Virtual machines (VMs) must be configured to lock when the last console connection is closed.

An XCCDF Rule

Description

When accessing the VM console, the guest operating system must be locked when the last console user disconnects, limiting the possibility of session hijacking. This setting only applies to Windows-based VMs with VMware tools installed.

ID: SV-258714r933203_rule
Version: VMCH-80-000201
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

For each virtual machine do the following:

From the vSphere Client, right-click the Virtual Machine and go to Edit Settings >> VM Options >> VMware Remote Console Options.

Check the box next to "Lock the guest operating system when the last remote user disconnects". Click "OK".
or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM "VM Name" | Get-AdvancedSetting -Name tools.guest.desktop.autolock | Set-AdvancedSetting -Value true

Virtual machines (VMs) must be configured to lock when the last console connection is closed.

Description

Remediation Templates

A Manual Procedure