VMware vSphere

Hello all,

I have a major headache and thought I would ask the mind hive of SME's here while I search for a solution.

Architecture:

We have to use VMWare Workstation as the VM is provided by our IT team using this application.

The problem:

To ensure kids do not do what kids do,

a) I need to put on a PC a VM environment that they cannot escape or do any mods to it.

Goal:

On a PC have a script that launches a VM that they can use some old software on but cannot do anything else (no alts to which VM environment (aka no ability to change hardware or ISO), no access to any configs, etc). 

They will need the ability to leave the VM and return to our normal environment.

Additional notes:

We also lock down the PC using a tool known as Deepfreeze so the students do not have access to the C drive or any windows files/folders/etc.  This will be applied again once we figure out how to get a safe, reusable VM running.

Thank you to the community for reading this!

------------------------------
~ Noob of VM worlds, lover of Win95 ~
------------------------------

To manage who can access which virtual machine(s), VMware Workstation has created a permissions system with roles to assign to that user or group of users.

Note that you can manage the permissions on each shared virtual machine (via the menu : VM -> Manage -> Permissions) or globally by right-clicking "Permissions" on "Shared VMs".

By default, the Administrator role is assigned to the Windows Administrators group.

Note that the user account created during Windows Setup is automatically a member of the Windows Administrators group.  So, by default, you have access to shared virtual machines with VMware Workstation Server.

By default, several roles are already pre-defined :

No cryptography administrator : no rights
No access : no rights
Read-only : reading right only. This makes it possible to see the virtual machines, but the user will not be able to launch or edit the settings of the virtual machine.
Administrator : all the rights
VM Creator : can create, use, configure, and delete virtual machines
VM User : can change virtual machine settings and use them

To authorize a new user or users group, click on : Add.

Once the user is added, assign him a role.
For example : Read-only.
When you click OK, VMware Workstation will show you this message :
In order for this virtual machine to be accessible using VMware Workstation, the following users will be given read-only access to its host: [name of the added user].