There are several advanced customization settings for locking down VirtualBox Manager. Locking down means removing some features that the user should not see.
VBoxManage setextradata global GUI/Customizationsproperty[,property...]
property is one of the following
properties:
noSelector
Do not allow users to start VirtualBox Manager. Trying to do so will show a window containing a proper error message.
noMenuBar
VM windows will not contain a menu bar.
noStatusBar
VM windows will not contain a status bar.
To disable any of these VirtualBox Manager customizations use the following command:
$ VBoxManage setextradata global GUI/Customizations
The following per-machine VM extradata settings can be used to change the behavior of the VM selector window in respect of certain VMs:
$ VBoxManage setextradataVM-namepropertytrue
property can be any of the following:
GUI/HideDetails
Do not show the VM configuration of a certain VM. The details window will remain just empty if this VM is selected.
GUI/PreventReconfiguration
Do not allow the user to open the Settings dialog for a certain VM.
GUI/PreventSnapshotOperations
Prevent snapshot operations for a VM from the GUI, either at runtime or when the VM is powered off.
GUI/HideFromManager
Hide a certain VM in the VM selector window.
GUI/PreventApplicationUpdate
Disable the automatic update check and hide the corresponding menu item.
Note that these settings do not prevent the user from reconfiguring the VM by using the VBoxManage modifyvm command.
You can disable certain entries in the global settings page of the VM selector:
$ VBoxManage setextradata global GUI/RestrictedGlobalSettingsPagesproperty[,property...]
property is one of the following:
General
Do not show the General settings pane.
Input
Do not show the Input settings pane.
Update
Do not show the Update settings pane.
Language
Do not show the Language settings pane.
Display
Do not show the Display settings pane.
Network
Do not show the Network settings pane.
Extensions
Do not show the Extensions settings pane.
Proxy
Do not show the Proxy settings pane.
This is a global setting. You can specify any combination of properties. To restore the default behavior, use the following command:
$ VBoxManage setextradata global GUI/RestrictedGlobalSettingsPages
You can disable certain menu actions in the VM window:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMenus OPTION[,OPTION...]
where OPTION is one of the following
keywords:
All
Do not show any menu in the VM window.
Application
Do not show Application/File menu in the VM window.
Machine
Do not show the Machine menu in the VM window.
View
Do not show the View menu in the VM window.
Input
Do not show Input menu in the VM window.
Devices
Do not show the Devices menu in the VM window.
Help
Do not show the Help menu in the VM window.
Debug
Do not show the Debug menu in the VM window. The Debug menu is only visible if the GUI was started with special command line parameters or environment variable settings.
This is a per-VM or global setting. Any combination of the above is allowed. To restore the default behavior, use the following command:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMenus
You can also disable certain menu actions of certain menus. Use the following command to disable certain actions of the Application menu. This is only available on macOS hosts.
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeApplicationMenuActions OPTION[,OPTION...]
where OPTION is one of the following
keywords:
All
Do not show any menu item in this menu.
About
Do not show the About menu item in this menu.
Preferences
Do not show the Preferences menu item in this menu.
NetworkAccessManager
Do not show the Network Operations Manager menu item in this menu.
ResetWarnings
Do not show the Reset All Warnings menu item in this menu.
Close
Do not show the Close menu item in this menu.
This is a per-VM or global setting. Any combination of the above is allowed. To restore the default behavior, use the following command:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMenus
Use the following command to disable certain actions of the Machine menu:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMachineMenuActions OPTION[,OPTION...]
where OPTION is one of the following
keywords:
All
Do not show any menu item in this menu.
SettingsDialog
Do not show the Settings menu item in this menu.
TakeSnapshot
Do not show the Take Snapshot... menu item in this menu.
InformationDialog
Do not show the Session Information... menu item in this menu.
FileManagerDialog
Do not show the File Manager... menu item in this menu.
Pause
Do not show the Pause menu item in this menu.
Reset
Do not show the Reset menu item in this menu.
Shutdown
Do not show the ACPI Shutdown menu item in this menu.
