%all.entities; ]> As briefly mentioned in , VBoxManage is the command-line interface to &product-name;. With it, you can completely control &product-name; from the command line of your host operating system. VBoxManage supports all the features that the graphical user interface gives you access to, but it supports a lot more than that. It exposes all the features of the virtualization engine, even those that cannot be accessed from the GUI. You will need to use the command line if you want to do the following: Use a different user interface than the main GUI such as the VBoxHeadless server. Control some of the more advanced and experimental configuration settings for a VM. There are two main things to keep in mind when using VBoxManage. First, VBoxManage must always be used with a specific subcommand, such as list or createvm or startvm. All the subcommands that VBoxManage supports are described in detail in . Second, most of these subcommands require that you specify a particular virtual machine after the subcommand. There are two ways you can do this: You can specify the VM name, as it is shown in the &product-name; GUI. Note that if that name contains spaces, then you must enclose the entire name in double quotes. This is always required with command line arguments that contain spaces. For example: VBoxManage startvm "Windows XP" You can specify the UUID, which is the internal unique identifier that &product-name; uses to refer to the virtual machine. Assuming that the VM called "Windows XP" has the UUID shown below, the following command has the same effect as the previous example: VBoxManage startvm 670e746d-abea-4ba6-ad02-2a3b043810a5 You can enter VBoxManage list vms to have all currently registered VMs listed with all their settings, including their respective names and UUIDs. Some typical examples of how to control &product-name; from the command line are listed below: To create a new virtual machine from the command line and immediately register it with &product-name;, use VBoxManage createvm with the --register option, as follows: $ VBoxManage createvm --name "SUSE 10.2" --register VirtualBox Command Line Management Interface Version version-number (C) 2005-2018 Oracle Corporation All rights reserved. Virtual machine 'SUSE 10.2' is created. UUID: c89fc351-8ec6-4f02-a048-57f4d25288e5 Settings file: '/home/username/.config/VirtualBox/Machines/SUSE 10.2/SUSE 10.2.xml' As can be seen from the above output, a new virtual machine has been created with a new UUID and a new XML settings file. For more details, see . To show the configuration of a particular VM, use VBoxManage showvminfo. See for details and an example. To change settings while a VM is powered off, use VBoxManage modifyvm. For example: VBoxManage modifyvm "Windows XP" --memory 512 See also . To change the storage configuration, such as to add a storage controller and then a virtual disk, use VBoxManage storagectl and VBoxManage storageattach. See and . To control VM operation, use one of the following: To start a VM that is currently powered off, use VBoxManage startvm. See . To pause or save a VM that is currently running or change some of its settings, use VBoxManage controlvm. See . When running VBoxManage without parameters or when supplying an invalid command line, the following command syntax list is shown. Note that the output will be slightly different depending on the host platform. If in doubt, check the output of VBoxManage for the commands available on your particular host. Each time VBoxManage is invoked, only one command can be executed. However, a command might support several subcommands which then can be invoked in one single call. The following sections provide detailed reference information on the different commands. -v|--version: Show the version of this tool and exit. --nologo: Suppress the output of the logo information. This option is useful for scripts. --settingspw: Specifiy a settings password. --settingspwfile: Specify a file containing the settings password. The settings password is used for certain settings which need to be stored in encrypted form for security reasons. At the moment, the only encrypted setting is the iSCSI initiator secret, see . As long as no settings password is specified, this information is stored in plain text. After using the --settingspw|--settingspwfile option once, it must be always used. Otherwise, the encrypted setting cannot be unencrypted. This command starts a virtual machine that is currently in the Powered Off or Saved states. The optional --type specifier determines whether the machine will be started in a window or whether the output should go through VBoxHeadless, with VRDE enabled or not. See . The list of types is subject to change, and it is not guaranteed that all types are accepted by any product variant. The global or per-VM default value for the VM frontend type will be taken if the type is not explicitly specified. If none of these are set, the GUI variant will be started. The following values are allowed: gui Starts a VM showing a GUI window. This is the default. headless Starts a VM without a window for remote display only. separate Starts a VM with a detachable UI. Technically, it is a headless VM with user interface in a separate process. This is an experimental feature as it lacks certain functionality, such as 3D acceleration. If you experience problems with starting virtual machines with particular frontends and there is no conclusive error information, consider starting virtual machines directly by running the respective front-end, as this can give additional error information. The controlvm subcommand enables you to change the state of a virtual machine that is currently running. The following can be specified: VBoxManage controlvm <vm> pause: Temporarily puts a virtual machine on hold, without permanently changing its state. The VM window is gray, to indicate that the VM is currently paused. This is equivalent to selecting the Pause item in the Machine menu of the GUI. Use VBoxManage controlvm <vm> resume: Undoes a previous pause command. This is equivalent to selecting the Resume item in the Machine menu of the GUI. VBoxManage controlvm <vm> reset: Has the same effect on a virtual machine as pressing the Reset button on a real computer. A cold reboot of the virtual machine is done, which immediately restarts and reboots the guest operating system. The state of the VM is not saved beforehand, and data may be lost. This is equivalent to selecting the Reset item in the Machine menu of the GUI. VBoxManage controlvm <vm> poweroff: Has the same effect on a virtual machine as pulling the power cable on a real computer. The state of the VM is not saved beforehand, and data may be lost. This is equivalent to selecting the Close item in the Machine menu of the GUI, or clicking the VM window's close button, and then selecting Power Off the Machine in the displayed dialog. After this, the VM's state will be Powered Off. From that state, it can be started again. See . VBoxManage controlvm <vm> savestate: Saves the current state of the VM to disk and then stops the VM. This is equivalent to selecting the Close item in the Machine menu of the GUI or clicking the VM window's