on the host | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | set-password-complexity | Establish a password policy for password complexity | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | verify-admin-group | Verify Active Directory ESX Admin group membership | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | vpxuser-password-age | Ensure that vpxuser auto-password change meets policy | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | enable-lockdown-mode | Enable Lockdown Mode to restrict root access | MANUAL | N/A | Lockdown mode is not enabled |
| himalaya.primp-industries.com | disable-esxi-shell | Disable ESXi Shell unless needed for diagnostics or troubleshooting | FAIL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | disable-ssh | Disable SSH | FAIL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | disable-dcui | Disable DCUI to prevent all local administrative control | FAIL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | set-shell-timeout | Set a timeout for the ESXi Shell to automatically disabled idle sessions after a predetermined period | FAIL | N/A | Set UserVars.ESXiShellTimeOut > 0 |
| himalaya.primp-industries.com | set-shell-interactive-timeout | Set a timeout to automatically terminate idle ESXi Shell and SSH sessions | FAIL | N/A | Set UserVars.ESXiShellInteractiveTimeout > 0 |
| himalaya.primp-industries.com | enable-bpdu-filter | Enable BPDU filter on the ESXi host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled | PASS | N/A | N/A |
| himalaya.primp-industries.com | create-local-admin | Create a non-root user account for local admin access | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | set-dcui-access | Set DCUI.Access to allow trusted users to override lockdown mode | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | enable-remote-dump | Configure a centralized location to collect ESXi host core dumps | MANUAL | N/A | Please refer to HOST doc for further details |
| himalaya.primp-industries.com | enable-host-profiles | Configure Host Profiles to monitor and alert on configuration changes | MANUAL | N/A | Please refer to HOST doc for further details |
| VCENTER Report Check | 33 total checks | PASS - 3.0 % | FAIL - 3.0 % | REQUIRE MANUAL VALIDATION - 93.9 % |
| Entity | Code | Description | Status | Parameter Check | Resolution/Fix |
| reflex.primp-industries.com | use-supported-system | Maintain supported operating system database and hardware for vCenter | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | apply-os-patches | Keep vCenter Server system properly patched | MANUAL | N/A | Stay up-to-date on patches for Windows Server |
| reflex.primp-industries.com | secure-vcenter-os | Provide standard Windows system protection on the vCenter Server host | MANUAL | N/A | Provide Windows system protection |
| reflex.primp-industries.com | limit-user-login | Avoid unneeded user login to vCenter Server system | MANUAL | N/A | Self explantory |
| reflex.primp-industries.com | install-with-service-account | Install vCenter Server using a Service Account instead of a built-in Windows account | MANUAL | N/A | Setup Service Account to run vCenter service |
| reflex.primp-industries.com | restrict-admin-role | Secure the vSphere Administrator role and assign it to specific users | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | restrict-guest-control | Restrict unauthorized vSphere users from being able to execute commands within the guest virtual machine | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | restrict-Linux-clients | restrict-Linux-clients | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | check-privilege-reassignment | Check for privilege re-assignment after vCenter Server restarts | MANUAL | N/A | Please refer to vCenter doc for further details & http://kb.vmware.com/kb/1021804 |
| reflex.primp-industries.com | monitor-admin-assignment | Monitor that vCenter Server administrative users have the correct Roles assigned | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | remove-revoked-certificates | Remove revoked certificates from vCenter Server | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | remove-failed-install-logs | Clean up log files after failed installations of vCenter Server | MANUAL | N/A | Please refer to vCenter doc for further details & http://kb.vmware.com/kb/1021804 |
| reflex.primp-industries.com | no-self-signed-certs | Do not use default self-signed certificates | PASS | N/A | N/A |
| reflex.primp-industries.com | monitor-certificate-access | Monitor access to SSL certificates | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | remove-expired-certificates | Remove expired certificates from vCenter Server. | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | restrict-certificate-access | Restrict access to SSL certificates | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | verify-ssl-certificates | Always verify SSL certificates | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | thick-client-timeout | Set a timeout for thick-client login without activity | MANUAL | N/A | Set inactivity timeout for the vSphere Client (thick client) |
| reflex.primp-industries.com | restrict-network-access | Restrict network access to vCenter | MANUAL | N/A | Use a local firewall or Windows systems to protect vCenter |
| reflex.primp-industries.com | restrict-vcs-db-user | Use least privileges for the vCenter Server database user | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | block-unused-ports | Block access to ports not being used by vCenter | MANUAL | N/A | Verify ports using http://kb.vmware.com/kb/1012382 |
| reflex.primp-industries.com | disable-datastore-web | Disable datastore Web browser | MANUAL | N/A | Add <enableHttpDatastoreAccess>false</enableHttpDatastoreAccess> to vpxd.cfg |
| reflex.primp-industries.com | disable-mob | Disable Managed Object Browser | FAIL | N/A | Disable MOB by adding <enableDebugBrowse>false<enableDebugBrowse/> to vpxd.cfg |
| reflex.primp-industries.com | restrict-vum-db-user | Use least privileges for the Update Manager database user | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | limit-vum-users | Limit user login to Update Manager system | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | audit-vum-login | Audit user login to Update Manager system | MANUAL | N/A | Please refer to vCenter doc for further details |
| reflex.primp-industries.com | verify-client-plugins | Verify the Integrity of vSphere Client | MANUAL | N/A | Verify plugin extensions under Plugins->Managed Plugins on the Installed Plugins tab |
| reflex.primp-industries.com | patch-vum-os | Keep Update Manager system properly patched | MANUAL | N/A | Keep VUM patched |
| reflex.primp-industries.com | secure-vum-os | Provide standard Windows system protection on the Update Manager host | MANUAL | N/A | Provide Windows system protection |
| reflex.primp-industries.com | no-vum-self-management | Do not configure Update Manager to manage its own VM or its vCenter Server's VM | MANUAL | N/A | Self explanatory |
| reflex.primp-industries.com | no-vum-self-signed-certs | Do not use default self-signed certificates | MANUAL | N/A | Please refer to vCenter doc for further details & http://kb.vmware.com/kb/1023011 |
| reflex.primp-industries.com | isolate-vum-airgap | Limit the connectivity between Update Manager and public patch repositories | MANUAL | N/A | Please refer to the vCenter doc for further details |
| reflex.primp-industries.com | secure-vco-file-access | Restrict read access to VCO files with authentication data to administrators | MANUAL | N/A | Please refer to the vCenter doc for further details |
| VM Report Check | 357 total checks | PASS - 12.0 % | FAIL - 68.3 % | REQUIRE MANUAL VALIDATION - 19.6 % |
| Entity | Code | Description | Status | Parameter Check | Resolution/Fix |
| reflex | disable-disk-shrinking-wiper | Disable virtual disk shrinking | FAIL | isolation.tools.diskwiper.disable=true | isolation.tools.diskwiper.disable needs to be configured |
| reflex | disable-disk-shrinking-shrink | Disable virtual disk shrinking | FAIL | isolation.tools.diskshrink.disable=true | isolation.tools.diskshrink.disable needs to be configured |
| reflex | limit-console-connections-two | Limit sharing of console connections | FAIL | remotedisplay.maxconnections=2 | remotedisplay.maxconnections needs to be configured |
| reflex | disable-console-copy | Explicitly disable copy operations | FAIL | isolation.tools.copy.disable=true | isolation.tools.copy.disable needs to be configured |
| reflex | disable-console-paste | Explicitly disable paste operations | FAIL | isolation.tools.paste.disable=true | isolation.tools.paste.disable needs to be configured |
| reflex | disable-monitor-control | Disable VM Monitor Control | FAIL | isolation.monitor.control.disable=true | isolation.monitor.control.disable needs to be configured |
| reflex | disable-console-dnd | Explicitly disable copy/paste operations | FAIL | isolation.tools.dnd.disable=false | isolation.tools.dnd.disable needs to be configured |
| reflex | disable-console-gui-options | Explicitly disable copy/paste operations | FAIL | isolation.tools.setguioptions.enable=false | isolation.tools.setguioptions.enable needs to be configured |
| reflex | disconnect-devices-floppy | Disconnect unauthorized devices | PASS | VirtualFloppy | N/A |