This is a per-VM or global setting. Any combination of the above is allowed. To restore the default behavior, use
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMachineMenuActions
Use the following command to disable certain actions of the View menu:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeViewMenuActions OPTION[,OPTION...]
where OPTION is one of the following
keywords:
All
Do not show any menu item in this menu.
Fullscreen
Do not show the Full-screen Mode menu item in this menu.
Seamless
Do not show the Seamless Mode menu item in this menu.
Scale
Do not show the Scaled Mode menu item in this menu.
GuestAutoresize
Do not show the Auto-resize Guest Display menu item in this menu.
AdjustWindow
Do not show the Adjust Window Size menu item in this menu.
TakeScreenshot
Do not show the Take Screenshot... menu item in this menu.
Recording
Do not show the Recording menu item in this menu.
VRDEServer
Do not show the Remote Display menu item in this menu.
MenuBar
Do not show the Menu Bar menu item in this menu.
MenuBarSettings
Do not show the Menu Bar Settings... menu item in this menu.
StatusBar
Do not show the Status Bar menu item in this menu.
StatusbarSettings
Do not show the Statusbar Settings... menu item in this menu.
This is a per-VM or global setting. Any combination of the above is allowed. To restore the default behavior, use
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeViewMenuActions
Use the following command to disable certain actions of the Input menu:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeInputMenuActions OPTION[,OPTION...]
where OPTION is one of the following
keywords:
All
Do not show any menu item in this menu.
Keyboard
Do not show the Keyboard menu item in this menu.
KeyboardSettings
Do not show the Keyboard Settings... menu item in this menu.
SoftKeyboard
Do not show the Soft Keyboard... menu item in this menu.
TypeCAD
Do not show the Insert Ctrl-Alt-Del menu item in this menu.
TypeCABS
Do not show the Insert Ctrl-Alt-Backspace menu item in this menu.
TypeCtrlBreak
Do not show the Insert Ctrl-Break menu item in this menu.
TypeInsert
Do not show the Insert Insert menu item in this menu.
TypePrintScreen
Do not show the Insert Print Screen menu item in this menu.
TypeAltPrintScreen
Do not show the Insert Alt Print Screen menu item in this menu.
TypeHostKeyCombo
Do not show the Insert Host Key Combo menu item in this menu.
MouseIntegration
Do not show the MouseIntegration menu item in this menu.
This is a per-VM or global setting. Any combination of the above is allowed. To restore the default behavior, use
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeInputMenuActions
Use the following command to disable certain actions of the Devices menu:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDevicesMenuActions OPTION[,OPTION...]
where OPTION is one of the following keywords
to disable actions in the
Devices menu:
All
Do not show any menu item in this menu.
HardDrives
Do not show the Hard Disks menu item in this menu.
OpticalDevices
Do not show the Optical Devices menu item in this menu.
FloppyDevices
Do not show the Floppy Drives menu item in this menu.
Audio
Do not show the Audio menu item in this menu.
Network
Do not show the Network menu item in this menu.
NetworkSettings
Do not show the Network Settings menu item in this menu.
USBDevices
Do not show the USB menu item in this menu.
WebCams
Do not show the WebCams menu item in this menu.
SharedFolders
Do not show the Shared Folders menu item in this menu.
SharedFoldersSettings
Do not show the Shared Folders Settings... menu item in this menu.
SharedClipboard
Do not show the Shared Clipboard menu item in this menu.
DragAndDrop
Do not show the Drag and Drop menu item in this menu.
InstallGuestTools
Do not show the Insert Guest Additions CD image... menu item in this menu.
This is a per-VM or global or global setting. Any combination of the above is allowed. To restore the default behavior, use
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDevicesMenuActions
Use the following command to disable certain actions of the Debug menu:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDebuggerMenuActions OPTION[,OPTION...]
where OPTION is one of the following keywords
to disable actions in the Debug menu, which
is normally completely disabled:
All
Do not show any menu item in this menu.
Statistics
Do not show the Statistics... menu item in this menu.
CommandLine
Do not show the Command Line... menu item in this menu.
Logging
Do not show the Logging... menu item in this menu.
LogDialog
Do not show the Show Log... menu item in this menu.
GuestControlConsole
Do not show the Guest Control Terminal... menu item in this menu.
