9.20. Locking down the VirtualBox GUI

Oracle VM VirtualBox

previous page next page

9.20. Locking down the VirtualBox GUI

9.20.1. Customizing the VM manager

There are several advanced customization settings for locking down the VirtualBox manager, that is, removing some features that the user should not see.

VBoxManage setextradata global GUI/Customizations OPTION[,OPTION...]

where OPTION is one of the following keywords:

noSelector

Don't allow to start the VirtualBox manager. Trying to do so will show a window containing a proper error message.

noMenuBar

VM windows will not contain a menu bar.

noStatusBar

VM windows will not contain a status bar.

To disable any of these VM manager customizations do 

VBoxManage setextradata global GUI/Customizations

9.20.2. VM selector customization

The following per-machine VM extradata settings can be used to change the behavior of the VM selector window in respect of certain VMs:

VBoxManage setextradata "VM name" SETTING true

where SETTING can be:

GUI/HideDetails

Don't show the VM configuration of a certain VM. The details window will remain just empty if this VM is selected.

GUI/PreventReconfiguration

Don't allow the user to open the settings dialog for a certain VM.

GUI/PreventSnapshotOperations

Prevent snapshot operations for a VM from the GUI, either at runtime or when the VM is powered off.

GUI/HideFromManager

Hide a certain VM in the VM selector window.

GUI/PreventApplicationUpdate

Disable the automatic update check and hide the corresponding menu item.

Please note that these settings wouldn't prevent the user from reconfiguring the VM by VBoxManage modifyvm.

9.20.3. Configure VM selector menu entries

You can disable (i.e. black-list) certain entries in the global settings page of the VM selector:

VBoxManage setextradata global GUI/RestrictedGlobalSettingsPages OPTION[,OPTION...]

where OPTION is one of the following keywords:

General

Don't show the General settings pane.

Input

Don't show the Input settings pane.

Update

Don't show the Update settings pane.

Language

Don't show the Language settings pane.

Display

Don't show the Display settings pane.

Network

Don't show the Network settings pane.

Extensions

Don't show the Extensions settings pane.

Proxy

Don't show the Proxy settings pane.

This is a global setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata global GUI/RestrictedGlobalSettingsPages

9.20.4. Configure VM window menu entries

You can disable (i.e. black-list) certain menu actions in the VM window:

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeMenus OPTION[,OPTION...]

where OPTION is one of the following keywords:

All

Don't show any menu in the VM window.

Machine

Don't show the Machine menu in the VM window.

View

Don't show the View menu in the VM window.

Devices

Don't show the Devices menu in the VM window.

Help

Don't show the Help menu in the VM window.

Debug

Don't show the Debug menu in the VM window. The debug menu is only visible if the GUI was started with special command line parameters or environment variable settings.

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeMenus

You can also disable (i.e. blacklist) certain menu actions of certain menus. Use the following command to disable certain actions of the Application menu (only available on Mac OS X hosts):

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeApplicationMenuActions OPTION[,OPTION...]

where OPTION is one of the following keywords:

All

Don't show any menu item in this menu.

About

Don't show the About menu item in this menu.

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeMenus

Use the following command to disable certain actions of the Machine menu:

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeApplicationMenuActions OPTION[,OPTION...]

where OPTION is one of the following keywords:

All

Don't show any menu item in this menu.

SettingsDialog

Don't show the Settings menu item in this menu.

TakeSnapshot

Don't show the Take Snapshot menu item in this menu.

TakeScreenshot

Don't show the Take Screenshot menu item in this menu.

InformationDialog

Don't show the Session Information menu item in this menu.

MouseIntegration

Don't show the Disable Mouse Integration menu item in this menu.

TypeCAD

Don't show the Insert Ctrl+Alt+Del menu item in this menu.

TypeCABS

Don't show the Insert Ctrl+Alt+Backspace menu item in this menu (available on X11 hosts only).

Pause

Don't show the Pause menu item in this menu.

Reset

Don't show the Reset menu item in this menu.

SaveState

Don't show the Save the machine state menu item in this menu.

Shutdown

Don't show the ACPI Shutdown menu item in this menu.

PowerOff

Don't show the Power Off the machine menu item in this menu.

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeApplicationMenuActions

Use the following command to disable certain actions of the View menu:

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeViewMenuActions OPTION[,OPTION...]

where OPTION is one of the following keywords:

All

Don't show any menu item in this menu.

Fullscreen

Don't show the Switch to Fullscreen menu item in this menu.

Seamless

Don't show the Switch to Seamless Mode menu item in this menu.

Scale

Don't show the Switch to Scaled Mode menu item in this menu.

GuestAutoresize

Don't show the Auto-resize Guest Display menu item in this menu.

AdjustWindow

Don't show the Adjust Window Size menu item in this menu.

Multiscreen

Don't show the Multiscreen menu item in this menu (only visible in full screen / seamless mode).