close button, and then selecting Save the Machine State in the displayed dialog. After this, the VM's state will be Saved. From this state, it can be started again. See . VBoxManage controlvm <vm> acpipowerbutton: Sends an ACPI shutdown signal to the VM, as if the power button on a real computer had been pressed. So long as the VM is running a fairly modern guest operating system providing ACPI support, this should trigger a proper shutdown mechanism from within the VM. VBoxManage controlvm <vm> keyboardputscancode <hex> [<hex>...]: Sends commands using keycodes to the VM. Keycodes are documented in the public domain. For example: http://www.win.tue.nl/~aeb/linux/kbd/scancodes-1.html. VBoxManage controlvm "VM name" teleport --hostname <name> --port <port> [--passwordfile <file> | --password <password>]: Makes the machine the source of a teleporting operation and initiates a teleport to the given target. See . If the optional password is specified, it must match the password that was given to the modifyvm command for the target machine. See . The following extra options are available with controlvm that do not directly affect the VM's running state: setlinkstate<1-N> on|off: Connects or disconnects virtual network cables from their network interfaces. nic<1-N> null|nat|bridged|intnet|hostonly|generic|natnetwork[<devicename>]: Specifies the type of networking that should be made available on the specified VM virtual network card. They available types are: not connected to the host (null), use network address translation (nat), bridged networking (bridged), communicate with other virtual machines using internal networking (intnet), host-only networking (hostonly), natnetwork networking (natnetwork), or access to rarely used submodes (generic). These options correspond to the modes which are described in detail in . With the nictrace options, you can optionally trace network traffic by dumping it to a file, for debugging purposes. nictrace<1-N> on|off: Enables network tracing for a particular virtual network card. Before enabling you should specify a file name to which the trace should be logged. This can be done with the nictracefile<1-N> <filename> option to VBoxManage controlvm at runtime or with the <filename> option to VBoxManage modifyvm otherwise. nicpromisc<1-N> deny|allow-vms|allow-all: Specifies how the promiscious mode is handled for the specified VM virtual network card. This setting is only relevant for bridged networking. The default setting of deny hides any traffic not intended for this VM. allow-vms hides all host traffic from this VM but enables the VM to see traffic to and from other VMs. allow-all removes this restriction completely. nicproperty<1-N> <paramname>="paramvalue": This option, in combination with nicgenericdrv enables you to pass parameters to rarely-used network backends. Those parameters are backend engine-specific, and are different between UDP Tunnel and the VDE backend drivers. See . natpf<1-N> [<name>],tcp|udp,[<hostip>],<hostport>,[<guestip>], <guestport>: Specifies a NAT port-forwarding rule. See . natpf<1-N> delete <name>: Deletes a NAT port-forwarding rule. See . The guestmemoryballoon<balloon size in MB>: Changes the size of the guest memory balloon. This is the memory allocated by the &product-name; Guest Additions from the guest operating system and returned to the hypervisor for reuse by other virtual machines. This must be specified in megabytes. See . usbattach<uuid|address> [--capturefile <filename>] and usbdetach <uuid|address> [--capturefile <filename>]: Makes host USB devices visible or invisible to the virtual machine on the fly, without the need for creating filters first. The USB devices can be specified by UUID (unique identifier) or by address on the host system. Use the --capturefile option to specify the absolute path of a file for writing activity logging data. You can use VBoxManage list usbhost to locate this information. audioin on: Selects whether capturing audio from the host is enabled or disabled. audioout on: Selects whether audio playback from the guest is enabled or disabled. clipboard mode disabled|hosttoguest|guesttohost|bidirectional: Selects how the guest or host operating system's clipboard should be shared with the host or guest. See . This requires that the Guest Additions be installed in the virtual machine. clipboard filetransfers enabled|disabled: Specifies if clipboard file transfers are allowed between host and guest OSes or not. draganddrop disabled|hosttoguest|guesttohost|bidirectional: Selects the current drag and drop mode being used between the host and the virtual machine. See . This requires that the Guest Additions be installed in the virtual machine. vrde on|off: Enables and disables the VRDE server, if it is installed. vrdeport default|<ports>: Changes the port or a range of ports that the VRDE server can bind to. default or 0 means port 3389, the standard port for RDP. See the description for the --vrde-port option in . vrdeproperty "TCP/Ports|Address=<value>": Sets the port numbers and IP address on the VM to which the VRDE server can bind. For TCP/Ports, <value> should be a port or a range of ports to which the VRDE server can bind. default or 0 means port 3389, the standard port for RDP. See the description for the --vrde-port option in . For TCP/Address, <value>: The IP address of the host network interface that the VRDE server will bind to. If specified, the server will accept connections only on the specified host network interface. See the description for the --vrde-address option in . vrdeproperty "VideoChannel/Enabled|Quality|DownscaleProtection=<value>": Sets the VRDP video redirection properties. For VideoChannel/Enabled, <value> can be set to "1" switching the VRDP video channel on. See . For VideoChannel/Quality, <value> should be set between 10 and 100% inclusive, representing a JPEG compression level on the VRDE server video channel. Lower values mean lower quality but higher compression. See . For VideoChannel/DownscaleProtection, <value> can be set to "1" to enable the videochannel downscale protection feature. When enabled, if a video's size equals the shadow buffer size, then it is regarded as a full screen video, and is displayed. If its size is between fullscreen and the downscale threshold it is not displayed, as it could be an application window, which would be unreadable when downscaled. When the downscale protection feature is disabled, an attempt is always made to display videos. vrdeproperty "Client/DisableDisplay|DisableInput|DisableAudio|DisableUSB=1": Disables one of the VRDE server features: Display, Input, Audio, or USB. To reenable a feature, use "Client/DisableDisplay=" for example. See . vrdeproperty "Client/DisableClipboard|DisableUpstreamAudio=1". Disables one of the VRDE server features: Clipboard or UpstreamAudio. To reenable a feature, use "Client/DisableClipboard=" for example. See . vrdeproperty "Client/DisableRDPDR=1": Disables the VRDE server feature: RDP device redirection for smart cards. To reenable this feature, use "Client/DisableRDPR=". vrdeproperty "H3DRedirect/Enabled=1": Enables the VRDE server feature: 3D redirection. To disable this feature, use "H3DRedirect/Enabled=". vrdeproperty "Security/Method|ServerCertificate|ServerPrivateKey|CACertificate=<value>": Sets the desired security method, path of the server certificate, path of the server private key, and path of CA certificate, used for a connection. vrdeproperty "Security/Method=<value>": Sets the desired security method, which is used for a connection. Valid values are as follows: Negotiate: Both Enhanced (TLS) and Standard RDP Security connections are allowed. The security method is negotiated with the client. This is the default setting. RDP: Only Standard RDP Security is accepted. TLS: Only Enhanced RDP Security is accepted. The client must support TLS. See . vrdeproperty "Security/ServerCertificate=<value>" where <value> is the absolute path of the server certificate. See . vrdeproperty "Security/ServerPrivateKey=<value>" where <value> is the absolute path of the server private key. See . vrdeproperty "Security/CACertificate=<value>" where <value> is the absolute path of the CA self signed certificate. See . vrdeproperty "Audio/RateCorrectionMode|LogPath=<value>": Sets the audio connection mode, or path of the audio logfile. vrdeproperty "Audio/RateCorrectionMode=<value>" where <value> is the desired rate correction mode, allowed values are: VRDP_AUDIO_MODE_VOID: No mode specified, use to unset any Audio mode already set. VRDP_AUDIO_MODE_RC: Rate correction mode. VRDP_AUDIO_MODE_LPF: Low pass filter mode. VRDP_AUDIO_MODE_CS: Client sync mode to prevent underflow or overflow of the client queue. vrdeproperty "Audio/LogPath=<value>" where <value> is the absolute path of the audio log file. vrdevideochannelquality <percent>: Sets the image quality for video redirection. See . setvideomodehint: Requests that the guest system change to a particular video mode. This requires that the Guest Additions be installed, and will not work for all guest systems. screenshotpng: Takes a screenshot of the guest display and saves it in PNG format. recording on|off enables or disables the recording of a VM session into a WebM/VP8 file. When this option value is on, recording begins when the VM session starts. recordingscreens all|screen-ID [screen-ID ...] enables you to specify which VM screens to record. The recording for each screen that you specify is saved to its own file. You cannot modify this setting while recording is enabled. recordingfile filename specifies the file in which to save the recording. You cannot modify this setting while recording is enabled. recordingvideores widthxheight specifies the resolution of the recorded video in pixels. You cannot modify this setting while recording is enabled. recordingvideorate bit-rate specifies the bit rate of the video in kilobits per second. Increasing this value improves the appearance of the video at the cost of an increased file size. You cannot modify this setting while recording is enabled. recordingvideofps fps specifies the maximum number of video frames per second (FPS) to record. Frames that have a higher frequency are skipped. Increasing this value reduces the number of skipped frames and increases the file size. You cannot modify this setting while recording is enabled. recordingmaxtime seconds specifies the maximum amount time to record in seconds. The recording stops after the specified number of seconds elapses. If this value is zero, the recording continues until you stop the recording. recordingmaxsize MB specifies the maximum size of the recorded video file in megabytes. The recording stops when the file reaches the specified size. If this value is zero, the recording continues until you stop the recording. You cannot modify this setting while recording is enabled. recordingopts keyword=value[,keyword=value ...] specifies additional recording options in a comma-separated keyword-value format. For example, foo=bar,a=b. You cannot modify this setting while recording is enabled. Only use this option only if you are an advanced user. For information about keywords, see Oracle VM VirtualBox Programming Guide and Reference. setcredentials: Used for remote logins on Windows guests. See . teleport --host <name> --port <port>: Configures a VM as a target for teleporting. <name> specifies the virtual machine name. <port> specifies the port on the virtual machine which should listen for teleporting requests from other virtual machines. It can be any free TCP/IP port number, such as 6000. See . --maxdowntime <msec>: Specifies the maximum downtime, in milliseconds, for the teleporting target VM. Optional. --password <password>: The teleporting request will only succeed if the source machine specifies the same password as the one given with this command. Optional. --passwordfile <password file>: The teleporting request will only succeed if the source machine specifies the same password as the one specified in the password file with the path specified with this command. Use stdin to read the password from stdin. Optional. plugcpu|unplugcpu <id>: If CPU hot-plugging is enabled, this setting adds and removes a virtual CPU to the virtual machine. <id> specifies the index of the virtual CPU to be added or removed and must be a number from 0 to the maximum number of CPUs configured. CPU 0 can never be removed. The cpuexecutioncap <1-100>: Controls how much CPU time a virtual CPU can use. A value of 50 implies a single virtual CPU can use up to 50% of a single host CPU. vm-process-priority default|flat|low|normal|high: Changes the priority scheme of the VM process. See . webcam attach <path|alias> [<keyword=value>[;<keyword=value>...]]: Attaches a webcam to a running VM. Specify the absolute path of the webcam on the host operating system, or use its alias, obtained by using the command: VBoxManage list webcams. Note that alias '.0' means the default video input device on the host operating system, '.1', '.2', etc. mean first, second, etc. video input device. The device order is host-specific. The optional settings parameter is a ; delimited list of name-value pairs, enabling configuration of the emulated webcam device. The following settings are supported: MaxFramerate: Specifies the highest rate in frames per second, at which video frames are sent to the guest. Higher frame rates increase CPU load, so this setting can be useful when there is a need to reduce CPU load. The default setting is no maximum limit, thus enabling the guest to use all frame rates supported by the host webcam. MaxPayloadTransferSize: Specifies the maximum number of bytes the emulated webcam can send to the guest in one buffer. The default setting is 3060 bytes, which is used by some webcams. Higher values can slightly reduce CPU load, if the guest is able to use larger buffers. Note that higher MaxPayloadTransferSize values may be not supported by some guest operating systems. webcam detach <path|alias>: Detaches a webcam from a running VM. Specify the absolute path of the webcam on the host, or use its alias obtained from the webcam list command. Please note the following points, relating to specific host operating systems: Windows hosts: When the webcam device is detached from the host, the emulated webcam device is automatically detached from the guest. Mac OS X hosts: OS X version 10.7 or newer