Can you prevent VM from working on Mac per company policies? Is there a way in JAMF to implement such policy so that the end-user will not be able to put VM applications such as Parallel, Fusion, etc on their Mac or be able to use bootcamp assistant?
Question
How to prevent virtualization on a Mac?
+4
+15You could add VMware Fusion or Parallels to Restricted Software?
+4Thanks Mark. I thought about that but I was thinking there could be a better option. What about other VM software for Mac? I need to start building a list of restricted software.
+36VirtualBox, Wine...
I am looking to do the same thing. Has anyone created a list of the process names that need to be blocked?
Don't forget QEMU
+8There's also Oracle's Virtual Box
+24You would most likely have to compile a list of any virtualization tools and put them all into Restricted Software titles as already mentioned.
Under the hood, there may be some processes that get called up during virtualization, but that could be tricky to find, and probably unreliable. Not to mention, blocking sub OS processes could be dangerous and cause instability.
As for Boot Camp, the easiest things to do for that is to block the Boot Camp Assistant.app, which is typically needed to create any Boot Camp environment. In the past, when I had to ensure Boot Camp couldn't be used, we also made sure there was a Firmware Password enabled on the Mac, since alternate booting was one potential way around it. You may or may not want to take it that far through. Adding firmware password can sometime introduce some complications down the line.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.