VMware Workstation

Workstation Pro is asking manual entry of encryption password on any start of encrypted VM.  I expected that "vmrun -T ws -vp password ..." would allow me to start encrypted VM without being prompted, but it does not work - even if it is listed both in online wmware documentation and in help output of vmrun itself ( when run without any parameter ). I tried with several builds, including latest 16.1.2 build-17966106. Only 'workaround' that I found was to start with 'nogui' , which is useless for Windows guest.  On the other hand, 'vmware.exe' does not have at all command line option for encryption password. 

Is there any way to start encrypted Windows 10+ guest VM without being prompted for password every time?

This will become HUGE problem for 'default' new Windows 11 guests with "Memory Integrity" turned on ( since they require TPM, and Workstation Pro require encrypted VM before adding TPM).

Hi,

Upgrade to Workstation 16.2 released a few days ago. It allows for adding a vTPM without encrypting the disk.

See:
https://blogs.vmware.com/workstation/2021/10/workstation-16-2-now-available.html

A few notes:

- first upgrade to the latest virtual hardware version (ironically called "Beta")

- beware that there is no official option for this in the user interface yet, the above feature is still considered experimental.

- Not related, but in case that it matters, Workstation 16.2 has a bug where it forgot to include the dark mode feature.

2022-02-09  edit:
Please read my post below if you want to use the experimental vTPM feature.

https://www.vimalin.com/blog/what-you-should-know-about-vmwares-experimental-vtpm/

--
Wil

Thanks, that is better option for TPM.  I tried it, and it works, so I guess I will not be needing encrypted VM ( although original question is still interesting one). 

Curiously, while Windows recognized this new vmware TPM (and  it was possible to activate "Memory Integrity" , and even "Credential Guard"), it did not recognize TPM from Power Shell (get-tpm failed ), and it was also not possible to activate "System Guard" (aka "Firmware protection" aka "Secure Launch"). When "Secure Launch" is set up via Group policy, it get shown as 'configured', but not as 'running'. Alternative was to use suggested 'tool' to install it , but that tool uses PowerShell script which uses aforementioned get-tpm which does not recognize tpm.

I'm not certain if PowerShell "get-tpm" is not working due to bug in PowerShell or due to vmware new TPM implementation. But that is not so important issue for me, since new vmware TPM works without problems for my main purpose ( compliancy with basic Windows 11 requirements, and  "Memory Integrity").

Unfortunately, it seems that this workaround resulted in another issue:

- when using this new TPM, guest VM will not automatically power on, even if -X ( or -x) switches are used with "vmware.exe"

- it also does not work with "vmrun start ...", seems due to same issue as in my original question (VM is marked as 'encrypted')

Bottom line is that it is STILL not possible to start VM with one click if TPM is enabled .

Hi,

I followed the blog, and added the line managedVM.autoAddVTPM="software"  to skip encryption.

That worked perfectly, I was able to configure my Server 2022.  I don't want encryption, because I share an extra unencrypted disk in my VM Workstation between a few VM's.

But unfortunately...

Today I restarted my laptop, and started the VM again.

This without a warning started to encrypt the image and the extra disk.
I pressed cancel as soon as I noticed but was to late.

I cannot use the VM and the External disk anymore.

Any tips how I connect a unencrypted disk to a server 2022 VM?

Good morning Everyone

Assuming you are using VMware Workstation 17.5 on Windows 11, you can use PowerShell to enter your password into the pop-up window asking for your password.

To launch your encrypted MyVM virtual machine by double-clicking, write the following batch file on your desktop (name it e.g. MyVM.bat):

@ECHO OFF
C:
CD "\Program Files (x86)\VMware\VMware Workstation"
START vmware-kvm.exe "D:\MyVM\MyVM.vmx"
PowerShell -command "Add-Type -AssemblyName System.Windows.Forms ; sleep 5 ; [System.Windows.Forms.SendKeys]::SendWait('YourPassword{ENTER}')"

Have You tried this?

start "some name" "C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe" -x "F:\VirtualMachines\Windows-11-VM\Windows-11-x64-22H2.vmx"

Of course: Adjust the paths for the vmware.exe and the vmx-file.

This works for me, if no other vm is already running, otherwise it shows the vm, but does not start yet. The encryption pw is usually stored in the vmware vault and vmware does not ask for it this way.

mike knife 

@ECHO OFF
C:
CD "\Program Files (x86)\VMware\VMware Workstation"
START vmware-kvm.exe "D:\MyVM\MyVM.vmx"
PowerShell -command "Add-Type -AssemblyName System.Windows.Forms ; sleep 5 ; [System.Windows.Forms.SendKeys]::SendWait('YourPassword{ENTER}')"

Another way might be to start the vm with vmrun.exe:

vmrun.exe -vp <passord> -T ws start "path to vmx-file"

See vmware /?

I have not checked this though.

Mike Knife

@ECHO OFF
C:
CD "\Program Files (x86)\VMware\VMware Workstation"
START vmware-kvm.exe "D:\MyVM\MyVM.vmx"
PowerShell -command "Add-Type -AssemblyName System.Windows.Forms ; sleep 5 ; [System.Windows.Forms.SendKeys]::SendWait('YourPassword{ENTER}')"