| reflex | disconnect-devices-serial | Disconnect unauthorized devices | PASS | VirtualSerialPort | N/A |
| reflex | disconnect-devices-parallel | Disconnect unauthorized devices | PASS | VirtualParallelPort | N/A |
| reflex | disconnect-devices-usb | Disconnect unauthorized devices | PASS | VirtualUSB | N/A |
| reflex | disconnect-devices-ide | Disconnect unauthorized devices | PASS | VirtualIDEController | N/A |
| reflex | prevent-device-interaction-connect | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.connectable.disable=true | isolation.device.connectable.disable needs to be configured |
| reflex | prevent-device-interaction-edit | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.edit.disable=true | isolation.device.edit.disable needs to be configured |
| reflex | limit-setinfo-size | Limit informational messages from the VM to the VMX file | FAIL | tools.setinfo.sizelimit=1048576 | tools.setinfo.sizelimit needs to be configured |
| reflex | disable-independent-nonpersistent | Avoid using independent nonpersistent disks | PASS | N/A | N/A |
| reflex | use-secure-serial-communication | Use secure protocols for virtual serial port access | MANUAL | N/A | N/A |
| reflex | disable-unexposed-features-unitypush | Disable certain unexposed features | FAIL | isolation.tools.unity.push.update.disable=true | isolation.tools.unity.push.update.disable needs to be configured |
| reflex | disable-unexposed-features-launchmenu | Disable certain unexposed features | FAIL | isolation.tools.ghi.launchmenu.change=true | isolation.tools.ghi.launchmenu.change needs to be configured |
| reflex | disable-unexposed-features-memsfss | Disable certain unexposed features | FAIL | isolation.tools.memschedfakesamplestats.disable=true | isolation.tools.memschedfakesamplestats.disable needs to be configured |
| reflex | disable-unexposed-features-getcreds | Disable certain unexposed features | FAIL | isolation.tools.getcreds.disable=true | isolation.tools.getcreds.disable needs to be configured |
| reflex | disable-unexposed-features-autologon | Disable certain unexposed features | FAIL | isolation.tools.ghi.autologon.disable=true | isolation.tools.ghi.autologon.disable needs to be configured |
| reflex | disable-unexposed-features-biosbbs | Disable certain unexposed features | FAIL | isolation.bios.bbs.disable=true | isolation.bios.bbs.disable needs to be configured |
| reflex | disable-hgfs | Disable certain unexposed features | FAIL | isolation.tools.hgfsserverset.disable=true | isolation.tools.hgfsserverset.disable needs to be configured |
| reflex | disable-unexposed-features-protocolhandler | Disable certain unexposed features | FAIL | isolation.tools.ghi.protocolhandler.info.disable=true | isolation.tools.ghi.protocolhandler.info.disable needs to be configured |
| reflex | disable-unexposed-features-shellaction | Disable certain unexposed features | FAIL | isolation.ghi.host.shellaction.disable=true | isolation.ghi.host.shellaction.disable needs to be configured |
| reflex | disable-unexposed-features-toporequest | Disable certain unexposed features | FAIL | isolation.tools.disptoporequest.disable=true | isolation.tools.disptoporequest.disable needs to be configured |
| reflex | disable-unexposed-features-trashfolderstate | Disable certain unexposed features | FAIL | isolation.tools.trashfolderstate.disable=true | isolation.tools.trashfolderstate.disable needs to be configured |
| reflex | disable-unexposed-features-trayicon | Disable certain unexposed features | FAIL | isolation.tools.ghi.trayicon.disable=true | isolation.tools.ghi.trayicon.disable needs to be configured |
| reflex | disable-unexposed-features-unity | Disable certain unexposed features | FAIL | isolation.tools.unity.disable=true | isolation.tools.unity.disable needs to be configured |
| reflex | disable-unexposed-features-unity-interlock | Disable certain unexposed features | FAIL | isolation.tools.unityinterlockoperation.disable=true | isolation.tools.unityinterlockoperation.disable needs to be configured |
| reflex | disable-unexposed-features-unity-taskbar | Disable certain unexposed features | FAIL | isolation.tools.unity.taskbar.disable=true | isolation.tools.unity.taskbar.disable needs to be configured |
| reflex | disable-unexposed-features-unity-unityactive | Disable certain unexposed features | FAIL | isolation.tools.unityactive.disable=true | isolation.tools.unityactive.disable needs to be configured |
| reflex | disable-unexposed-features-unity-windowcontents | Disable certain unexposed features | FAIL | isolation.tools.unity.windowcontents.disable=true | isolation.tools.unity.windowcontents.disable needs to be configured |
| reflex | disable-unexposed-features-versionget | Disable certain unexposed features | FAIL | isolation.tools.vmxdndversionget.disable=true | isolation.tools.vmxdndversionget.disable needs to be configured |
| reflex | disable-unexposed-features-versionset | Disable certain unexposed features | FAIL | isolation.tools.guestdndversionset.disable=true | isolation.tools.guestdndversionset.disable needs to be configured |
| reflex | restrict-host-info | Do not send host performance information to guests | FAIL | tools.guestlib.enablehostinfo=false | tools.guestlib.enablehostinfo needs to be configured |
| reflex | disable-autoinstall | Disable tools auto install | FAIL | isolation.tools.autoinstall.disable=true | isolation.tools.autoinstall.disable needs to be configured |
| reflex | disable-logging | Disable VM logging | PASS | logging=false must be manually added to .vmx | Please refer to VM doc for further details |
| reflex | disable-vix-messages | Disable VIX messages from the VM | FAIL | isolation.tools.vixmessage.disable=true | isolation.tools.vixmessage.disable needs to be configured |
| reflex | limit-log-size | Limit VM logging | FAIL | log.rotatesize=100000 | log.rotatesize needs to be configured |
| reflex | verify-vmsafe-cpumem-enable | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.enable | Please refer to VM doc for further details |
| reflex | verify-vmsafe-cpumem-agentaddress | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentAddress | Please refer to VM doc for further details |
| reflex | verify-vmsafe-cpumem-agentport | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentPort | Please refer to VM doc for further details |
| reflex | verify-network-filter | Control access to virtual machines through VMsafe network APIs | MANUAL | N/A | Please refer to VM doc for further details |
| reflex | secure-guest-os | Secure Virtual Machines as You Would Secure Physical Machines | MANUAL | N/A | Please refer to VM doc for further details |
| reflex | disable-unnecessary-functions | Disable unnecessary or superfluous functions inside VMs | MANUAL | N/A | Please refer to VM doc for further details |
| reflex | use-vm-templates | Use Templates to deploy VMs whenever possible | MANUAL | N/A | Please refer to VM doc for further details |
| reflex | control-resource-usage | Prevent Virtual Machines from Taking Over Resources | MANUAL | N/A | Please refer to VM doc for further details |
| reflex | minimize-console-use | Minimize Use of the VM Console | MANUAL | N/A | Please refer to VM doc for further details |
| scofield | disable-disk-shrinking-wiper | Disable virtual disk shrinking | FAIL | isolation.tools.diskwiper.disable=true | isolation.tools.diskwiper.disable needs to be configured |
| scofield | disable-disk-shrinking-shrink | Disable virtual disk shrinking | FAIL | isolation.tools.diskshrink.disable=true | isolation.tools.diskshrink.disable needs to be configured |
| scofield | limit-console-connections-two | Limit sharing of console connections | FAIL | remotedisplay.maxconnections=2 | remotedisplay.maxconnections needs to be configured |
| scofield | disable-console-copy | Explicitly disable copy operations | FAIL | isolation.tools.copy.disable=true | isolation.tools.copy.disable needs to be configured |
| scofield | disable-console-paste | Explicitly disable paste operations | FAIL | isolation.tools.paste.disable=true | isolation.tools.paste.disable needs to be configured |
| scofield | disable-monitor-control | Disable VM Monitor Control | FAIL | isolation.monitor.control.disable=true | isolation.monitor.control.disable needs to be configured |
| scofield | disable-console-dnd | Explicitly disable copy/paste operations | FAIL | isolation.tools.dnd.disable=false | isolation.tools.dnd.disable needs to be configured |
| scofield | disable-console-gui-options | Explicitly disable copy/paste operations | FAIL | isolation.tools.setguioptions.enable=false | isolation.tools.setguioptions.enable needs to be configured |
| scofield | disconnect-devices-floppy | Disconnect unauthorized devices | PASS | VirtualFloppy | N/A |
| scofield | disconnect-devices-serial | Disconnect unauthorized devices | PASS | VirtualSerialPort | N/A |
| scofield | disconnect-devices-parallel | Disconnect unauthorized devices | PASS | VirtualParallelPort | N/A |
| scofield | disconnect-devices-usb | Disconnect unauthorized devices | PASS | VirtualUSB | N/A |
| scofield | disconnect-devices-ide | Disconnect unauthorized devices | PASS | VirtualIDEController | N/A |
| scofield | prevent-device-interaction-connect | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.connectable.disable=true | isolation.device.connectable.disable needs to be configured |
