Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Give VPC internet access without being able to access host's drives?

16 Oct 2013   #1

Windows 7 64bit
 
 
Give VPC internet access without being able to access host's drives?

Hi,

I've read several threads now and searched online, but am still somewhat unsure about a question I have.

Is it possible to give Virtual PC access to the internet for browsing or running a program/client that needs internet access, but not allow it to access the host's C:drive and folders?

I've found some articles that appear to say that it's possible, but they aren't very clear on how to implement it.

If my question is somewhat elementary I apologize, but I'd rather ask in advance before trying to set this up. Learned my lesson yesterday on just going for it when I almost turned my PC into a useless flower stand while trying to install 7 on a Windows 8 machine.

Thank in advance for any helpful tips,

Jennifer


My System SpecsSystem Spec
.

17 Oct 2013   #2

Windows 7 Professional x64 Sp1
 
 

VM=virtual machine

Most VMs by default do not allow it to touch or see the hosts files or drives. (Kind of the whole point of a virtual machine.) This is something you would actually have to tell it to do.

Vmware player by default won't allow the VM to see the host drive. You would have to go into unity settings and enable it.

In addition, inside the vm you could set it up with a guest account or a limited user account for more lockdown. You could even run the virtual machine inside a guest account in windows, thus even if a breach occurred, it could not access the critical areas of the drive.

Example: If its a kiosk being used by multiple people I would do the following:
Host OS-guest account. Virtual machine-Run in guest account.
If a few users-limited account for host-limited account for VM.
My System SpecsSystem Spec
17 Oct 2013   #3

Windows 7 64bit
 
 

Hi Andrew,

Awesome reply, this makes a lot of sense! Thank you for wording it the way you did!

Have a great one!
My System SpecsSystem Spec
.


17 Oct 2013   #4

W7 Pro SP1 64bit
 
 

In addition to andrew's great advice... I'll add that VMs can be frozen in time. Nothing that a user does will be saved. Any infections that users download will go away too :-)
My System SpecsSystem Spec
17 Oct 2013   #5

Windows 7 Professional x64 Sp1
 
 

Thanks usernameissues, I cannot believe I forgot to include that.

Wow, I really can't believe I forgot to mention that....

Thanks

Just like He stated above, VMS can have snapshots and be easily restored to before a user even touched it. Making it very secure as well. You could even use Windows 7 previous versions feature on the actual vm file rolling it back as another way of doing this.

@Jennifer1 You are very welcome. Please post back here should you have any more questions at all.
Happy to help. If you want more advice or anything let me know in this thread.
My System SpecsSystem Spec
17 Oct 2013   #6

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

Quote   Quote: Originally Posted by andrew129260 View Post
VM=virtual machine

Most VMs by default do not allow it to touch or see the hosts files or drives. (Kind of the whole point of a virtual machine.) This is something you would actually have to tell it to do.
By default, most virtual machines allow guest machines to see the host.

To say that the whole point of a virtual machine is that it can't connect to host is one of the strangest things I have seen posted here at the Seven Forums, and very much untrue. In most cases virtual machines are especially meant to be part of an existing network. As the OP asks about a specific virtualization platform, Microsoft Windows Virtual PC, the XP Mode (designed for Virtual PC) is a good example: by default it is totally integrated into the host system allowing full access to its drives and devices (kind of the whole point, using your words), its main function being to offer a possibility to run legacy software or use legacy devices which would not be possible on Seven.

Quote   Quote: Originally Posted by andrew129260 View Post
You could even run the virtual machine inside a guest account in windows, thus even if a breach occurred, it could not access the critical areas of the drive.

Example: If its a kiosk being used by multiple people I would do the following:
Host OS-guest account. Virtual machine-Run in guest account.
If a few users-limited account for host-limited account for VM.
First, if a vm user accessing host system is an issue, then using guest account is not an answer. It is simply too easy for the user to work around the restrictions of a guest account.

Secondly, as the OP asked about the Virtual PC, if you decide to use Guest account of the host to access your virtual machines and your desired guest system is Windows XP, remember that you cannot use the free Windows XP Mode as Guest account has no access to XP Mode on host giving an Access Denied message if it is tried to launch:
Name:  VPC_Guest_Access-Denied.png
Views: 17
Size:  3.7 KB
In this case you need to install XP on a vm from your own install media, being logged in to host Guest account.

The easiest way to do what OP is asking is a three step procedure:
  1. Disable all sharing on host
  2. Set vm to belong a different workgroup than host
  3. Disable integration features on Virtual PC settings, either completely or at least for host drives:
    Name:  2013-10-18_060406.png
Views: 17
Size:  43.5 KB
    (Screenshot from XP Mode settings. Virtual PC settings for all virtual machines are and look exactly the same.)
Point 3 above is alone enough in most cases, points 1 & 2 are for added security. However, as users (including Guest) can change these vm settings, it's quite easy to work around any restrictions.