This is a per-VM or global setting. Any combination of the above is allowed. To restore the default behavior, use
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDebuggerMenuActions
Use the following command to disable certain actions of the View menu:
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeHelpMenuActions OPTION[,OPTION...]
where OPTION is one of the following keywords
to disable actions in the Help
menu, which is normally completely disabled:
All
Do not show any menu item in this menu.
Contents
Do not show the Contents... menu item in this menu.
WebSite
Do not show the VirtualBox Web Site... menu item in this menu.
BugTracker
Do not show the VirtualBox Bug Tracker... menu item in this menu.
Forums
Do not show the VirtualBox Forums... menu item in this menu.
Oracle
Do not show the Oracle Web Site... menu item in this menu.
About
Do not show the About VirtualBox... menu item in this menu. Only for non-macOS hosts.
This is a per-VM or global setting. Any combination of the above is allowed. To restore the default behavior, use
VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeHelpMenuActions
You can disable certain status bar items:
VBoxManage setextradata "VM name"|global GUI/RestrictedStatusBarIndicators OPTION[,OPTION...]
where OPTION is one of the following
keywords:
HardDisks
Do not show the hard disk icon in the VM window status bar. By default the hard disk icon is only shown if the VM configuration contains one or more hard disks.
OpticalDisks
Do not show the CD icon in the VM window status bar. By default the CD icon is only shown if the VM configuration contains one or more CD drives.
FloppyDisks
Do not show the floppy icon in the VM window status bar. By default the floppy icon is only shown if the VM configuration contains one or more floppy drives.
Network
Do not show the network icon in the VM window status bar. By default the network icon is only shown if the VM configuration contains one or more active network adapters.
USB
Do not show the USB icon in the status bar.
SharedFolders
Do not show the shared folders icon in the status bar.
Capture
Do not show the capture icon in the status bar.
Features
Do not show the CPU features icon in the status bar.
Mouse
Do not show the mouse icon in the status bar.
Keyboard
Do not show the keyboard icon in the status bar.
This is a per-VM or global setting. Any combination of the above is allowed. If all options are specified, no icons are displayed in the status bar of the VM window. To restore the default behavior, use
VBoxManage setextradata "VM name"|global GUI/RestrictedStatusBarIndicators
You can disable certain VM visual modes:
$ VBoxManage setextradataVM-nameGUI/RestrictedVisualStatesproperty[,property...]
property is one of the following:
Fullscreen
Do not allow to switch the VM into full screen mode.
Seamless
Do not allow to switch the VM into seamless mode.
Scale
Do not allow to switch the VM into scale mode.
This is a per-VM setting. You can specify any combination of properties. To restore the default behavior, use the following command:
$ VBoxManage setextradata VM-name GUI/RestrictedVisualStatesTo disable all Host key combinations, open the preferences and change the Host key to None. This might be useful when using Oracle VM VirtualBox in a kiosk mode.
To redefine or disable certain Host key actions, use the following command:
$ VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=F,...."
The following table shows the possible Host key actions, together with their default Host key shortcut. Setting an action to None will disable that Host key action.
Table 9.1. Host Key Customization
Action | Default Key | Action |
|---|---|---|
| T | Take a snapshot |
| E | Take a screenshot |
| I | Toggle mouse integration |
| Del | Inject Ctrl+Alt+Del |
| Backspace | Inject Ctrl+Alt+Backspace |
| P | Pause the VM |
| R | Hard reset the guest |
| Save the VM state and terminate the VM | |
| H | Press the virtual ACPI power button |
| Power off the VM without saving the state | |
| Q | Show the Close VM dialog |
| F | Switch the VM into full screen mode |
| L | Switch the VM into seamless mode |
| C | Switch the VM into scaled mode |
| G | Automatically resize the guest window |
| A | Immediately resize the guest window |
| Home | Show the popup menu in full screen mode and seamless mode |
| S | Open the VM Settings dialog |
| N | Show the VM Session Information window |
| Show the VM Network Adapters dialog | |
| Show the VM Shared Folders dialog | |
| D | Mount the ISO containing the Guest Additions |
To disable full screen mode and seamless mode, use the following command:
$ VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=None,SeamlessMode=None"
You can disallow certain actions when terminating a VM. To disallow specific actions, use the following command:
$ VBoxManage setextradataVM-nameGUI/RestrictedCloseActionsproperty[,property...]
property is one of the following:
SaveState
Do not allow the user to save the VM state when terminating the VM.