| scofield | prevent-device-interaction-edit | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.edit.disable=true | isolation.device.edit.disable needs to be configured |
| scofield | limit-setinfo-size | Limit informational messages from the VM to the VMX file | FAIL | tools.setinfo.sizelimit=1048576 | tools.setinfo.sizelimit needs to be configured |
| scofield | disable-independent-nonpersistent | Avoid using independent nonpersistent disks | PASS | N/A | N/A |
| scofield | use-secure-serial-communication | Use secure protocols for virtual serial port access | MANUAL | N/A | N/A |
| scofield | disable-unexposed-features-unitypush | Disable certain unexposed features | FAIL | isolation.tools.unity.push.update.disable=true | isolation.tools.unity.push.update.disable needs to be configured |
| scofield | disable-unexposed-features-launchmenu | Disable certain unexposed features | FAIL | isolation.tools.ghi.launchmenu.change=true | isolation.tools.ghi.launchmenu.change needs to be configured |
| scofield | disable-unexposed-features-memsfss | Disable certain unexposed features | FAIL | isolation.tools.memschedfakesamplestats.disable=true | isolation.tools.memschedfakesamplestats.disable needs to be configured |
| scofield | disable-unexposed-features-getcreds | Disable certain unexposed features | FAIL | isolation.tools.getcreds.disable=true | isolation.tools.getcreds.disable needs to be configured |
| scofield | disable-unexposed-features-autologon | Disable certain unexposed features | FAIL | isolation.tools.ghi.autologon.disable=true | isolation.tools.ghi.autologon.disable needs to be configured |
| scofield | disable-unexposed-features-biosbbs | Disable certain unexposed features | FAIL | isolation.bios.bbs.disable=true | isolation.bios.bbs.disable needs to be configured |
| scofield | disable-hgfs | Disable certain unexposed features | FAIL | isolation.tools.hgfsserverset.disable=true | isolation.tools.hgfsserverset.disable needs to be configured |
| scofield | disable-unexposed-features-protocolhandler | Disable certain unexposed features | FAIL | isolation.tools.ghi.protocolhandler.info.disable=true | isolation.tools.ghi.protocolhandler.info.disable needs to be configured |
| scofield | disable-unexposed-features-shellaction | Disable certain unexposed features | FAIL | isolation.ghi.host.shellaction.disable=true | isolation.ghi.host.shellaction.disable needs to be configured |
| scofield | disable-unexposed-features-toporequest | Disable certain unexposed features | FAIL | isolation.tools.disptoporequest.disable=true | isolation.tools.disptoporequest.disable needs to be configured |
| scofield | disable-unexposed-features-trashfolderstate | Disable certain unexposed features | FAIL | isolation.tools.trashfolderstate.disable=true | isolation.tools.trashfolderstate.disable needs to be configured |
| scofield | disable-unexposed-features-trayicon | Disable certain unexposed features | FAIL | isolation.tools.ghi.trayicon.disable=true | isolation.tools.ghi.trayicon.disable needs to be configured |
| scofield | disable-unexposed-features-unity | Disable certain unexposed features | FAIL | isolation.tools.unity.disable=true | isolation.tools.unity.disable needs to be configured |
| scofield | disable-unexposed-features-unity-interlock | Disable certain unexposed features | FAIL | isolation.tools.unityinterlockoperation.disable=true | isolation.tools.unityinterlockoperation.disable needs to be configured |
| scofield | disable-unexposed-features-unity-taskbar | Disable certain unexposed features | FAIL | isolation.tools.unity.taskbar.disable=true | isolation.tools.unity.taskbar.disable needs to be configured |
| scofield | disable-unexposed-features-unity-unityactive | Disable certain unexposed features | FAIL | isolation.tools.unityactive.disable=true | isolation.tools.unityactive.disable needs to be configured |
| scofield | disable-unexposed-features-unity-windowcontents | Disable certain unexposed features | FAIL | isolation.tools.unity.windowcontents.disable=true | isolation.tools.unity.windowcontents.disable needs to be configured |
| scofield | disable-unexposed-features-versionget | Disable certain unexposed features | FAIL | isolation.tools.vmxdndversionget.disable=true | isolation.tools.vmxdndversionget.disable needs to be configured |
| scofield | disable-unexposed-features-versionset | Disable certain unexposed features | FAIL | isolation.tools.guestdndversionset.disable=true | isolation.tools.guestdndversionset.disable needs to be configured |
| scofield | restrict-host-info | Do not send host performance information to guests | FAIL | tools.guestlib.enablehostinfo=false | tools.guestlib.enablehostinfo needs to be configured |
| scofield | disable-autoinstall | Disable tools auto install | FAIL | isolation.tools.autoinstall.disable=true | isolation.tools.autoinstall.disable needs to be configured |
| scofield | disable-logging | Disable VM logging | PASS | logging=false must be manually added to .vmx | Please refer to VM doc for further details |
| scofield | disable-vix-messages | Disable VIX messages from the VM | FAIL | isolation.tools.vixmessage.disable=true | isolation.tools.vixmessage.disable needs to be configured |
| scofield | limit-log-size | Limit VM logging | FAIL | log.rotatesize=100000 | log.rotatesize needs to be configured |
| scofield | verify-vmsafe-cpumem-enable | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.enable | Please refer to VM doc for further details |
| scofield | verify-vmsafe-cpumem-agentaddress | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentAddress | Please refer to VM doc for further details |
| scofield | verify-vmsafe-cpumem-agentport | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentPort | Please refer to VM doc for further details |
| scofield | verify-network-filter | Control access to virtual machines through VMsafe network APIs | MANUAL | N/A | Please refer to VM doc for further details |
| scofield | secure-guest-os | Secure Virtual Machines as You Would Secure Physical Machines | MANUAL | N/A | Please refer to VM doc for further details |
| scofield | disable-unnecessary-functions | Disable unnecessary or superfluous functions inside VMs | MANUAL | N/A | Please refer to VM doc for further details |
| scofield | use-vm-templates | Use Templates to deploy VMs whenever possible | MANUAL | N/A | Please refer to VM doc for further details |
| scofield | control-resource-usage | Prevent Virtual Machines from Taking Over Resources | MANUAL | N/A | Please refer to VM doc for further details |
| scofield | minimize-console-use | Minimize Use of the VM Console | MANUAL | N/A | Please refer to VM doc for further details |
| STA202G | disable-disk-shrinking-wiper | Disable virtual disk shrinking | FAIL | isolation.tools.diskwiper.disable=true | isolation.tools.diskwiper.disable needs to be configured |
| STA202G | disable-disk-shrinking-shrink | Disable virtual disk shrinking | FAIL | isolation.tools.diskshrink.disable=true | isolation.tools.diskshrink.disable needs to be configured |
| STA202G | limit-console-connections-two | Limit sharing of console connections | FAIL | remotedisplay.maxconnections=2 | remotedisplay.maxconnections needs to be configured |
| STA202G | disable-console-copy | Explicitly disable copy operations | FAIL | isolation.tools.copy.disable=true | isolation.tools.copy.disable needs to be configured |
| STA202G | disable-console-paste | Explicitly disable paste operations | FAIL | isolation.tools.paste.disable=true | isolation.tools.paste.disable needs to be configured |
| STA202G | disable-monitor-control | Disable VM Monitor Control | FAIL | isolation.monitor.control.disable=true | isolation.monitor.control.disable needs to be configured |
| STA202G | disable-console-dnd | Explicitly disable copy/paste operations | FAIL | isolation.tools.dnd.disable=false | isolation.tools.dnd.disable needs to be configured |
| STA202G | disable-console-gui-options | Explicitly disable copy/paste operations | FAIL | isolation.tools.setguioptions.enable=false | isolation.tools.setguioptions.enable needs to be configured |
| STA202G | disconnect-devices-floppy | Disconnect unauthorized devices | FAIL | VirtualFloppy | VM contains VirtualFloppy |
| STA202G | disconnect-devices-serial | Disconnect unauthorized devices | PASS | VirtualSerialPort | N/A |
| STA202G | disconnect-devices-parallel | Disconnect unauthorized devices | PASS | VirtualParallelPort | N/A |
| STA202G | disconnect-devices-usb | Disconnect unauthorized devices | PASS | VirtualUSB | N/A |
| STA202G | disconnect-devices-ide | Disconnect unauthorized devices | PASS | VirtualIDEController | N/A |
| STA202G | prevent-device-interaction-connect | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.connectable.disable=true | isolation.device.connectable.disable needs to be configured |
| STA202G | prevent-device-interaction-edit | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.edit.disable=true | isolation.device.edit.disable needs to be configured |
| STA202G | limit-setinfo-size | Limit informational messages from the VM to the VMX file | FAIL | tools.setinfo.sizelimit=1048576 | tools.setinfo.sizelimit needs to be configured |
| STA202G | disable-independent-nonpersistent | Avoid using independent nonpersistent disks | PASS | N/A | N/A |