Kari


My System SpecsSystem Spec
18 Oct 2013   #7

Windows 7 Professional x64 Sp1
 
 

@ kari

Really? Maybe its because I use vmware player. But I know in vmware player its separate from the host. I have to force it from vmware player to see the hosts drives, or specifically set it up that way.

I do know about virtual pc and xp mode, I do understand its meant to share drives and everything as xp mode integrates applications within seven.

While xp mode is technically a virtual machine, (it is) I do not see it that way. XP mode is more of a program that links to a VM which allows applications to integrate into seven using a virtual machine. It is a virtual machine, but its not at the same time. I think of a virtual machine as being a completely separate environment OS running without being hooked up to the host files directaly unless given permission or set up to do so. That's my definition and use of a virtual machine.

My statement was on vmware player. I don't see anywhere the user speccifying them using xp mode. They wanted to use a virtual machine, so i suggested vmware player and spoke about it. I was not making this statement about all VMS

I know and understand you will have to specify for some vm's that you need to have them separated from the host. Some of them by default do allow them to be connected to host.

In vmware player you must install vmware tools in order to even then set up or allow access to the host drives.

When reading up on VMs I get this information:

System virtual machines[edit]

System virtual machine advantages:
multiple OS environments can co-exist on the same computer, in strong isolation from each other
the virtual machine can provide an instruction set architecture (ISA) that is somewhat different from that of the real machine
application provisioning, maintenance, high availability and disaster recovery[3]
The main disadvantages of VMs are:
a virtual machine is less efficient than a real machine when it accesses the hardware indirectly
when multiple VMs are concurrently running on the same physical host, each VM may exhibit a varying and unstable performance (Speed of Execution, and not results), which highly depends on the workload imposed on the system by other VMs, unless proper techniques are used for temporal isolation among virtual machines.

http://searchservervirtualization.te...irtual-machine

http://pubs.vmware.com/vsphere-4-esx..._machines.html

http://www.forensicfocus.com/downloa...s-analysis.pdf


Not trying to have a debate, but I would love more information. If I am completely wrong, great. Please send me some links you come across.
My System SpecsSystem Spec
18 Oct 2013   #8

W7 Pro SP1 64bit
 
 

It does not sound like VPC is the way to go for this OP.

VirtualBox prevents access to the host drive by default. To keep it that way, the user account within the VM should be a standard user or the guest account. Those users cannot install the additional drivers needed to get to the host drive (unless you share an admin password). VirtualBox's default settings also prevents accessing the host's CD/DVD and USB hardware. This prevents booting the VM to those (or to an ISO) and blanking out the admin account password.
My System SpecsSystem Spec
18 Oct 2013   #9

Windows 7 Professional x64 Sp1
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
It does not sound like VPC is the way to go for this OP.

.....
That is what I was saying in my original comment. Xp mode is way different compared to a standard Virtual Machine. XP mode is nothing like a true VM
My System SpecsSystem Spec
18 Oct 2013   #10

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center
 
 

Quote   Quote: Originally Posted by andrew129260 View Post
Quote   Quote: Originally Posted by UsernameIssues View Post
It does not sound like VPC is the way to go for this OP.

.....
That is what I was saying in my original comment. Xp mode is way different compared to a standard Virtual Machine. XP mode is nothing like a true VM
Honestly, somehow I was no longer surprised to read this comment.

Windows XP Mode is a full-blooded, standard virtual machine "for Windows Virtual PC containing a pre-installed, licensed copy of Windows XP Professional with Service Pack 3 as its guest OS" (source). It is in no way different than any other downloadable virtual disk (virtual appliance) containing a pre-installed operating system like for instance those pre-installed vhd's you can download to VirtualBox (VirtualBox Virtual Appliances | VirtualBoxImages.com).

XP Mode is not "way different compared to standard virtual machine". It is exactly the same than Windows XP installed to a vm from user's own install media, the only difference being it is pre-installed to a vhd compatible with Microsoft Virtual PC.

As the Windows XP Mode can easily be ported for instance to VMware, I am really wondering what you think would be the difference if let's say you have an XP vm installed from your own install media on VMware and that's according to you a "standard" vm, then you import the XP Mode to the same VMware and it's not standard?

For the OP: As I do not know about which OS you want to use on a Virtual PC guest, and as the Virtual PC is the virtualization software you were asking about, I just used XP Mode as an example on how a Virtual PC vm works. My answer is however valid whatever guest you want to install on Virtual PC, for the Windows XP Mode is really a standard Virtual PC vm, behaving exactly the same way as any other guest OS you install on Virtual PC, be it another XP from own install media, Seven or Vista or whatever.

Kari
My System SpecsSystem Spec
Reply

 Give VPC internet access without being able to access host's drives?




Thread Tools



Similar help and support threads for2: Give VPC internet access without being able to access host's drives?
Thread Forum
Limited access signal shows up on wireless internet access connection? Network & Sharing
wireless internet won't give me internet access, HELP! Network & Sharing
Anyone know of a GOOD way to give limited Internet access to a user? System Security
Internet Access = Can't browse / No Internet Access = Nice Browsing ?? Network & Sharing
how to give access to internet on connected computers? Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:27 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33