VMWare needs admin mode to use physical disks : why ?


jimbo45

Well-known member
Pro User
VIP
Local time
4:38 PM
Posts
3,905
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Hi folks
This seems an annoyance -- when creating a VM using physical disks rather than "paravirtualised VM ones" VMWare wks needs to run in admin mode to aadd / modify these to a VM , as well as needing admin mode to run the VM. Seems bonkers to me -- maybe someone has got an idea as to why this is a requirement.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Hi folks
This seems an annoyance -- when creating a VM using physical disks rather than "paravirtualised VM ones" VMWare wks needs to run in admin mode to aadd / modify these to a VM , as well as needing admin mode to run the VM. Seems bonkers to me -- maybe someone has got an idea as to why this is a requirement.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
I would not want a standard user to access hard drives without permission, particularly C drive from a vm. One of key points about a vm is to isolate vm from host to minimise risk of virus transmission from vm.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
I would not want a standard user to access hard drives without permission, particularly C drive from a vm. One of key points about a vm is to isolate vm from host to minimise risk of virus transmission from vm.
Just checked - I cannot run a Hyper-V vm as a standard user without permissions from admin account but I have no idea how to give permission.

edit: I found you have to add standard user to Hyper-V Administrators account, from admin account, then user has access to full Hyper-V facilities. So I guess standard user can get access to host drives etc. Not sure this is a good idea.
 
Last edited:

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
Just checked - I cannot run a Hyper-V vm as a standard user without permissions from admin account but I have no idea how to give permission.

edit: I found you have to add standard user to Hyper-V Administrators account, from admin account, then user has access to full Hyper-V facilities. So I guess standard user can get access to host drives etc. Not sure this is a good idea.
Hi there
Since VMware is creating the VM under a specific user id one would assume that Windows has already sufficient control (or should have) over what disks the User has privileges for -- not the user who might be logged on to the guest so it does seem a bit unnecessary.

The advantage of using physical disks gives so much better performance and if you create "small physical disks" as vhdx files and mount as "physical disks" and install your VM to those the chances of damaging a "Full real physical disk drive" is fairly minimal. !!

I agree perhaps in the initial setup of the VM or in modyfing it then it does make sense in a sort of way -- however once the VM has been created I can't see any reason to require Admin privileges just to run it -- if you run it as a normal user you simply get "Internal Error" !!!. A "standard user" won't have access to Host drives from that VM but only "Shared folders" unless enabled via Samba etc.

I do like HYPER-V but until there's less hassle with getting proper network functionality giving easy communication TO the VM from OUTSIDE the Host (i.e from the rest of your LAN/ or the wider Internet) and also "plug and play attach / remove" of USB devices I'm sticking with VMWare. I'm sure HYPER-V will be updated in the coming months to address these issues -- performance wise HYPER-V is very good - but using VMWare with "Physical disks" reduces the gap especially if in the virtual machine config set the disk type to "Nvme" and for non windows guests use the f2fs file system (specifically designed for nvme type ssd's).

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Hi there
Since VMware is creating the VM under a specific user id one would assume that Windows has already sufficient control (or should have) over what disks the User has privileges for -- not the user who might be logged on to the guest so it does seem a bit unnecessary.

The advantage of using physical disks gives so much better performance and if you create "small physical disks" as vhdx files and mount as "physical disks" and install your VM to those the chances of damaging a "Full real physical disk drive" is fairly minimal. !!

I agree perhaps in the initial setup of the VM or in modyfing it then it does make sense in a sort of way -- however once the VM has been created I can't see any reason to require Admin privileges just to run it -- if you run it as a normal user you simply get "Internal Error" !!!. A "standard user" won't have access to Host drives from that VM but only "Shared folders" unless enabled via Samba etc.

Cheers
jimbo
Well, it depends how you look at it. In Hyper-V, I removed my C drive as a share and tested I could not delete files from it with a standard account, except those in standard account user drives.

I then opened a VM from standard account in enhanced mode and I was able to delete files from C drive (having added C drive as an external drive). In effect the standard user got admin level rights via the VM. To me this is a serious security weakness.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
I noticed the same too on Oracle VirtualBox: if you want to use an external drive as bootable for VM, need to add it as Administrator and run VM as admin too. My guess is that built-in OS Hyper-V in this situation demands external drive to be set offline, while VirtualBox allows to work without switching a drive offline. Another (possible) explanation is that file system which already exists on external drive has been created by another user, so without admin rights all user-defined settings, including startup, will not work, even if the user of host OS is the same.
 

My Computer

System One

  • OS
    Windows 11 Pro; Windows 8.1 Pro
    Computer type
    PC/Desktop
    CPU
    i7-12700K (Alder Lake)
    Motherboard
    Asus PRIME Z690-M Plus D4
    Memory
    16 GB (2x8 Corsair DDR4-2132)
    Graphics Card(s)
    Asus GeForce 1050 Ti, 4 GB
    Monitor(s) Displays
    Philips 235PQ
    Screen Resolution
    1920x1080
    Hard Drives
    Windows 11: Samsung SSD 870 EVO, 500 GB (SATA), MBR
    Windows 8.1: Samsung SSD 980 PRO, 500 GB (M.2), MBR
    PSU
    Platimax D.F. 1050 W (80 Plus Platinum)
    Internet Speed
    Local link 1 Gbps, provider's line 500 Mbps
    Browser
    Google Chrome
    Other Info
    Realtek PCIe GbE Family Controller (for Windows 8.1 compatibility)
    Microsoft Office H&S 2013 x64

Latest Support Threads

Back
Top Bottom