is required. When the webcam device is detached from the host, the emulated webcam device remains attached to the guest and must be manually detached using the VBoxManage controlvm webcam detach command. Linux hosts: When the webcam is detached from the host, the emulated webcam device is automatically detached from the guest only if the webcam is streaming video. If the emulated webcam is inactive, it should be manually detached using the VBoxManage controlvm webcam detach command. webcam list: Lists webcams attached to the running VM. The output is a list of absolute paths or aliases that were used for attaching the webcams to the VM using the webcam attach command. addencpassword <id> <password file>|- [--removeonsuspend <yes|no>]: Supplies an encrypted VM specified by <id> with the encryption password to enable a headless start. Either specify the absolute path of a password file on the host file system: <password file>, or use - to instruct VBoxManage to prompt the user for the encryption password. --removeonsuspend <yes|no>: Specifies whether to remove the passsword or keep the password in VM memory when the VM is suspended. If the VM has been suspended and the password has been removed, the user needs to resupply the password before the VM can be resumed. This feature is useful in cases where the user does not want the password to be stored in VM memory, and the VM is suspended by a host suspend event. On &product-name; versions 5.0 and later, data stored on hard disk images can be transparently encrypted for the guest. &product-name; uses the AES algorithm in XTS mode and supports 128 or 256 bit data encryption keys (DEK). The DEK is stored encrypted in the medium properties, and is decrypted during VM startup by supplying the encryption password. The VBoxManage encryptmedium command is used to create a DEK encrypted medium. See . When starting an encrypted VM from the &product-name; GUI, the user will be prompted for the encryption password. For a headless encrypted VM start, use the following command: VBoxManage startvm "vmname" --type headless Then supply the required encryption password as follows: VBoxManage "vmname" controlvm "vmname" addencpassword ... removeencpassword <id>: Removes encryption password authorization for password <id> for all encrypted media attached to the VM. removeallencpasswords: Removes encryption password authorization for all passwords for all encrypted media attached to the VM. changeuartmode <1-N>: Changes the connection mode for a given virtual serial port. This command discards the saved state of a virtual machine which is not currently running. This will cause the VM's operating system to restart next time you start it. This is the equivalent of pulling out the power cable on a physical machine, and should be avoided if possible. If you have a Saved state file (.sav) that is separate from the VM configuration, you can use this command to adopt the file. This will change the VM to saved state and when you start it, &product-name; will attempt to restore it from the saved state file you indicated. This command should only be used in special setups. This command removes a hard disk, DVD, or floppy image from a &product-name; media registry. VBoxManage closemedium [disk|dvd|floppy] <uuid|filename> [--delete] Optionally, you can request that the image be deleted. You will get appropriate diagnostics that the deletion failed, however the image will become unregistered in any case. This command attaches, modifies, and removes a storage medium connected to a storage controller that was previously added with the storagectl command. The syntax is as follows: VBoxManage storageattach <uuid|vmname> --storagectl <name> [--port <number>] [--device <number>] [--type dvddrive|hdd|fdd] [--medium none|emptydrive|additions| <uuid>|<filename>|host:<drive>|iscsi] [--mtype normal|writethrough|immutable|shareable readonly|multiattach] [--comment <text>] [--setuuid <uuid>] [--setparentuuid <uuid>] [--passthrough on|off] [--tempeject on|off] [--nonrotational on|off] [--discard on|off] [--hotpluggable on|off] [--bandwidthgroup name|none] [--forceunmount] [--server <name>|<ip>] [--target <target>] [--tport <port>] [--lun <lun>] [--encodedlun <lun>] [--username <username>] [--password <password>] [--passwordfile <file>] [--initiator <initiator>] [--intnet] A number of parameters are commonly required. Some parameters are required only for iSCSI targets. The common parameters are as follows: uuid|vmname The VM UUID or VM Name. Mandatory. --storagectl Name of the storage controller. Mandatory. The list of the storage controllers currently attached to a VM can be obtained with VBoxManage showvminfo. See . --port The number of the storage controller's port which is to be modified. Mandatory, unless the storage controller has only a single port. --device The number of the port's device which is to be modified. Mandatory, unless the storage controller has only a single device per port. --type Define the type of the drive to which the medium is being attached, detached, or modified. This argument can only be omitted if the type of medium can be determined from either the medium given with the --medium argument or from a previous medium attachment. --medium Specifies what is to be attached. The following values are supported: none: Any existing device should be removed from the given slot. emptydrive: For a virtual DVD or floppy drive only, this makes the device slot behave like a removeable drive into which no media has been inserted. additions: For a virtual DVD drive only, this attaches the VirtualBox Guest Additions image to the given device slot. If a UUID is specified, it must be the UUID of a storage medium that is already known to &product-name;. For example, because it has been attached to another virtual machine. See for details of how to list known media. This medium is then attached to the given device slot. If a filename is specified, it must be the full path of an existing disk image in ISO, RAW, VDI, VMDK, or other format. The disk image is then attached to the given device slot. host:<drive>: For a virtual DVD or floppy drive only, this connects the given device slot to the specified DVD or floppy drive on the host computer. iscsi: For virtual hard disks only, this is used for specifying an iSCSI target. In this case, additional parameters must be given. These are described below. Some of the above changes, in particular for removeable media such as floppies and CDs/DVDs, can be effected while a VM is running. Others, such as device changes or changes in hard disk device slots, require the VM to be powered off. --mtype Defines how this medium behaves with respect to snapshots and write operations. See . --comment An optional description that you want to have stored with this medium. For example, for an iSCSI target, "Big storage server downstairs". This is purely descriptive and not needed for the medium to function correctly. --setuuid, --setparentuuid Modifies the UUID or parent UUID of a medium before attaching it to a VM. This is an expert option. Inappropriate use can make the medium unusable or lead to broken VM configurations if any other VM is referring to the same media