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeViewMenuActions

Use the following command to disable certain actions of the View menu:

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDevicesMenuActions OPTION[,OPTION...]

where OPTION is one of the following keywords to disable actions in the Devices menu:

All

Don't show any menu item in this menu.

OpticalDevices

Don't show the CD/DVD Devices menu item in this menu.

FloppyDevices

Don't show the FLoppy Devices menu item in this menu.

USBDevices

Don't show the USB Devices menu item in this menu.

SharedClipboard

Don't show the Shared Clipboard menu item in this menu.

DragAndDrop

Don't show the Drag and Drop menu item in this menu.

NetworkSettings

Don't show the Network Settings... menu item in this menu.

SharedFoldersSettings

Don't show the Shared Folders Settings... menu item in this menu.

VRDEServer

Don't show the Remove Display menu item in this menu.

InstallGuestTools

Don't show the Insert Guest Additions CD imnage... menu item in this menu.

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDevicesMenuActions

Use the following command to disable certain actions of the View menu:

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDebuggerMenuActions OPTION[,OPTION...]

where OPTION is one of the following keywords to disable actions in the Debug menu (normally completely disabled):

All

Don't show any menu item in this menu.

Statistics

Don't show the Statistics... menu item in this menu.

CommandLine

Don't show the Command Line... menu item in this menu.

Logging

Don't show the Logging... menu item in this menu.

LogDialog

Don't show the Show Log... menu item in this menu.

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDebuggerMenuActions

Use the following command to disable certain actions of the View menu:

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeHelpMenuActions OPTION[,OPTION...]

where OPTION is one of the following keywords to disable actions in the Help menu (normally completely disabled):

All

Don't show any menu item in this menu.

Contents

Don't show the Contents... menu item in this menu.

WebSite

Don't show the VirtualBox Web Site... menu item in this menu.

ResetWarnings

Don't show the Reset All Warnings menu item in this menu.

NetworkAccessManager

Don't show the Network Operations Manager menu item in this menu.

About

Don't show the About menu item in this menu (only on non Mac OS X hosts).

Contents

Don't show the Contents... menu item in this menu.

Contents

Don't show the Contents... menu item in this menu.

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedRuntimeHelpMenuActions

9.20.5. Configure VM window status bar entries

You can disable (i.e. black-list) certain status bar items:

VBoxManage setextradata "VM name" GUI/RestrictedStatusBarIndicators OPTION[,OPTION...]

where OPTION is one of the following keywords:

HardDisks

Don't show the hard disk icon in the VM window status bar. By default the hard disk icon is only shown if the VM configuration contains one or more hard disks.

OpticalDisks

Don't show the CD icon in the VM window status bar. By default the CD icon is only shown if the VM configuration contains one or more CD drives.

FloppyDisks

Don't show the floppy icon in the VM window status bar. By default the floppy icon is only shown if the VM configuration contains one or more floppy drives.

Network

Don't show the network icon in the VM window status bar. By default the network icon is only shown if the VM configuration contains one or more active network adapters.

USB

Don't show the USB icon in the status bar.

SharedFolders

Don't show the shared folders icon in the status bar.

VideoCapture

Don't show the video capture icon in the status bar.

Features

Don't show the CPU features icon in the status bar.

Mouse

Don't show the mouse icon in the status bar.

Keyboard

Don't show the keyboard icon in the status bar.

This is a per-VM setting. Any combination of the above is allowed. If all options are specified, no icons are displayed in the status bar of the VM window. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedStatusBarIndicators

9.20.6. Configure VM window visual modes

You can disable (i.e. black-list) certain VM visual modes:

VBoxManage setextradata "VM name" GUI/RestrictedVisualStates OPTION[,OPTION...]

where OPTION is one of the following keywords:

Fullscreen

Don't allow to switch the VM into full screen mode.

Seamless

Don't allow to switch the VM into seamless mode.

Scale

Don't allow to switch the VM into scale mode.

This is a per-VM setting. Any combination of the above is allowed. To restore the default behavior, use

VBoxManage setextradata "VM name" GUI/RestrictedVisualStates

9.20.7. Host Key customization

To disable all host key combinations, open the preferences and change the host key to None. This might be useful when using VirtualBox in a kiosk mode.

To redefine or disable certain host key actions, use the following command:

VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=F,...."

The following list shows the possible host key actions together with their default host key shortcut. Setting an action to None will disable that host key action.