| STA202G | use-secure-serial-communication | Use secure protocols for virtual serial port access | MANUAL | N/A | N/A |
| STA202G | disable-unexposed-features-unitypush | Disable certain unexposed features | FAIL | isolation.tools.unity.push.update.disable=true | isolation.tools.unity.push.update.disable needs to be configured |
| STA202G | disable-unexposed-features-launchmenu | Disable certain unexposed features | FAIL | isolation.tools.ghi.launchmenu.change=true | isolation.tools.ghi.launchmenu.change needs to be configured |
| STA202G | disable-unexposed-features-memsfss | Disable certain unexposed features | FAIL | isolation.tools.memschedfakesamplestats.disable=true | isolation.tools.memschedfakesamplestats.disable needs to be configured |
| STA202G | disable-unexposed-features-getcreds | Disable certain unexposed features | FAIL | isolation.tools.getcreds.disable=true | isolation.tools.getcreds.disable needs to be configured |
| STA202G | disable-unexposed-features-autologon | Disable certain unexposed features | FAIL | isolation.tools.ghi.autologon.disable=true | isolation.tools.ghi.autologon.disable needs to be configured |
| STA202G | disable-unexposed-features-biosbbs | Disable certain unexposed features | FAIL | isolation.bios.bbs.disable=true | isolation.bios.bbs.disable needs to be configured |
| STA202G | disable-hgfs | Disable certain unexposed features | FAIL | isolation.tools.hgfsserverset.disable=true | isolation.tools.hgfsserverset.disable needs to be configured |
| STA202G | disable-unexposed-features-protocolhandler | Disable certain unexposed features | FAIL | isolation.tools.ghi.protocolhandler.info.disable=true | isolation.tools.ghi.protocolhandler.info.disable needs to be configured |
| STA202G | disable-unexposed-features-shellaction | Disable certain unexposed features | FAIL | isolation.ghi.host.shellaction.disable=true | isolation.ghi.host.shellaction.disable needs to be configured |
| STA202G | disable-unexposed-features-toporequest | Disable certain unexposed features | FAIL | isolation.tools.disptoporequest.disable=true | isolation.tools.disptoporequest.disable needs to be configured |
| STA202G | disable-unexposed-features-trashfolderstate | Disable certain unexposed features | FAIL | isolation.tools.trashfolderstate.disable=true | isolation.tools.trashfolderstate.disable needs to be configured |
| STA202G | disable-unexposed-features-trayicon | Disable certain unexposed features | FAIL | isolation.tools.ghi.trayicon.disable=true | isolation.tools.ghi.trayicon.disable needs to be configured |
| STA202G | disable-unexposed-features-unity | Disable certain unexposed features | FAIL | isolation.tools.unity.disable=true | isolation.tools.unity.disable needs to be configured |
| STA202G | disable-unexposed-features-unity-interlock | Disable certain unexposed features | FAIL | isolation.tools.unityinterlockoperation.disable=true | isolation.tools.unityinterlockoperation.disable needs to be configured |
| STA202G | disable-unexposed-features-unity-taskbar | Disable certain unexposed features | FAIL | isolation.tools.unity.taskbar.disable=true | isolation.tools.unity.taskbar.disable needs to be configured |
| STA202G | disable-unexposed-features-unity-unityactive | Disable certain unexposed features | FAIL | isolation.tools.unityactive.disable=true | isolation.tools.unityactive.disable needs to be configured |
| STA202G | disable-unexposed-features-unity-windowcontents | Disable certain unexposed features | FAIL | isolation.tools.unity.windowcontents.disable=true | isolation.tools.unity.windowcontents.disable needs to be configured |
| STA202G | disable-unexposed-features-versionget | Disable certain unexposed features | FAIL | isolation.tools.vmxdndversionget.disable=true | isolation.tools.vmxdndversionget.disable needs to be configured |
| STA202G | disable-unexposed-features-versionset | Disable certain unexposed features | FAIL | isolation.tools.guestdndversionset.disable=true | isolation.tools.guestdndversionset.disable needs to be configured |
| STA202G | restrict-host-info | Do not send host performance information to guests | FAIL | tools.guestlib.enablehostinfo=false | tools.guestlib.enablehostinfo needs to be configured |
| STA202G | disable-autoinstall | Disable tools auto install | FAIL | isolation.tools.autoinstall.disable=true | isolation.tools.autoinstall.disable needs to be configured |
| STA202G | disable-logging | Disable VM logging | PASS | logging=false must be manually added to .vmx | Please refer to VM doc for further details |
| STA202G | disable-vix-messages | Disable VIX messages from the VM | FAIL | isolation.tools.vixmessage.disable=true | isolation.tools.vixmessage.disable needs to be configured |
| STA202G | limit-log-size | Limit VM logging | FAIL | log.rotatesize=100000 | log.rotatesize needs to be configured |
| STA202G | verify-vmsafe-cpumem-enable | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.enable | Please refer to VM doc for further details |
| STA202G | verify-vmsafe-cpumem-agentaddress | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentAddress | Please refer to VM doc for further details |
| STA202G | verify-vmsafe-cpumem-agentport | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentPort | Please refer to VM doc for further details |
| STA202G | verify-network-filter | Control access to virtual machines through VMsafe network APIs | MANUAL | N/A | Please refer to VM doc for further details |
| STA202G | secure-guest-os | Secure Virtual Machines as You Would Secure Physical Machines | MANUAL | N/A | Please refer to VM doc for further details |
| STA202G | disable-unnecessary-functions | Disable unnecessary or superfluous functions inside VMs | MANUAL | N/A | Please refer to VM doc for further details |
| STA202G | use-vm-templates | Use Templates to deploy VMs whenever possible | MANUAL | N/A | Please refer to VM doc for further details |
| STA202G | control-resource-usage | Prevent Virtual Machines from Taking Over Resources | MANUAL | N/A | Please refer to VM doc for further details |
| STA202G | minimize-console-use | Minimize Use of the VM Console | MANUAL | N/A | Please refer to VM doc for further details |
| Synapse | disable-disk-shrinking-wiper | Disable virtual disk shrinking | FAIL | isolation.tools.diskwiper.disable=true | isolation.tools.diskwiper.disable needs to be configured |
| Synapse | disable-disk-shrinking-shrink | Disable virtual disk shrinking | FAIL | isolation.tools.diskshrink.disable=true | isolation.tools.diskshrink.disable needs to be configured |
| Synapse | limit-console-connections-two | Limit sharing of console connections | FAIL | remotedisplay.maxconnections=2 | remotedisplay.maxconnections needs to be configured |
| Synapse | disable-console-copy | Explicitly disable copy operations | FAIL | isolation.tools.copy.disable=true | isolation.tools.copy.disable needs to be configured |
| Synapse | disable-console-paste | Explicitly disable paste operations | FAIL | isolation.tools.paste.disable=true | isolation.tools.paste.disable needs to be configured |
| Synapse | disable-monitor-control | Disable VM Monitor Control | FAIL | isolation.monitor.control.disable=true | isolation.monitor.control.disable needs to be configured |
| Synapse | disable-console-dnd | Explicitly disable copy/paste operations | FAIL | isolation.tools.dnd.disable=false | isolation.tools.dnd.disable needs to be configured |
| Synapse | disable-console-gui-options | Explicitly disable copy/paste operations | FAIL | isolation.tools.setguioptions.enable=false | isolation.tools.setguioptions.enable needs to be configured |
| Synapse | disconnect-devices-floppy | Disconnect unauthorized devices | PASS | VirtualFloppy | N/A |
| Synapse | disconnect-devices-serial | Disconnect unauthorized devices | PASS | VirtualSerialPort | N/A |
| Synapse | disconnect-devices-parallel | Disconnect unauthorized devices | PASS | VirtualParallelPort | N/A |
| Synapse | disconnect-devices-usb | Disconnect unauthorized devices | PASS | VirtualUSB | N/A |
| Synapse | disconnect-devices-ide | Disconnect unauthorized devices | FAIL | VirtualIDEController | VM contains VirtualIDEController |
| Synapse | prevent-device-interaction-connect | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.connectable.disable=true | isolation.device.connectable.disable needs to be configured |
| Synapse | prevent-device-interaction-edit | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.edit.disable=true | isolation.device.edit.disable needs to be configured |
| Synapse | limit-setinfo-size | Limit informational messages from the VM to the VMX file | FAIL | tools.setinfo.sizelimit=1048576 | tools.setinfo.sizelimit needs to be configured |
| Synapse | disable-independent-nonpersistent | Avoid using independent nonpersistent disks | PASS | N/A | N/A |
| Synapse | use-secure-serial-communication | Use secure protocols for virtual serial port access | MANUAL | N/A | N/A |
| Synapse | disable-unexposed-features-unitypush | Disable certain unexposed features | FAIL | isolation.tools.unity.push.update.disable=true | isolation.tools.unity.push.update.disable needs to be configured |
| Synapse | disable-unexposed-features-launchmenu | Disable certain unexposed features | FAIL | isolation.tools.ghi.launchmenu.change=true | isolation.tools.ghi.launchmenu.change needs to be configured |