already. The most frequently used variant is --setuuid "", which assigns a new random UUID to an image. This option is useful for resolving duplicate UUID errors if you duplicated an image using a file copy utility. --passthrough For a virtual DVD drive only, you can enable DVD writing support. This feature is currently experimental, see . --tempeject For a virtual DVD drive only, you can configure the behavior for guest-triggered medium eject. If this is set to on, the eject has only a temporary effect. If the VM is powered off and restarted the originally configured medium will be still in the drive. --nonrotational Enables you to enable the non-rotational flag for virtual hard disks. Some guests, such as Windows 7 or later, treat such disks like SSDs and do not perform disk fragmentation on such media. --discard Enables the auto-discard feature for a virtual hard disks. This specifies that a VDI image will be shrunk in response to the trim command from the guest OS. The following requirements must be met: The disk format must be VDI. The size of the cleared area must be at least 1 MB. &product-name; will only trim whole 1 MB blocks. The VDIs themselves are organized into 1 MB blocks, so this will only work if the space being trimmed is at least a 1 MB contiguous block at a 1 MB boundary. On Windows, occasional defragmentation with defrag.exe /D, or on Linux running btrfs filesystem defrag as a background cron job may be beneficial. The Guest OS must be configured to issue the trim command, and typically this means that the guest OS is made to see the disk as an SSD. Ext4 supports the -o discard mount flag. Mac OS X probably requires additional settings. Windows should automatically detect and support SSDs, at least in versions 7, 8, and 10. The Linux exFAT driver from Samsung supports the trim command. It is unclear whether Microsoft's implementation of exFAT supports this feature, even though that file system was originally designed for flash. Alternatively, there are other methods to issue trim. For example, the Linux fstrim command, part of the util-linux package. Earlier solutions required a user to zero out unused areas, using zerofree or similar, and to compact the disk. This is only possible when the VM is offline. --bandwidthgroup Sets the bandwidth group to use for the given device. See . --forceunmount For a virtual DVD or floppy drive only, this forcibly unmounts the DVD/CD/Floppy or mounts a new DVD/CD/Floppy even if the previous one is locked down by the guest for reading. See . When iscsi is used with the --medium parameter for iSCSI support, additional parameters must or can be used. See also . --server The host name or IP address of the iSCSI target. Required. --target Target name string. This is determined by the iSCSI target and used to identify the storage resource. Required. --tport TCP/IP port number of the iSCSI service on the target. Optional. --lun Logical Unit Number of the target resource. Optional. Often, this value is zero. --encodedlun Hex-encoded Logical Unit Number of the target resource. Optional. Often, this value is zero. --username, --password, --passwordfile Username and password, called the initiator secret, for target authentication, if required. Optional. Username and password are stored without encryption, in clear text, in the XML machine configuration file if no settings password is provided. When a settings password is specified for the first time, the password is stored in encrypted form. As an alternative to providing the password on the command line, a reference to a file containing the text can be provided using the passwordfile option. --initiator iSCSI Initiator. Optional. Microsoft iSCSI Initiator is a system, such as a server that attaches to an IP network and initiates requests and receives responses from an iSCSI target. The SAN components in Microsoft iSCSI Initiator are largely analogous to Fibre Channel SAN components, and they include the following: To transport blocks of iSCSI commands over the IP network, an iSCSI driver must be installed on the iSCSI host. An iSCSI driver is included with Microsoft iSCSI Initiator. A gigabit Ethernet adapter that transmits 1000 megabits per second (Mbps) is recommended for the connection to an iSCSI target. Like standard 10/100 adapters, most gigabit adapters use a preexisting Category 5 or Category 6E cable. Each port on the adapter is identified by a unique IP address. An iSCSI target is any device that receives iSCSI commands. The device can be an end node, such as a storage device, or it can be an intermediate device, such as a network bridge between IP and Fibre Channel devices. Each port on the storage array controller or network bridge is identified by one or more IP addresses --intnet If specified, connect to the iSCSI target using Internal Networking. This needs further configuration, see . This command attaches, modifies, and removes a storage controller. After this, virtual media can be attached to the controller with the storageattach command. The syntax for this command is as follows: VBoxManage storagectl <uuid|vmname> --name <name> [--add ide|sata|scsi|floppy|sas|usb|pcie] [--controller LSILogic|LSILogicSAS|BusLogic| IntelAhci|PIIX3|PIIX4|ICH6|I82078| USB|NVMe|VirtIO] [--portcount <1-30>] [--hostiocache on|off] [--bootable on|off] [--rename <name>] [--remove] The parameters are as follows: uuid|vmname The VM UUID or VM Name. Mandatory. --name Specifies the name of the storage controller. Mandatory. --add Specifies the type of the system bus to which the storage controller must be connected. --controller Enables a choice of chipset type being emulated for the given storage controller. --portcount This specifies the number of ports the storage controller should support. --hostiocache Configures the use of the host I/O cache for all disk images attached to this storage controller. See . --bootable Specifies whether this controller is bootable. --rename Specifies a new name for the storage controller. --remove Removes the storage controller from the VM configuration. This command creates, deletes, modifies, and shows bandwidth groups of the given virtual machine. VBoxManage bandwidthctl <uuid|vmname> add <name> --type disk|network --limit <MBps>[k|m|g|K|M|G] | set <name> --limit <MBps>[k|m|g|K|M|G] | remove <name> | list [--machinereadable] The following subcommands are available: add: Creates a new bandwidth group of a given type. set: Modifies the limit for an existing bandwidth group. remove: Deletes a bandwidth group. list: Shows all bandwidth groups defined for the given VM. Use the --machinereadable option to produce the same output, but in machine readable format. This is of the form: name="value" on a line by line basis. The parameters are as follows: uuid|vmname The VM UUID or VM Name. Mandatory. --name Name of the bandwidth group. Mandatory. --type Type of the bandwidth group. Mandatory. Two types are supported: disk and network. See or for the description of a particular type. --limit Specifies the limit for the given bandwidth group. This can be changed while the VM is running. The default unit is megabytes per second. The unit can be changed by specifying one of the following suffixes: k for