For details on vSphere permissions and user management, see vSphere Permissions and User Management Tasks section in the VMware vSphere Guide.

To determine that the VIX API VM Direct Access Function can be used by a limited vSphere user.

The VIX API VM Direct Access Function may be used by vSphere users with limited privileges if all of the following three privileges have been set:

• Virtual Machine > Configuration > Advanced
  AND
• Virtual Machine > Interaction > Guest Operating System Management by VIX API
  AND
• Host > Configuration > Advanced Settings

For a list of vSphere privileges, see Defined Privileges section in the VMware vSphere Guide.

To remove the capability to use the VIX API VM Direct Access Function by vSphere users with limited privileges.

These three workarounds remove the capability to use the VIX API VM Direct Access Function by vSphere users with limited privileges. Each workaround is sufficient by itself.

• vSphere user privileges workaround
  
  The preferred workaround is to remove the following configuration setting from the vSphere users with limited privileges:
  
  Virtual Machine > Interaction > Guest Operating System Management by VIX API
  
  
  
• VMware Tools workaround I
  
  For virtual machines that run on ESXi 6.0 and above and that run VMware Tools between version 9.10.0 (inclusive) and 10.0.x: Disable VIX API VM Direct Access Function by adding the following lines to the guest-specific configuration file tools.conf:
  
  [guestoperations]
  Authentication.InfrastructureAgents.disabled=true
  
  Notes:
  
  
• This workaround is not relevant for virtual machines that run on ESXi 5.5.
  
  
• This workaround should not be used in cases:
  
  
• VMware Site Recovery Manager is used
  
  
• VMware Update Manager is used to update Virtual Appliances
  
  
• VMware Infrastructure Navigator is used.