| Synapse | disable-unexposed-features-memsfss | Disable certain unexposed features | FAIL | isolation.tools.memschedfakesamplestats.disable=true | isolation.tools.memschedfakesamplestats.disable needs to be configured |
| Synapse | disable-unexposed-features-getcreds | Disable certain unexposed features | FAIL | isolation.tools.getcreds.disable=true | isolation.tools.getcreds.disable needs to be configured |
| Synapse | disable-unexposed-features-autologon | Disable certain unexposed features | FAIL | isolation.tools.ghi.autologon.disable=true | isolation.tools.ghi.autologon.disable needs to be configured |
| Synapse | disable-unexposed-features-biosbbs | Disable certain unexposed features | FAIL | isolation.bios.bbs.disable=true | isolation.bios.bbs.disable needs to be configured |
| Synapse | disable-hgfs | Disable certain unexposed features | FAIL | isolation.tools.hgfsserverset.disable=true | isolation.tools.hgfsserverset.disable needs to be configured |
| Synapse | disable-unexposed-features-protocolhandler | Disable certain unexposed features | FAIL | isolation.tools.ghi.protocolhandler.info.disable=true | isolation.tools.ghi.protocolhandler.info.disable needs to be configured |
| Synapse | disable-unexposed-features-shellaction | Disable certain unexposed features | FAIL | isolation.ghi.host.shellaction.disable=true | isolation.ghi.host.shellaction.disable needs to be configured |
| Synapse | disable-unexposed-features-toporequest | Disable certain unexposed features | FAIL | isolation.tools.disptoporequest.disable=true | isolation.tools.disptoporequest.disable needs to be configured |
| Synapse | disable-unexposed-features-trashfolderstate | Disable certain unexposed features | FAIL | isolation.tools.trashfolderstate.disable=true | isolation.tools.trashfolderstate.disable needs to be configured |
| Synapse | disable-unexposed-features-trayicon | Disable certain unexposed features | FAIL | isolation.tools.ghi.trayicon.disable=true | isolation.tools.ghi.trayicon.disable needs to be configured |
| Synapse | disable-unexposed-features-unity | Disable certain unexposed features | FAIL | isolation.tools.unity.disable=true | isolation.tools.unity.disable needs to be configured |
| Synapse | disable-unexposed-features-unity-interlock | Disable certain unexposed features | FAIL | isolation.tools.unityinterlockoperation.disable=true | isolation.tools.unityinterlockoperation.disable needs to be configured |
| Synapse | disable-unexposed-features-unity-taskbar | Disable certain unexposed features | FAIL | isolation.tools.unity.taskbar.disable=true | isolation.tools.unity.taskbar.disable needs to be configured |
| Synapse | disable-unexposed-features-unity-unityactive | Disable certain unexposed features | FAIL | isolation.tools.unityactive.disable=true | isolation.tools.unityactive.disable needs to be configured |
| Synapse | disable-unexposed-features-unity-windowcontents | Disable certain unexposed features | FAIL | isolation.tools.unity.windowcontents.disable=true | isolation.tools.unity.windowcontents.disable needs to be configured |
| Synapse | disable-unexposed-features-versionget | Disable certain unexposed features | FAIL | isolation.tools.vmxdndversionget.disable=true | isolation.tools.vmxdndversionget.disable needs to be configured |
| Synapse | disable-unexposed-features-versionset | Disable certain unexposed features | FAIL | isolation.tools.guestdndversionset.disable=true | isolation.tools.guestdndversionset.disable needs to be configured |
| Synapse | restrict-host-info | Do not send host performance information to guests | FAIL | tools.guestlib.enablehostinfo=false | tools.guestlib.enablehostinfo needs to be configured |
| Synapse | disable-autoinstall | Disable tools auto install | FAIL | isolation.tools.autoinstall.disable=true | isolation.tools.autoinstall.disable needs to be configured |
| Synapse | disable-logging | Disable VM logging | PASS | logging=false must be manually added to .vmx | Please refer to VM doc for further details |
| Synapse | disable-vix-messages | Disable VIX messages from the VM | FAIL | isolation.tools.vixmessage.disable=true | isolation.tools.vixmessage.disable needs to be configured |
| Synapse | limit-log-size | Limit VM logging | FAIL | log.rotatesize=100000 | log.rotatesize needs to be configured |
| Synapse | verify-vmsafe-cpumem-enable | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.enable | Please refer to VM doc for further details |
| Synapse | verify-vmsafe-cpumem-agentaddress | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentAddress | Please refer to VM doc for further details |
| Synapse | verify-vmsafe-cpumem-agentport | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentPort | Please refer to VM doc for further details |
| Synapse | verify-network-filter | Control access to virtual machines through VMsafe network APIs | MANUAL | N/A | Please refer to VM doc for further details |
| Synapse | secure-guest-os | Secure Virtual Machines as You Would Secure Physical Machines | MANUAL | N/A | Please refer to VM doc for further details |
| Synapse | disable-unnecessary-functions | Disable unnecessary or superfluous functions inside VMs | MANUAL | N/A | Please refer to VM doc for further details |
| Synapse | use-vm-templates | Use Templates to deploy VMs whenever possible | MANUAL | N/A | Please refer to VM doc for further details |
| Synapse | control-resource-usage | Prevent Virtual Machines from Taking Over Resources | MANUAL | N/A | Please refer to VM doc for further details |
| Synapse | minimize-console-use | Minimize Use of the VM Console | MANUAL | N/A | Please refer to VM doc for further details |
| UbuntuDev | disable-disk-shrinking-wiper | Disable virtual disk shrinking | FAIL | isolation.tools.diskwiper.disable=true | isolation.tools.diskwiper.disable needs to be configured |
| UbuntuDev | disable-disk-shrinking-shrink | Disable virtual disk shrinking | FAIL | isolation.tools.diskshrink.disable=true | isolation.tools.diskshrink.disable needs to be configured |
| UbuntuDev | limit-console-connections-two | Limit sharing of console connections | FAIL | remotedisplay.maxconnections=2 | remotedisplay.maxconnections needs to be configured |
| UbuntuDev | disable-console-copy | Explicitly disable copy operations | FAIL | isolation.tools.copy.disable=true | isolation.tools.copy.disable needs to be configured |
| UbuntuDev | disable-console-paste | Explicitly disable paste operations | FAIL | isolation.tools.paste.disable=true | isolation.tools.paste.disable needs to be configured |
| UbuntuDev | disable-monitor-control | Disable VM Monitor Control | FAIL | isolation.monitor.control.disable=true | isolation.monitor.control.disable needs to be configured |
| UbuntuDev | disable-console-dnd | Explicitly disable copy/paste operations | FAIL | isolation.tools.dnd.disable=false | isolation.tools.dnd.disable needs to be configured |
| UbuntuDev | disable-console-gui-options | Explicitly disable copy/paste operations | FAIL | isolation.tools.setguioptions.enable=false | isolation.tools.setguioptions.enable needs to be configured |
| UbuntuDev | disconnect-devices-floppy | Disconnect unauthorized devices | FAIL | VirtualFloppy | VM contains VirtualFloppy |
| UbuntuDev | disconnect-devices-serial | Disconnect unauthorized devices | PASS | VirtualSerialPort | N/A |
| UbuntuDev | disconnect-devices-parallel | Disconnect unauthorized devices | PASS | VirtualParallelPort | N/A |
| UbuntuDev | disconnect-devices-usb | Disconnect unauthorized devices | PASS | VirtualUSB | N/A |
| UbuntuDev | disconnect-devices-ide | Disconnect unauthorized devices | FAIL | VirtualIDEController | VM contains VirtualIDEController |
| UbuntuDev | prevent-device-interaction-connect | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.connectable.disable=true | isolation.device.connectable.disable needs to be configured |
| UbuntuDev | prevent-device-interaction-edit | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.edit.disable=true | isolation.device.edit.disable needs to be configured |
| UbuntuDev | limit-setinfo-size | Limit informational messages from the VM to the VMX file | FAIL | tools.setinfo.sizelimit=1048576 | tools.setinfo.sizelimit needs to be configured |
| UbuntuDev | disable-independent-nonpersistent | Avoid using independent nonpersistent disks | PASS | N/A | N/A |
| UbuntuDev | use-secure-serial-communication | Use secure protocols for virtual serial port access | MANUAL | N/A | N/A |
| UbuntuDev | disable-unexposed-features-unitypush | Disable certain unexposed features | FAIL | isolation.tools.unity.push.update.disable=true | isolation.tools.unity.push.update.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-launchmenu | Disable certain unexposed features | FAIL | isolation.tools.ghi.launchmenu.change=true | isolation.tools.ghi.launchmenu.change needs to be configured |
| UbuntuDev | disable-unexposed-features-memsfss | Disable certain unexposed features | FAIL | isolation.tools.memschedfakesamplestats.disable=true | isolation.tools.memschedfakesamplestats.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-getcreds | Disable certain unexposed features | FAIL | isolation.tools.getcreds.disable=true | isolation.tools.getcreds.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-autologon | Disable certain unexposed features | FAIL | isolation.tools.ghi.autologon.disable=true | isolation.tools.ghi.autologon.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-biosbbs | Disable certain unexposed features | FAIL | isolation.bios.bbs.disable=true | isolation.bios.bbs.disable needs to be configured |