kilobits per second, m for megabits per second, g for gigabits per second, K for kilobytes per second, M for megabytes per second, G for gigabytes per second. The network bandwidth limits apply only to the traffic being sent by virtual machines. The traffic being received by VMs is unlimited. To remove a bandwidth group it must not be referenced by any disks or adapters in the running VM. This command shows information about a medium, notably its size, its size on disk, its type, and the virtual machines which use it. For compatibility with earlier versions of &product-name;, the showvdiinfo command is also supported and mapped internally to the showmediuminfo command. VBoxManage showmediuminfo [disk|dvd|floppy] <uuid|filename> The medium must be specified either by its UUID, if the medium is registered, or by its filename. Registered images can be listed using VBoxManage list hdds, VBoxManage list dvds, or VBoxManage list floppies, as appropriate. See . This command creates a new medium. The syntax is as follows: VBoxManage createmedium [disk|dvd|floppy] --filename <filename> [--size <megabytes>|--sizebyte <bytes>] [--diffparent <uuid>|<filename> [--format VDI|VMDK|VHD] (default: VDI) [--variant Standard,Fixed,Split2G,Stream,ESX,RawDisk] [[--property <name>=<value>] --property <name>=<value>]... [[--property-file <name>=</path/to/file/with/value>] --property-file <name>=</path/to/file/with/value>]... The parameters are as follows: --filename <filename> Specifies a file name <filename> as an absolute path on the host file system. Mandatory. --size <megabytes> Specifies the image capacity, in 1 MB units. Optional. --diffparent <uuid>|<filename> Specifies the differencing image parent, either as a UUID or by the absolute pathname of the file on the host file system. Useful for sharing a base box disk image among several VMs. --format VDI|VMDK|VHD Specifies the file format for the output file. Available options are VDI, VMDK, VHD. The default format is VDI. Optional. --variant Specifies any required file format variants for the output file. This is a comma-separated list of variant flags. Options are Standard,Fixed,Split2G,Stream,ESX,RawDisk. Not all combinations are supported, and specifying mutually incompatible flags results in an error message. Optional. --property <name>=<value> Specifies any required file format dependent parameters in key=value form. Optional. --property-file <name>=</path/to/file/with/value> Specifies any required file format dependent parameters in key=file/with/value form. The value is taken from the file. Optional. For compatibility with earlier versions of &product-name;, the createvdi and createhd commands are also supported and mapped internally to the createmedium command. With the modifymedium command, you can change the characteristics of a disk image after it has been created. VBoxManage modifymedium [disk|dvd|floppy] <uuid|filename> [--type normal|writethrough|immutable|shareable| readonly|multiattach] [--autoreset on|off] [--property <name=[value]>] [--compact] [--resize <megabytes>|--resizebyte <bytes>] [--move <path>] [--setlocation <path>] For compatibility with earlier versions of &product-name;, the modifyvdi and modifyhd commands are also supported and mapped internally to the modifymedium command. The disk image to modify must be specified either by its UUID, if the medium is registered, or by its filename. Registered images can be listed using VBoxManage list hdds, see . A filename must be specified as a valid path, either as an absolute path or as a relative path starting from the current directory. The following options are available: With the --type argument, you can change the type of an existing image between the normal, immutable, write-through and other modes. See . For immutable hard disks only, the --autoreset on|off option determines whether the disk is automatically reset on every VM startup. See . By default, autoreset is on. The --compact option can be used to compact disk images. Compacting removes blocks that only contains zeroes. Using this option will shrink a dynamically allocated image. It will reduce the physical size of the image without affecting the logical size of the virtual disk. Compaction works both for base images and for differencing images created as part of a snapshot. For this operation to be effective, it is required that free space in the guest system first be zeroed out using a suitable software tool. For Windows guests, you can use the sdelete tool provided by Microsoft. Run sdelete -z in the guest to zero the free disk space, before compressing the virtual disk image. For Linux, use the zerofree utility which supports ext2/ext3 filesystems. For Mac OS X guests, use the diskutil secureErase freespace 0 / command from an elevated Terminal. Please note that compacting is currently only available for VDI images. A similar effect can be achieved by zeroing out free blocks and then cloning the disk to any other dynamically allocated format. You can use this workaround until compacting is also supported for disk formats other than VDI. The --resize x option, where x is the desired new total space in megabytes enables you to change the capacity of an existing image. This adjusts the logical size of a virtual disk without affecting the physical size much. This option currently works only for VDI and VHD formats, and only for the dynamically allocated variants. It can only be used to expand, but not shrink, the capacity. For example, if you originally created a 10 GB disk which is now full, you can use the --resize 15360 command to change the capacity to 15 GB (15,360 MB) without having to create a new image and copy all data from within a virtual machine. Note however that this only changes the drive capacity. You will typically next need to use a partition management tool inside the guest to adjust the main partition to fill the drive. The --resizebyte x option does almost the same thing, except that x is expressed in bytes instead of megabytes. The --move <path> option can be used to relocate a medium to a different location <path> on the host file system. The path can be either relative to the current directory or absolute. The --setlocation <path> option can be used to set the new location <path> of the medium on the host file system if the medium has been moved for any reasons. The path can be either relative to the current directory or absolute. The new location is used as is, without any sanity checks. The user is responsible for setting the correct path. This command duplicates a virtual disk, DVD, or floppy medium to a new medium, usually an image file, with a new unique identifier (UUID). The new image can be transferred to another host system or reimported into &product-name; using the Virtual Media Manager. See and . The syntax is as follows: VBoxManage clonemedium [disk|dvd|floppy] <uuid|inputfile> <uuid|outputfile> [--format VDI|VMDK|VHD|RAW|<other>] [--variant Standard,Fixed,Split2G,Stream,ESX] [--existing] The medium to clone as well as the target image must be described either by its UUIDs, if the mediums are registered, or by its filename. Registered images can be listed by VBoxManage list hdds. See . A filename must be