In my fight demo at TechEd Europe 2014, the topic was OOB File Copy, the ability to place a file into a VM’s storage, via the VMBus, and without network connectivity to the VM (e.g. tenant isolation).
The script does the following:
- Cleans up the demo
- Opens up notepad. I manually copy and paste text from a website into the file and save it.
- Enable the Guest Service Interface for the VM to enable OOB File Copy
- Copy the file to the VM
- Disable Guest Service Interface
- Connect to the VM. I manually log in and open the file to verify that the file I created is now inside of the VM
- Clean up the demo
function KillProcess ($Target)
{
$Processes = Get-Process
Foreach ($Process in $Processes)
{
if ($Process.ProcessName -eq $Target)
{
Stop-Process $Process
}
}
}
cls
$DemoHost1 = "Demo-Host1"
$DemoVM1 = “OOBFileCopy”
$DemoFile = "CopyFile.txt"
$DemoFilePath = "C:\Scripts\TechEd\$DemoFile"
$VMConnect = "C:\Windows\system32\vmconnect.exe"
$VMConnectParams = "$DemoHost1 $DemoVM1"
#Prep the demo
#Use a remote command to delete the file from the VM
Invoke-Command -ComputerName $DemoVM1 -ScriptBlock {Remove-Item -ErrorAction SilentlyContinue "C:\CopyFile.txt" -Confirm:$False | Out-Null}
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
Remove-Item -ErrorAction SilentlyContinue $DemoFilePath -Confirm:$False | Out-Null
New-Item $DemoFilePath -ItemType File | Out-Null
#Start the demo
#Note to self – script the network disconenct of the VM along with a continuous ping to confirm it.
Read-Host "`nStart the demo"
Write-Host "`nCreate a file to be copied into the virtual machine" -foregroundcolor red -backgroundcolor yellow
Start-Process "c:\windows\system32\notepad.exe" -ArgumentList $DemoFilePath
#Copy the file
Read-Host "`nEnable the Guest Service Interface integration service"
Write-Host "`nEnable-VMIntegrationService $DemoVM1 -Name `"Guest Service Interface`""
Enable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
Read-Host "`nCopy the file to the VM"
Write-Host "`nCopy-VMFile $DemoVM1 -SourcePath $DemoFilePath -DestinationPath C: -FileSource Host"
Copy-VMFile $DemoVM1 -SourcePath $DemoFilePath -DestinationPath C: -FileSource Host
Read-Host "`nDisable the Guest Service Interface integration service"
Write-Host "`nDisable-VMIntegrationService $DemoVM1 -Name `"Guest Service Interface`""
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
#Check the file
Read-Host "`nLog into the virtual machine to check the file"
Set-VMHost -EnableEnhancedSessionMode $true | Out-Null
Start-Process $VMConnect -ArgumentList $VMConnectParams
#End the demo
Read-Host "`nEnd the demo"
KillProcess "vmconnect"
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
Remove-Item -ErrorAction SilentlyContinue $DemoFilePath -Confirm:$False | Out-Null
#Use a remote command to delete the file from the VM
Invoke-Command -ComputerName $DemoVM1 -ScriptBlock {Remove-Item -ErrorAction SilentlyContinue "C:\CopyFile.txt" -Confirm:$False | Out-Null}
Hey AIdan! I’ve tried this feature and it works like charm, one thing I’ve seen you do with this is that you enable and disable guest services on the VM after you’re done, it is also disabled by default.
Is there any reason in particular this cant be left enabled ?
MSFT went with secure by default. Anyone with admin rights on a host could use this feature if it was enabled.