Script to verify and automatic apply hardening policies.
The script verify and fix the following points.
- isolation.tools.copy.disable #Set to $true
- isolation.tools.dnd.disable #Set to $true
- isolation.tools.setGUIOptions.enable #Set to $false
- isolation.tools.paste.disable #Set to $true
- isolation.tools.diskShrink.disable #Set to $true
- isolation.tools.diskWiper.disable #Set to $true
- isolation.tools.hgfs.disable #Set to $true
- disable-independent-nonpersistent
- mks.enable3d #Set to $false
- isolation.tools.memSchedFakeSampleStats.disable #Set to $true
- detect floppy devices.
- detect parallel devices
- detect serial devices
- detect usb devices
- tools.setInfo.sizeLimit # Set to "1048576 (1MB)"
- RemoteDisplay.vnc.enabled #Set to $false
- tools.guestlib.enableHostInfo #Set to $false
- Mem.ShareForceSalting #Set to 1
- RemoteDisplay.maxConnections #Set to 1
- isolation.device.edit.disable #Set to $true
- isolation.device.connectable.disable #Set to $true
- log.keepOld #Set to 10
- log.rotateSize #Set to 1024000 (1MB)
- PCI-Passthrough
Items: 8 11 12 13 14 24 Just check if it exists or not. Because each infrastructure has its own policy, but the recommendation is not to use the options unless it is necessary.