specified as valid path, either as an absolute path or as a relative path starting from the current directory. The following options are available: --format Set a file format for the output file different from the file format of the input file. --variant Set a file format variant for the output file. This is a comma-separated list of variant flags. Not all combinations are supported, and specifying inconsistent flags will result in an error message. --existing Perform the clone operation to an already existing destination medium. Only the portion of the source medium which fits into the destination medium is copied. This means if the destination medium is smaller than the source only a part of it is copied, and if the destination medium is larger than the source the remaining part of the destination medium is unchanged. For compatibility with earlier versions of &product-name;, the clonevdi and clonehd commands are still supported and mapped internally to the clonemedium command. This command sets, gets, or deletes a medium property. The syntax is as follows: VBoxManage mediumproperty [disk|dvd|floppy] set <uuid|filename> <property> <value> Use <disk|dvd|floppy> to optionally specify the type of medium: disk (hard drive), dvd, or floppy. Use <uuid|filename> to supply either the UUID or absolute path of the medium or image. Use <property> to supply the name of the property. Use <value> to supply the property value. VBoxManage mediumproperty [disk|dvd|floppy] get <uuid|filename> <property> Use <disk|dvd|floppy> to optionally specify the type of medium: disk (hard drive), dvd, or floppy. Use <uuid|filename> to supply either the UUID or absolute path of the medium or image. Use <property> to supply the name of the property. VBoxManage mediumproperty [disk|dvd|floppy] delete <uuid|filename> <property> Use <disk|dvd|floppy> to optionally specify the type of medium: disk (hard drive), dvd, or floppy. Use <uuid|filename> to supply either the UUID or absolute path of the medium or image. Use <property> to supply the name of the property. This command is used to create a DEK encrypted medium or image. See . The syntax is as follows: VBoxManage encryptmedium <uuid|filename> [--newpassword <file|->] [--oldpassword <file|->] [--cipher <cipher id>] [--newpasswordid <password id>] Use <uuid|filename> to supply the UUID or absolute path of the medium or image to be encrypted. Use --newpassword <file|-> to supply a new encryption password. Either specify the absolute pathname of a password file on the host operating system, or - to prompt you for the password on the command line. Always use the --newpasswordid option with this option. Use --oldpassword <file|-> to supply any old encryption password. Either specify the absolute pathname of a password file on the host operating system, or - to prompt you for the old password on the command line. Use this option to gain access to an encrypted medium or image to either change its password using --newpassword or change its encryption using --cipher. Use --cipher <cipher> to specify the cipher to use for encryption. This can be either AES-XTS128-PLAIN64 or AES-XTS256-PLAIN64. Use this option to change any existing encryption on the medium or image, or to set up new encryption on it for the first time. Use --newpasswordid <password id> to supply the new password identifier. This can be chosen by the user, and is used for correct identification when supplying multiple passwords during VM startup. If the user uses the same password when encrypting multiple images and also the same password identifier, the user needs to supply the password only once during VM startup. This command is used to check the current encryption password on a DEK encrypted medium or image. See . The syntax is as follows: VBoxManage checkmediumpwd <uuid|filename> <pwd file|-> Use <uuid|filename> to supply the UUID or absolute path of the medium or image to be checked. Use <pwd file|-> to supply the password identifier to be checked. Either specify the absolute pathname of a password file on the host operating system, or - to prompt you for the password on the command line. This command converts a raw disk image to an &product-name; Disk Image (VDI) file. The syntax is as follows: VBoxManage convertfromraw <filename> <outputfile> [--format VDI|VMDK|VHD] [--variant Standard,Fixed,Split2G,Stream,ESX] [--uuid <uuid>] VBoxManage convertfromraw stdin <outputfile> <bytes> [--format VDI|VMDK|VHD] [--variant Standard,Fixed,Split2G,Stream,ESX] [--uuid <uuid>] The parameters are as follows: --bytes The size of the image file, in bytes, provided through stdin. --format Select the disk image format to create. The default format is VDI. Other options are VMDK and VHD. --variant Choose a file format variant for the output file. This is a comma-separated list of variant flags. Not all combinations are supported, and specifying inconsistent flags will result in an error message. --uuid Specify the UUID of the output file. The stdin form of the command forces VBoxManage to read the content of the disk image from standard input. This useful when using the command in a pipe. For compatibility with earlier versions of &product-name;, the convertdd command is also supported and mapped internally to the convertfromraw command. These commands enable you to attach and retrieve string data for a virtual machine or for an &product-name; configuration, by specifying global instead of a virtual machine name. You must specify a keyword as a text string to associate the data with, which you can later use to retrieve it. For example: VBoxManage setextradata Fedora5 installdate 2006.01.01 VBoxManage setextradata SUSE10 installdate 2006.02.02 This example would associate the string "2006.01.01" with the keyword installdate for the virtual machine Fedora5, and "2006.02.02" on the machine SUSE10. You could then retrieve the information as follows: VBoxManage getextradata Fedora5 installdate This would return the following: VirtualBox Command Line Management Interface Version version-number (C) 2005-2018 Oracle Corporation All rights reserved. Value: 2006.01.01 You could retrieve the information for all keywords as follows: VBoxManage getextradata Fedora5 enumerate To remove a keyword, the setextradata command must be run without specifying data, only the keyword. For example: VBoxManage setextradata Fedora5 installdate This command is used to change global settings which affect the entire &product-name; installation. Some of these correspond to the settings in the Preferences dialog in the VirtualBox Manager. The following properties are available: machinefolder Specifies the default folder in which virtual machine definitions are kept. See . hwvirtexclusive Specifies whether &product-name; will make exclusive use of the hardware virtualization extensions (Intel VT-x or AMD-V) of the host system's processor. See . If you wish to share these extensions with other hypervisors running at the same time, you must disable this setting. Doing so has negative performance implications. vrdeauthlibrary Specifies which library to use when external authentication has been selected for a particular virtual machine. See . websrvauthlibrary Specifies which library