Shutdown
Do not allow the user to shutdown the VM by sending the ACPI power-off event to the guest.
PowerOff
Do not allow the user to power off the VM.
PowerOffRestoringSnapshot
Do not allow the user to return to the last snapshot when powering off the VM.
Detach
Do not allow the user to detach from the VM process if the VM was started in separate mode.
This is a per-VM setting. You can specify any combination of properties. If all properties are specified, the VM cannot be shut down.
You can define a specific action for terminating a VM. In contrast to the setting decribed in the previous section, this setting allows only one action when the user terminates the VM. No exit menu is shown. Use the following command:
$ VBoxManage setextradataVM-nameGUI/DefaultCloseActionaction
action is one of the following:
SaveState
Save the VM state before terminating the VM process.
Shutdown
The VM is shut down by sending the ACPI power-off event to the guest.
PowerOff
The VM is powered off.
PowerOffRestoringSnapshot
The VM is powered off and the saved state returns to the last snapshot.
Detach
Terminate the frontend but leave the VM process running.
This is a per-VM setting. You can specify any combination of properties. If all properties are specified, the VM cannot be shut down.
A VM runs into a Guru Meditation if there is a problem which cannot be fixed by other means than terminating the process. The default is to show a message window which instructs the user to open a bug report.
This behavior can be configured as follows:
$ VBoxManage setextradataVM-nameGUI/GuruMeditationHandlermode
mode is one of the following:
Default
A message window is shown. After the user confirmed, the VM is terminated.
PowerOff
The VM is immediately powered-off without showing any message window. The VM logfile will show information about what happened.
Ignore
The VM is left in stuck mode. Execution is stopped but no message window is shown. The VM has to be powered off manually.
This is a per-VM setting.
By default, the mouse is captured if the user clicks on the guest window and the guest expects relative mouse coordinates at this time. This happens if the pointing device is configured as PS/2 mouse and the guest has not yet started the Oracle VM VirtualBox Guest Additions. For instance, the guest is booting or the Guest Additions are not installed, or if the pointing device is configured as a USB tablet but the guest has no USB driver loaded yet. Once the Guest Additions become active or the USB guest driver is started, the mouse capture is automatically released.
The default behavior is sometimes not desired. Therefore it can be configured as follows:
VBoxManage setextradataVM-nameGUI/MouseCapturePolicymode
mode is one of the following:
Default
The default behavior as described above.
HostComboOnly
The mouse is only captured if the Host Key is toggled.
Disabled
The mouse is never captured, also not by toggling the Host Key
This is a per-VM setting.
Oracle VM VirtualBox uses special window manager facilities to switch a multi-screen machine to full-screen on a multi-monitor host system. However, not all window managers provide these facilities correctly. Oracle VM VirtualBox can be configured to use a legacy method of switching to full-screen mode instead, by using the command:
VBoxManage setextradata global GUI/Fullscreen/LegacyMode true
You can go back to the default method by using the following command:
VBoxManage setextradata global GUI/Fullscreen/LegacyMode
This is a global setting.
It is possible to remove networking modes from Oracle VM VirtualBox GUI. To do this, use the following command:
VBoxManage setextradata global GUI/RestrictedNetworkAttachmentTypesproperty[,property...]
property is one of the following:
NAT
Remove the NAT option from the GUI.
NATNetwork
Remove the NAT network option from the GUI.
BridgedAdapter
Remove the Bridged networking option from the GUI.
InternalNetwork
Remove the Internal networking option from the GUI.
HostOnlyAdapter
Remove the Host Only networking option from the GUI.
GenericDriver
Remove the Generic networking option from the GUI.
This is a global setting. You can specify any combination of properties. To restore the default behavior, use the following command:
VBoxManage setextradata global GUI/RestrictedNetworkAttachmentTypes