| UbuntuDev | disable-hgfs | Disable certain unexposed features | FAIL | isolation.tools.hgfsserverset.disable=true | isolation.tools.hgfsserverset.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-protocolhandler | Disable certain unexposed features | FAIL | isolation.tools.ghi.protocolhandler.info.disable=true | isolation.tools.ghi.protocolhandler.info.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-shellaction | Disable certain unexposed features | FAIL | isolation.ghi.host.shellaction.disable=true | isolation.ghi.host.shellaction.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-toporequest | Disable certain unexposed features | FAIL | isolation.tools.disptoporequest.disable=true | isolation.tools.disptoporequest.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-trashfolderstate | Disable certain unexposed features | FAIL | isolation.tools.trashfolderstate.disable=true | isolation.tools.trashfolderstate.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-trayicon | Disable certain unexposed features | FAIL | isolation.tools.ghi.trayicon.disable=true | isolation.tools.ghi.trayicon.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-unity | Disable certain unexposed features | FAIL | isolation.tools.unity.disable=true | isolation.tools.unity.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-unity-interlock | Disable certain unexposed features | FAIL | isolation.tools.unityinterlockoperation.disable=true | isolation.tools.unityinterlockoperation.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-unity-taskbar | Disable certain unexposed features | FAIL | isolation.tools.unity.taskbar.disable=true | isolation.tools.unity.taskbar.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-unity-unityactive | Disable certain unexposed features | FAIL | isolation.tools.unityactive.disable=true | isolation.tools.unityactive.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-unity-windowcontents | Disable certain unexposed features | FAIL | isolation.tools.unity.windowcontents.disable=true | isolation.tools.unity.windowcontents.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-versionget | Disable certain unexposed features | FAIL | isolation.tools.vmxdndversionget.disable=true | isolation.tools.vmxdndversionget.disable needs to be configured |
| UbuntuDev | disable-unexposed-features-versionset | Disable certain unexposed features | FAIL | isolation.tools.guestdndversionset.disable=true | isolation.tools.guestdndversionset.disable needs to be configured |
| UbuntuDev | restrict-host-info | Do not send host performance information to guests | FAIL | tools.guestlib.enablehostinfo=false | tools.guestlib.enablehostinfo needs to be configured |
| UbuntuDev | disable-autoinstall | Disable tools auto install | FAIL | isolation.tools.autoinstall.disable=true | isolation.tools.autoinstall.disable needs to be configured |
| UbuntuDev | disable-logging | Disable VM logging | PASS | logging=false must be manually added to .vmx | Please refer to VM doc for further details |
| UbuntuDev | disable-vix-messages | Disable VIX messages from the VM | FAIL | isolation.tools.vixmessage.disable=true | isolation.tools.vixmessage.disable needs to be configured |
| UbuntuDev | limit-log-size | Limit VM logging | FAIL | log.rotatesize=100000 | log.rotatesize needs to be configured |
| UbuntuDev | verify-vmsafe-cpumem-enable | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.enable | Please refer to VM doc for further details |
| UbuntuDev | verify-vmsafe-cpumem-agentaddress | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentAddress | Please refer to VM doc for further details |
| UbuntuDev | verify-vmsafe-cpumem-agentport | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentPort | Please refer to VM doc for further details |
| UbuntuDev | verify-network-filter | Control access to virtual machines through VMsafe network APIs | MANUAL | N/A | Please refer to VM doc for further details |
| UbuntuDev | secure-guest-os | Secure Virtual Machines as You Would Secure Physical Machines | MANUAL | N/A | Please refer to VM doc for further details |
| UbuntuDev | disable-unnecessary-functions | Disable unnecessary or superfluous functions inside VMs | MANUAL | N/A | Please refer to VM doc for further details |
| UbuntuDev | use-vm-templates | Use Templates to deploy VMs whenever possible | MANUAL | N/A | Please refer to VM doc for further details |
| UbuntuDev | control-resource-usage | Prevent Virtual Machines from Taking Over Resources | MANUAL | N/A | Please refer to VM doc for further details |
| UbuntuDev | minimize-console-use | Minimize Use of the VM Console | MANUAL | N/A | Please refer to VM doc for further details |
| VCAC-5.1 | disable-disk-shrinking-wiper | Disable virtual disk shrinking | FAIL | isolation.tools.diskwiper.disable=true | isolation.tools.diskwiper.disable needs to be configured |
| VCAC-5.1 | disable-disk-shrinking-shrink | Disable virtual disk shrinking | FAIL | isolation.tools.diskshrink.disable=true | isolation.tools.diskshrink.disable needs to be configured |
| VCAC-5.1 | limit-console-connections-two | Limit sharing of console connections | FAIL | remotedisplay.maxconnections=2 | remotedisplay.maxconnections needs to be configured |
| VCAC-5.1 | disable-console-copy | Explicitly disable copy operations | FAIL | isolation.tools.copy.disable=true | isolation.tools.copy.disable needs to be configured |
| VCAC-5.1 | disable-console-paste | Explicitly disable paste operations | FAIL | isolation.tools.paste.disable=true | isolation.tools.paste.disable needs to be configured |
| VCAC-5.1 | disable-monitor-control | Disable VM Monitor Control | FAIL | isolation.monitor.control.disable=true | isolation.monitor.control.disable needs to be configured |
| VCAC-5.1 | disable-console-dnd | Explicitly disable copy/paste operations | FAIL | isolation.tools.dnd.disable=false | isolation.tools.dnd.disable needs to be configured |
| VCAC-5.1 | disable-console-gui-options | Explicitly disable copy/paste operations | FAIL | isolation.tools.setguioptions.enable=false | isolation.tools.setguioptions.enable needs to be configured |
| VCAC-5.1 | disconnect-devices-floppy | Disconnect unauthorized devices | FAIL | VirtualFloppy | VM contains VirtualFloppy |
| VCAC-5.1 | disconnect-devices-serial | Disconnect unauthorized devices | PASS | VirtualSerialPort | N/A |
| VCAC-5.1 | disconnect-devices-parallel | Disconnect unauthorized devices | PASS | VirtualParallelPort | N/A |
| VCAC-5.1 | disconnect-devices-usb | Disconnect unauthorized devices | PASS | VirtualUSB | N/A |
| VCAC-5.1 | disconnect-devices-ide | Disconnect unauthorized devices | FAIL | VirtualIDEController | VM contains VirtualIDEController |
| VCAC-5.1 | prevent-device-interaction-connect | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.connectable.disable=true | isolation.device.connectable.disable needs to be configured |
| VCAC-5.1 | prevent-device-interaction-edit | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.edit.disable=true | isolation.device.edit.disable needs to be configured |
| VCAC-5.1 | limit-setinfo-size | Limit informational messages from the VM to the VMX file | FAIL | tools.setinfo.sizelimit=1048576 | tools.setinfo.sizelimit needs to be configured |
| VCAC-5.1 | disable-independent-nonpersistent | Avoid using independent nonpersistent disks | PASS | N/A | N/A |
| VCAC-5.1 | use-secure-serial-communication | Use secure protocols for virtual serial port access | MANUAL | N/A | N/A |
| VCAC-5.1 | disable-unexposed-features-unitypush | Disable certain unexposed features | FAIL | isolation.tools.unity.push.update.disable=true | isolation.tools.unity.push.update.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-launchmenu | Disable certain unexposed features | FAIL | isolation.tools.ghi.launchmenu.change=true | isolation.tools.ghi.launchmenu.change needs to be configured |
| VCAC-5.1 | disable-unexposed-features-memsfss | Disable certain unexposed features | FAIL | isolation.tools.memschedfakesamplestats.disable=true | isolation.tools.memschedfakesamplestats.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-getcreds | Disable certain unexposed features | FAIL | isolation.tools.getcreds.disable=true | isolation.tools.getcreds.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-autologon | Disable certain unexposed features | FAIL | isolation.tools.ghi.autologon.disable=true | isolation.tools.ghi.autologon.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-biosbbs | Disable certain unexposed features | FAIL | isolation.bios.bbs.disable=true | isolation.bios.bbs.disable needs to be configured |