Table 9.1. Host Key customization

Action Default Key Action
TakeSnapshot T take a snapshot
TakeScreenshot E take a screenshot
MouseIntegration I toggle mouse integration
TypeCAD Del inject Ctrl+Alt+Del
TypeCABS Backspace inject Ctrl+Alt+Backspace
Pause P Pause the VM
Reset R (hard) reset the guest
SaveState   save the VM state and terminate the VM
Shutdown H press the (virtual) ACPI power button
PowerOff   power the VM off (without saving the state!)
Close Q show the VM close dialog
FullscreenMode F switch the VM into full screen
SeamlessMode L switch the VM into seamless mode
ScaleMode C switch the VM into scale mode
GuestAutoResize G automatically resize the guest window
WindowAdjust A immediately resize the guest window
PopupMenu Home show popup menu in full screen / seaml. mode
SettingsDialog S open the VM settings dialog
InformationDialog N show the VM information window
NetworkAdaptersDialog   show the VM network adapters dialog
SharedFoldersDialog   show the VM shared folders dialog
InstallGuestAdditions D mount the ISO containing the Guest Additions

To disable the full screen mode as well as the seamless mode, use the following command: 

VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=None,SeamlessMode=None"

9.20.8. Action when terminating the VM

You can disallow (i.e. black-list) certain actions when terminating a VM. To disallow specific actions, type:

VBoxManage setextradata "VM name" GUI/RestrictedCloseActions OPTION[,OPTION...]

where OPTION is one of the following keywords:

SaveState

Don't allow the user to save the VM state when terminating the VM.

Shutdown

Don't allow the user to shutdown the VM by sending the ACPI power-off event to the guest.

PowerOff

Don't allow the user to power off the VM.

PowerOffRestoringSnapshot

Don't allow the user to return to the last snapshot when powering off the VM.

Detach

Don't allow the user to detach from the VM process if the VM was started in separate mode.

This is a per-VM setting. Any combination of the above is allowed. If all options are specified, the VM cannot be shut down at all.

9.20.9. Default action when terminating the VM

You can define a specific action for terminating a VM. In contrast to the setting decribed in the previous section, this setting allows only one action when the user terminates the VM. No exit menu is shown.

VBoxManage setextradata "VM name" GUI/DefaultCloseAction ACTION

where ACTION is one of the following keywords:

SaveState

Save the VM state before terminating the VM process.

Shutdown

The VM is shut down by sending the ACPI power-off event to the guest.

PowerOff

The VM is powered off.

PowerOffRestoringSnapshot

The VM is powered off and the saved state returns to the last snapshot.

Detach

Terminate the frontend but leave the VM process running.

This is a per-VM setting. Any combination of the above is allowed. If all options are specified, the VM cannot be shut down at all.

9.20.10. Action for handling a Guru Meditation

A VM runs into a Guru Meditation if there is a problem which cannot be fixed by other means than terminating the process. The default is to show a message window which instructs the user to open a bug report.

This behavior can be configured:

VBoxManage setextradata "VM name" GUI/GuruMeditationHandler MODE

where MODE is one of the following keywords:

Default

A message window is shown. After the user confirmed, the VM is terminated.

PowerOff

The VM is immediately powered-off without showing any message window. The VM logfile will show information about what happened.

Ignore

The VM is left in stuck mode. Execution is stopped but no message window is shown. The VM has to be powered off manually.

This is a per-VM setting.

9.20.11. Configuring automatic mouse capturing

By default, the mouse is captured if the user clicks on the guest window and the guest expects relative mouse coordinates at this time. This happens if the pointing device is configured as PS/2 mouse and the guest did not (yet) start the VirtualBox Guest Additions (for instance, the guest is booting or no Guest Additions installed at all) or if the pointing device is configured as USB tablet but the guest has no USB driver loaded yet. Once the Guest Additions become active or the USB guest driver is started, the mouse capture is automatically released.

The default behavior is sometimes not desired. Therefore it can be configured: 

VBoxManage setextradata "VM name" GUI/MouseCapturePolicy MODE

where MODE is one of the following keywords:

Default

The default behavior as described above.

HostComboOnly

The mouse is only captured if the Host Key is toggled.

Disabled

The mouse is never captured, also not by toggling the Host Key

This is a per-VM setting.

9.20.12. Configuring automatic mouse capturing

By default, the mouse is captured if the user clicks on the guest window and the guest expects relative mouse coordinates at this time. This happens if the pointing device is configured as PS/2 mouse and the guest did not (yet) start the VirtualBox Guest Additions (for instance, the guest is booting or no Guest Additions installed at all) or if the pointing device is configured as USB tablet but the guest has no USB driver loaded yet. Once the Guest Additions become active or the USB guest driver is started, the mouse capture is automatically released.

The default behavior is sometimes not desired. Therefore it can be configured: 

VBoxManage setextradata "VM name" GUI/MouseCapturePolicy MODE

where MODE is one of the following keywords:

Default

The default behavior as described above.

HostComboOnly

The mouse is only captured if the Host Key is toggled.

Disabled

The mouse is never captured, also not by toggling the Host Key

This is a per-VM setting.

9.20.13. Requesting legacy full-screen mode

As of version 4.3.16, VirtualBox uses special window manager facilities to switch a multi-screen machine to full-screen on a multi-monitor host system. However, not all window managers provide these facilities correctly, so VirtualBox can be told to use the old method of switching to full-screen mode instead using the command: 

VBoxManage setextradata global GUI/Fullscreen/LegacyMode true

You can go back to the new method using the command: 

VBoxManage setextradata global GUI/Fullscreen/LegacyMode

This is a global setting.

previous page start next page