Jamf Nation Community

aarongrant · ‎01-23-2020

Can you prevent VM from working on Mac per company policies? Is there a way in JAMF to implement such policy so that the end-user will not be able to put VM applications such as Parallel, Fusion, etc on their Mac or be able to use bootcamp assistant?

mark_mahabir · ‎01-23-2020

You could add VMware Fusion or Parallels to Restricted Software?

aarongrant · ‎01-23-2020

Thanks Mark. I thought about that but I was thinking there could be a better option. What about other VM software for Mac? I need to start building a list of restricted software.

donmontalvo · ‎01-23-2020

VirtualBox, Wine...

--
https://donmontalvo.com

jboring · ‎09-02-2020

I am looking to do the same thing. Has anyone created a list of the process names that need to be blocked?

Don't forget QEMU

Sims_ · ‎09-02-2020

I'm interested in this as well. Followed

CSCC-JS · ‎09-02-2020

There's also Oracle's Virtual Box

mm2270 · ‎09-02-2020

You would most likely have to compile a list of any virtualization tools and put them all into Restricted Software titles as already mentioned.
Under the hood, there may be some processes that get called up during virtualization, but that could be tricky to find, and probably unreliable. Not to mention, blocking sub OS processes could be dangerous and cause instability.

As for Boot Camp, the easiest things to do for that is to block the Boot Camp Assistant.app, which is typically needed to create any Boot Camp environment. In the past, when I had to ensure Boot Camp couldn't be used, we also made sure there was a Firmware Password enabled on the Mac, since alternate booting was one potential way around it. You may or may not want to take it that far through. Adding firmware password can sometime introduce some complications down the line.

Jamf Nation Community

How to prevent virtualization on a Mac?