| VCAC-5.1 | disable-hgfs | Disable certain unexposed features | FAIL | isolation.tools.hgfsserverset.disable=true | isolation.tools.hgfsserverset.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-protocolhandler | Disable certain unexposed features | FAIL | isolation.tools.ghi.protocolhandler.info.disable=true | isolation.tools.ghi.protocolhandler.info.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-shellaction | Disable certain unexposed features | FAIL | isolation.ghi.host.shellaction.disable=true | isolation.ghi.host.shellaction.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-toporequest | Disable certain unexposed features | FAIL | isolation.tools.disptoporequest.disable=true | isolation.tools.disptoporequest.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-trashfolderstate | Disable certain unexposed features | FAIL | isolation.tools.trashfolderstate.disable=true | isolation.tools.trashfolderstate.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-trayicon | Disable certain unexposed features | FAIL | isolation.tools.ghi.trayicon.disable=true | isolation.tools.ghi.trayicon.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-unity | Disable certain unexposed features | FAIL | isolation.tools.unity.disable=true | isolation.tools.unity.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-unity-interlock | Disable certain unexposed features | FAIL | isolation.tools.unityinterlockoperation.disable=true | isolation.tools.unityinterlockoperation.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-unity-taskbar | Disable certain unexposed features | FAIL | isolation.tools.unity.taskbar.disable=true | isolation.tools.unity.taskbar.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-unity-unityactive | Disable certain unexposed features | FAIL | isolation.tools.unityactive.disable=true | isolation.tools.unityactive.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-unity-windowcontents | Disable certain unexposed features | FAIL | isolation.tools.unity.windowcontents.disable=true | isolation.tools.unity.windowcontents.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-versionget | Disable certain unexposed features | FAIL | isolation.tools.vmxdndversionget.disable=true | isolation.tools.vmxdndversionget.disable needs to be configured |
| VCAC-5.1 | disable-unexposed-features-versionset | Disable certain unexposed features | FAIL | isolation.tools.guestdndversionset.disable=true | isolation.tools.guestdndversionset.disable needs to be configured |
| VCAC-5.1 | restrict-host-info | Do not send host performance information to guests | FAIL | tools.guestlib.enablehostinfo=false | tools.guestlib.enablehostinfo needs to be configured |
| VCAC-5.1 | disable-autoinstall | Disable tools auto install | FAIL | isolation.tools.autoinstall.disable=true | isolation.tools.autoinstall.disable needs to be configured |
| VCAC-5.1 | disable-logging | Disable VM logging | PASS | logging=false must be manually added to .vmx | Please refer to VM doc for further details |
| VCAC-5.1 | disable-vix-messages | Disable VIX messages from the VM | FAIL | isolation.tools.vixmessage.disable=true | isolation.tools.vixmessage.disable needs to be configured |
| VCAC-5.1 | limit-log-size | Limit VM logging | FAIL | log.rotatesize=100000 | log.rotatesize needs to be configured |
| VCAC-5.1 | verify-vmsafe-cpumem-enable | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.enable | Please refer to VM doc for further details |
| VCAC-5.1 | verify-vmsafe-cpumem-agentaddress | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentAddress | Please refer to VM doc for further details |
| VCAC-5.1 | verify-vmsafe-cpumem-agentport | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentPort | Please refer to VM doc for further details |
| VCAC-5.1 | verify-network-filter | Control access to virtual machines through VMsafe network APIs | MANUAL | N/A | Please refer to VM doc for further details |
| VCAC-5.1 | secure-guest-os | Secure Virtual Machines as You Would Secure Physical Machines | MANUAL | N/A | Please refer to VM doc for further details |
| VCAC-5.1 | disable-unnecessary-functions | Disable unnecessary or superfluous functions inside VMs | MANUAL | N/A | Please refer to VM doc for further details |
| VCAC-5.1 | use-vm-templates | Use Templates to deploy VMs whenever possible | MANUAL | N/A | Please refer to VM doc for further details |
| VCAC-5.1 | control-resource-usage | Prevent Virtual Machines from Taking Over Resources | MANUAL | N/A | Please refer to VM doc for further details |
| VCAC-5.1 | minimize-console-use | Minimize Use of the VM Console | MANUAL | N/A | Please refer to VM doc for further details |
| William-XP | disable-disk-shrinking-wiper | Disable virtual disk shrinking | FAIL | isolation.tools.diskwiper.disable=true | isolation.tools.diskwiper.disable needs to be configured |
| William-XP | disable-disk-shrinking-shrink | Disable virtual disk shrinking | FAIL | isolation.tools.diskshrink.disable=true | isolation.tools.diskshrink.disable needs to be configured |
| William-XP | limit-console-connections-two | Limit sharing of console connections | FAIL | remotedisplay.maxconnections=2 | remotedisplay.maxconnections needs to be configured |
| William-XP | disable-console-copy | Explicitly disable copy operations | FAIL | isolation.tools.copy.disable=true | isolation.tools.copy.disable needs to be configured |
| William-XP | disable-console-paste | Explicitly disable paste operations | FAIL | isolation.tools.paste.disable=true | isolation.tools.paste.disable needs to be configured |
| William-XP | disable-monitor-control | Disable VM Monitor Control | FAIL | isolation.monitor.control.disable=true | isolation.monitor.control.disable needs to be configured |
| William-XP | disable-console-dnd | Explicitly disable copy/paste operations | FAIL | isolation.tools.dnd.disable=false | isolation.tools.dnd.disable needs to be configured |
| William-XP | disable-console-gui-options | Explicitly disable copy/paste operations | FAIL | isolation.tools.setguioptions.enable=false | isolation.tools.setguioptions.enable needs to be configured |
| William-XP | disconnect-devices-floppy | Disconnect unauthorized devices | PASS | VirtualFloppy | N/A |
| William-XP | disconnect-devices-serial | Disconnect unauthorized devices | PASS | VirtualSerialPort | N/A |
| William-XP | disconnect-devices-parallel | Disconnect unauthorized devices | PASS | VirtualParallelPort | N/A |
| William-XP | disconnect-devices-usb | Disconnect unauthorized devices | PASS | VirtualUSB | N/A |
| William-XP | disconnect-devices-ide | Disconnect unauthorized devices | PASS | VirtualIDEController | N/A |
| William-XP | prevent-device-interaction-connect | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.connectable.disable=true | isolation.device.connectable.disable needs to be configured |
| William-XP | prevent-device-interaction-edit | Prevent unauthorized removal connection and modification of devices | FAIL | isolation.device.edit.disable=true | isolation.device.edit.disable needs to be configured |
| William-XP | limit-setinfo-size | Limit informational messages from the VM to the VMX file | FAIL | tools.setinfo.sizelimit=1048576 | tools.setinfo.sizelimit needs to be configured |
| William-XP | disable-independent-nonpersistent | Avoid using independent nonpersistent disks | PASS | N/A | N/A |
| William-XP | use-secure-serial-communication | Use secure protocols for virtual serial port access | MANUAL | N/A | N/A |
| William-XP | disable-unexposed-features-unitypush | Disable certain unexposed features | FAIL | isolation.tools.unity.push.update.disable=true | isolation.tools.unity.push.update.disable needs to be configured |
| William-XP | disable-unexposed-features-launchmenu | Disable certain unexposed features | FAIL | isolation.tools.ghi.launchmenu.change=true | isolation.tools.ghi.launchmenu.change needs to be configured |
| William-XP | disable-unexposed-features-memsfss | Disable certain unexposed features | FAIL | isolation.tools.memschedfakesamplestats.disable=true | isolation.tools.memschedfakesamplestats.disable needs to be configured |
| William-XP | disable-unexposed-features-getcreds | Disable certain unexposed features | FAIL | isolation.tools.getcreds.disable=true | isolation.tools.getcreds.disable needs to be configured |
| William-XP | disable-unexposed-features-autologon | Disable certain unexposed features | FAIL | isolation.tools.ghi.autologon.disable=true | isolation.tools.ghi.autologon.disable needs to be configured |
| William-XP | disable-unexposed-features-biosbbs | Disable certain unexposed features | FAIL | isolation.bios.bbs.disable=true | isolation.bios.bbs.disable needs to be configured |
| William-XP | disable-hgfs | Disable certain unexposed features | FAIL | isolation.tools.hgfsserverset.disable=true | isolation.tools.hgfsserverset.disable needs to be configured |
| William-XP | disable-unexposed-features-protocolhandler | Disable certain unexposed features | FAIL | isolation.tools.ghi.protocolhandler.info.disable=true | isolation.tools.ghi.protocolhandler.info.disable needs to be configured |
| William-XP | disable-unexposed-features-shellaction | Disable certain unexposed features | FAIL | isolation.ghi.host.shellaction.disable=true | isolation.ghi.host.shellaction.disable needs to be configured |
| William-XP | disable-unexposed-features-toporequest | Disable certain unexposed features | FAIL | isolation.tools.disptoporequest.disable=true | isolation.tools.disptoporequest.disable needs to be configured |
| William-XP | disable-unexposed-features-trashfolderstate | Disable certain unexposed features | FAIL | isolation.tools.trashfolderstate.disable=true | isolation.tools.trashfolderstate.disable needs to be configured |
| William-XP | disable-unexposed-features-trayicon | Disable certain unexposed features | FAIL | isolation.tools.ghi.trayicon.disable=true | isolation.tools.ghi.trayicon.disable needs to be configured |
