VMWare needs admin mode to use physical disks : why ?


jimbo45

Well-known member
Pro User
VIP
Local time
9:15 AM
Posts
4,805
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Hi folks
This seems an annoyance -- when creating a VM using physical disks rather than "paravirtualised VM ones" VMWare wks needs to run in admin mode to aadd / modify these to a VM , as well as needing admin mode to run the VM. Seems bonkers to me -- maybe someone has got an idea as to why this is a requirement.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Hi folks
This seems an annoyance -- when creating a VM using physical disks rather than "paravirtualised VM ones" VMWare wks needs to run in admin mode to aadd / modify these to a VM , as well as needing admin mode to run the VM. Seems bonkers to me -- maybe someone has got an idea as to why this is a requirement.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
I would not want a standard user to access hard drives without permission, particularly C drive from a vm. One of key points about a vm is to isolate vm from host to minimise risk of virus transmission from vm.
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
I would not want a standard user to access hard drives without permission, particularly C drive from a vm. One of key points about a vm is to isolate vm from host to minimise risk of virus transmission from vm.
Just checked - I cannot run a Hyper-V vm as a standard user without permissions from admin account but I have no idea how to give permission.

edit: I found you have to add standard user to Hyper-V Administrators account, from admin account, then user has access to full Hyper-V facilities. So I guess standard user can get access to host drives etc. Not sure this is a good idea.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
Just checked - I cannot run a Hyper-V vm as a standard user without permissions from admin account but I have no idea how to give permission.

edit: I found you have to add standard user to Hyper-V Administrators account, from admin account, then user has access to full Hyper-V facilities. So I guess standard user can get access to host drives etc. Not sure this is a good idea.
Hi there
Since VMware is creating the VM under a specific user id one would assume that Windows has already sufficient control (or should have) over what disks the User has privileges for -- not the user who might be logged on to the guest so it does seem a bit unnecessary.

The advantage of using physical disks gives so much better performance and if you create "small physical disks" as vhdx files and mount as "physical disks" and install your VM to those the chances of damaging a "Full real physical disk drive" is fairly minimal. !!

I agree perhaps in the initial setup of the VM or in modyfing it then it does make sense in a sort of way -- however once the VM has been created I can't see any reason to require Admin privileges just to run it -- if you run it as a normal user you simply get "Internal Error" !!!. A "standard user" won't have access to Host drives from that VM but only "Shared folders" unless enabled via Samba etc.

I do like HYPER-V but until there's less hassle with getting proper network functionality giving easy communication TO the VM from OUTSIDE the Host (i.e from the rest of your LAN/ or the wider Internet) and also "plug and play attach / remove" of USB devices I'm sticking with VMWare. I'm sure HYPER-V will be updated in the coming months to address these issues -- performance wise HYPER-V is very good - but using VMWare with "Physical disks" reduces the gap especially if in the virtual machine config set the disk type to "Nvme" and for non windows guests use the f2fs file system (specifically designed for nvme type ssd's).

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Hi there
Since VMware is creating the VM under a specific user id one would assume that Windows has already sufficient control (or should have) over what disks the User has privileges for -- not the user who might be logged on to the guest so it does seem a bit unnecessary.

The advantage of using physical disks gives so much better performance and if you create "small physical disks" as vhdx files and mount as "physical disks" and install your VM to those the chances of damaging a "Full real physical disk drive" is fairly minimal. !!

I agree perhaps in the initial setup of the VM or in modyfing it then it does make sense in a sort of way -- however once the VM has been created I can't see any reason to require Admin privileges just to run it -- if you run it as a normal user you simply get "Internal Error" !!!. A "standard user" won't have access to Host drives from that VM but only "Shared folders" unless enabled via Samba etc.

Cheers
jimbo
Well, it depends how you look at it. In Hyper-V, I removed my C drive as a share and tested I could not delete files from it with a standard account, except those in standard account user drives.

I then opened a VM from standard account in enhanced mode and I was able to delete files from C drive (having added C drive as an external drive). In effect the standard user got admin level rights via the VM. To me this is a serious security weakness.
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
I noticed the same too on Oracle VirtualBox: if you want to use an external drive as bootable for VM, need to add it as Administrator and run VM as admin too. My guess is that built-in OS Hyper-V in this situation demands external drive to be set offline, while VirtualBox allows to work without switching a drive offline. Another (possible) explanation is that file system which already exists on external drive has been created by another user, so without admin rights all user-defined settings, including startup, will not work, even if the user of host OS is the same.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Legion 5-15ARH05
    CPU
    AMD Rysen 5 4600H
    Memory
    32 GB
    Graphics Card(s)
    GeForce GTX 1650 Ti
    Screen Resolution
    1920x1080

Latest Support Threads

Back
Top Bottom