Solved

How do I use Group Policy to block VMWare NAT service on my domain desktops?

Posted on 2008-10-07
4
693 Views
Last Modified: 2010-04-21
My switches are capable of blocking VMware workstation using bridging, now unpatched vm's can still connect if they NAT. So i would like to disable the NAT service using a group policy.And before anyone says you need NAC, ACE etc i know i just want a quickish fix til i get budget for NAC and ACE
0
Comment
Question by:brianogorman
4 Comments
 
LVL 8

Expert Comment

by:Point-In-Cyberspace
ID: 22662028
As far as i know there is no way to do it without the tools you mention.
You may try to build an administrative template to set the values you need.

For this try to look to:
http://support.microsoft.com/?scid=kb%3Ben-us%3B323639&x=2&y=16

and google around with words: write administrative template

0
 
LVL 7

Expert Comment

by:BogdanSUA
ID: 22663510
This is not a super elegant solution, but it will work just fine....Use the following GPO:
User Configuration, Administrative Templates, System, Don't run specified Windows applications

Enable the policy and add the following executable with no path...just like you see it below.

vmnat.exe
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22663704
Is the VMWare NAT service an actual Windows service that shows up in the Services MMC?

If so, you can mandate the service be set to Disabled using GPO.

Create and link a GPO to the OU containing the workstation objects, and define the Startup type of the NAT service to "Disabled". Caveat - you need to create and edit the GPO from a machine that -has the relevant service installed-, otherwise it won't show up in the UI.
0
 

Author Closing Comment

by:brianogorman
ID: 31503930
excellent that worked a treat many thanks.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now