| William-XP | disable-unexposed-features-unity | Disable certain unexposed features | FAIL | isolation.tools.unity.disable=true | isolation.tools.unity.disable needs to be configured |
| William-XP | disable-unexposed-features-unity-interlock | Disable certain unexposed features | FAIL | isolation.tools.unityinterlockoperation.disable=true | isolation.tools.unityinterlockoperation.disable needs to be configured |
| William-XP | disable-unexposed-features-unity-taskbar | Disable certain unexposed features | FAIL | isolation.tools.unity.taskbar.disable=true | isolation.tools.unity.taskbar.disable needs to be configured |
| William-XP | disable-unexposed-features-unity-unityactive | Disable certain unexposed features | FAIL | isolation.tools.unityactive.disable=true | isolation.tools.unityactive.disable needs to be configured |
| William-XP | disable-unexposed-features-unity-windowcontents | Disable certain unexposed features | FAIL | isolation.tools.unity.windowcontents.disable=true | isolation.tools.unity.windowcontents.disable needs to be configured |
| William-XP | disable-unexposed-features-versionget | Disable certain unexposed features | FAIL | isolation.tools.vmxdndversionget.disable=true | isolation.tools.vmxdndversionget.disable needs to be configured |
| William-XP | disable-unexposed-features-versionset | Disable certain unexposed features | FAIL | isolation.tools.guestdndversionset.disable=true | isolation.tools.guestdndversionset.disable needs to be configured |
| William-XP | restrict-host-info | Do not send host performance information to guests | FAIL | tools.guestlib.enablehostinfo=false | tools.guestlib.enablehostinfo needs to be configured |
| William-XP | disable-autoinstall | Disable tools auto install | FAIL | isolation.tools.autoinstall.disable=true | isolation.tools.autoinstall.disable needs to be configured |
| William-XP | disable-logging | Disable VM logging | PASS | logging=false must be manually added to .vmx | Please refer to VM doc for further details |
| William-XP | disable-vix-messages | Disable VIX messages from the VM | FAIL | isolation.tools.vixmessage.disable=true | isolation.tools.vixmessage.disable needs to be configured |
| William-XP | limit-log-size | Limit VM logging | FAIL | log.rotatesize=100000 | log.rotatesize needs to be configured |
| William-XP | verify-vmsafe-cpumem-enable | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.enable | Please refer to VM doc for further details |
| William-XP | verify-vmsafe-cpumem-agentaddress | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentAddress | Please refer to VM doc for further details |
| William-XP | verify-vmsafe-cpumem-agentport | Control access to VMsafe CPU/Mem APIs | MANUAL | vmsafe.agentPort | Please refer to VM doc for further details |
| William-XP | verify-network-filter | Control access to virtual machines through VMsafe network APIs | MANUAL | N/A | Please refer to VM doc for further details |
| William-XP | secure-guest-os | Secure Virtual Machines as You Would Secure Physical Machines | MANUAL | N/A | Please refer to VM doc for further details |
| William-XP | disable-unnecessary-functions | Disable unnecessary or superfluous functions inside VMs | MANUAL | N/A | Please refer to VM doc for further details |
| William-XP | use-vm-templates | Use Templates to deploy VMs whenever possible | MANUAL | N/A | Please refer to VM doc for further details |
| William-XP | control-resource-usage | Prevent Virtual Machines from Taking Over Resources | MANUAL | N/A | Please refer to VM doc for further details |
| William-XP | minimize-console-use | Minimize Use of the VM Console | MANUAL | N/A | Please refer to VM doc for further details |
| VNETWORK Report Check | 28 total checks | PASS - 28.6 % | FAIL - 7.1 % | REQUIRE MANUAL VALIDATION - 64.3 % |
| Entity | Code | Description | Status | Parameter Check | Resolution/Fix |
| himalaya.primp-industries.com | isolate-mgmt-network-airgap | Ensure that vSphere management traffic is on a restricted network | MANUAL | N/A | Please refer to the vNetwork Doc for further details |
| himalaya.primp-industries.com | isolate-vmotion-network-airgap | Ensure VMotion Traffic is isolated | MANUAL | N/A | Please refer to the vNetwork Doc for further details |
| himalaya.primp-industries.com | limit-administrator-scope | Ensure that only authorized administrators have access to virtual networking components | MANUAL | N/A | Please refer to the vNetwork Doc for further details |
| himalaya.primp-industries.com | restrict-mgmt-network-access-gateway | Strictly control access to Management network | MANUAL | N/A | Please refer to the vNetwork Doc for further details |
| himalaya.primp-industries.com | enable-portfast | Ensure that physical switch ports are configured with Portfast if spanning tree is enabled | MANUAL | N/A | Please refer to the vNetwork Doc for further details |
| himalaya.primp-industries.com | no-unused-dvports | Ensure that there are no unused ports on a Distributed vSwitch Port Group | PASS | N/A | N/A |
| himalaya.primp-industries.com | disable-dvportgroup-autoexpand | Verify that the autoexpand option for VDS dvPortgroups is disabled | FAIL | N/A | The following dvPortgroup w/autoExpand DPortGroup DPortGroup 1 |
| himalaya.primp-industries.com | reject-mac-change-dvportgroup | Ensure the "Mac Address Change" policy is set to Reject | PASS | N/A | N/A |
| himalaya.primp-industries.com | reject-forged-transmit-dvportgroup | Ensure the "Forged Transmits" policy is set to Reject | PASS | N/A | N/A |
| himalaya.primp-industries.com | reject-promiscuous-mode-dvportgroup | Ensure the "Promiscuous Mode" policy is set to Reject | PASS | N/A | N/A |
| himalaya.primp-industries.com | reject-mac-change-dvportgroup | Ensure the "Mac Address Change" policy is set to Reject | PASS | N/A | N/A |
| himalaya.primp-industries.com | reject-forged-transmit-dvportgroup | Ensure the "Forged Transmits" policy is set to Reject | PASS | N/A | N/A |
| himalaya.primp-industries.com | reject-promiscuous-mode-dvportgroup | Ensure the "Promiscuous Mode" policy is set to Reject | PASS | N/A | N/A |
| himalaya.primp-industries.com | no-native-vlan-1 | Ensure that port groups are not configured to value of the native VLAN | MANUAL | N/A | Please refer to vNetwork doc for further details |
| himalaya.primp-industries.com | no-vgt-vlan-4095 | Ensure that port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT) | MANUAL | N/A | VLAN ID setting on all port groups should not be set to 4095 unless VGT is required |
| himalaya.primp-industries.com | no-reserved-vlans | Ensure that port groups are not configured to VLAN values reserved by upstream physical switches | MANUAL | N/A | VLAN ID setting on all port groups should not be set to reserved values of the physical switch |
| himalaya.primp-industries.com | label-portgroups | Ensure that port groups are configured with a clear network label | MANUAL | N/A | Clearly label your portgroups along with identifer to specify functionality |
| himalaya.primp-industries.com | label-vswitches | Ensure that all vSwitches have a clear network label | MANUAL | N/A | Clearly label your vSwitches |
| himalaya.primp-industries.com | document-vlans-vds | Ensure that all vdSwitch VLAN ID's are fully documented | MANUAL | N/A | Clearly label your dvPortgroups |
| himalaya.primp-industries.com | verify-vlan-id | Fully document all VLANs used on vSwitches | MANUAL | N/A | Document all VLANs on vSwitches |
| himalaya.primp-industries.com | set-non-negotiate | Ensure that the non-negotiate option is configured for trunk links between external physical switches and virtual switches in VST mode | MANUAL | N/A | Please refer to vNetwork doc for further details |
| himalaya.primp-industries.com | verify-vlan-trunk | VLAN trunk links must be connected only to physical switch ports that function as trunk links | MANUAL | N/A | Self explanatory |
| himalaya.primp-industries.com | upstream-bpdu-stp | Verify that for virtual machines that route or bridge traffic spanning tree protocol is enabled and BPDU guard and Portfast are disabled on the upstream physical switch port | MANUAL | N/A | Please refer to vNetwork doc for further details |
| himalaya.primp-industries.com | document-pvlans | Ensure that all dvSwitches PVLANS ID's are fully documented | MANUAL | N/A | dvSwitch PVLANS require primary and secondary VLAN ID's. These need to correspond to the ID's on external PVLAN-aware upstream switches if any |
| himalaya.primp-industries.com | restrict-netflow-usage | Ensure that VDS Netflow traffic is only being sent to authorized collector IPs | MANUAL | N/A | Please refer to vNetwork doc for further details |
| himalaya.primp-industries.com | restrict-portmirror-usage | Ensure that VDS Port Mirror traffic is only being sent to authorized collector ports or VLANs | PASS | N/A | Please refer to vNetwork doc for further details |
| himalaya.primp-industries.com | limit-network-healthcheck | Disable VDS network healthcheck if you are not actively using it | FAIL | N/A | Disable VDS Network Health Check for DSwitch-1 |
| himalaya.primp-industries.com | restrict-port-level-overrides | Restrict port-level configuration overrides on VDS | MANUAL | N/A | Please refer to vNetwork doc for further details |