the web service uses to authenticate users. For details about the &product-name; web service, see the &product-name; SDK reference, . vrdeextpack Specifies which library implements the VirtualBox Remote Desktop Extension. loghistorycount Selects how many rotated VM logs are retained. autostartdbpath Selects the path to the autostart database. See . defaultfrontend Selects the global default VM frontend setting. See . logginglevel Configures the VBoxSVC release logging details. See . proxymode Configures the mode for an HTTP proxy server. proxyurl Configures the URL for an HTTP proxy server. Used when a manual proxy is configured using the manual setting of the proxymode property. language Specifies the user language used to translate API messages. Valid values are C, which means no translation or language code in form either ll or ll_CC, where ll is language 2 letters code in lower case and CC is country 2 letter code in upper case. VBoxManage usbfilter add <index,0-N> --target <uuid|vmname>global --name <string> --action ignore|hold (global filters only) [--active yes|no (yes)] [--vendorid <XXXX> (null)] [--productid <XXXX> (null)] [--revision <IIFF> (null)] [--manufacturer <string> (null)] [--product <string> (null)] [--remote yes|no (null, VM filters only)] [--serialnumber <string> (null)] [--maskedinterfaces <XXXXXXXX>] VBoxManage usbfilter modify <index,0-N> --target <uuid|vmname>global [--name <string>] [--action ignore|hold (global filters only)] [--active yes|no] [--vendorid <XXXX>] [--productid <XXXX>] [--revision <IIFF>] [--manufacturer <string>] [--product <string>] [--remote yes|no (null, VM filters only)] [--serialnumber <string>] [--maskedinterfaces <XXXXXXXX>] VBoxManage usbfilter remove <index,0-N> --target <uuid|vmname>global The usbfilter commands are used for working with USB filters in virtual machines, or global filters which affect the whole &product-name; setup. Global filters are applied before machine-specific filters, and may be used to prevent devices from being captured by any virtual machine. Global filters are always applied in a particular order, and only the first filter which fits a device is applied. For example, if the first global filter says to hold, or make available, a particular Kingston memory stick device and the second filter says to ignore all Kingston devices. That particular Kingston memory stick will be available to any machine with the appropriate filter, but no other Kingston device will. When creating a USB filter using usbfilter add, you must supply three or four mandatory parameters. The index specifies the position in the list at which the filter should be placed. If there is already a filter at that position, then it and the following ones will be shifted back one place. Otherwise, the new filter will be added onto the end of the list. The target parameter selects the virtual machine that the filter should be attached to or use global to apply it to all virtual machines. name is a name for the new filter. For global filters, action says whether to allow VMs access to devices that fit the filter description (hold) or not to give them access (ignore). In addition, you should specify parameters to filter by. You can find the parameters for devices attached to your system using VBoxManage list usbhost. Finally, you can specify whether the filter should be active. For local filters, whether they are for local devices, remote devices over an RDP connection, or either. When you modify a USB filter using usbfilter modify, you must specify the filter by index and by target, which is either a virtual machine or global. See the output of VBoxManage list usbfilters to find global filter indexes and VBoxManage showvminfo to find indexes for individual machines. The properties which can be changed are the same as for usbfilter add. To remove a filter, use usbfilter remove and specify the index and the target. The following is a list of the additional usbfilter add and usbfilter modify options, with details of how to use them. --action ignore|hold: Specifies whether devices that fit the filter description are allowed access by machines (hold), or have access denied (ignore). Applies to global filters only. --active yes|no: Specifies whether the USB Filter is active or temporarily disabled. For usbfilter create the default is active. --vendorid <XXXX>|"": Specifies a vendor ID filter. The string representation for an exact match has the form XXXX, where X is the hexadecimal digit, including leading zeroes. --productid <XXXX>|"": Specifies a product ID filter. The string representation for an exact match has the form XXXX, where X is the hexadecimal digit, including leading zeroes. --revision <IIFF>|"": Specifies a revision ID filter. The string representation for an exact match has the form IIFF, where I is the decimal digit of the integer part of the revision, and F is the decimal digit of its fractional part, including leading and trailing zeros. Note that for interval filters, it is best to use the hexadecimal form, because the revision is stored as a 16-bit packed BCD value. Therefore, the expression int:0x0100-0x0199 will match any revision from 1.0 to 1.99 inclusive. --manufacturer <string>|"": Specifies a manufacturer ID filter, as a string. --product <string>|"": Specifies a product ID filter, as a string. --remote yes|no"": Specifies a remote filter, indicating whether the device is physically connected to a remote VRDE client or to a local host machine. Applies to VM filters only. --serialnumber <string>|"": Specifies a serial number filter, as a string. --maskedinterfaces <XXXXXXXX>: Specifies a masked interface filter, for hiding one or more USB interfaces from the guest. The value is a bit mask where the set bits correspond to the USB interfaces that should be hidden, or masked off. This feature only works on Linux hosts. The guestproperty commands enable you to get or set properties of a running virtual machine. See . Guest properties are arbitrary keyword-value string pairs which can be written to and read from by either the guest or the host, so they can be used as a low-volume communication channel for strings, provided that a guest is running and has the Guest Additions installed. In addition, a number of values whose keywords begin with /VirtualBox/are automatically set and maintained by the Guest Additions. The following subcommands are available, where <vm> can either be a VM name or a VM UUID, as with the other VBoxManage commands: enumerate <vm> [--patterns <pattern>]: Lists all the guest properties that are available for the given VM, including the value. This list will be very limited if the guest's service process cannot be contacted, for example because the VM is not running or the Guest Additions are not installed. If --patterns <pattern> is specified, it acts as a filter to only list properties that match the given pattern. The pattern can contain the following wildcard characters: * (asterisk): Represents any number of characters. For example, "/VirtualBox*" would match all properties beginning with "/VirtualBox". ? (question mark): Represents a single arbitrary character. For example, "fo?" would match both "foo" and "for". | (pipe symbol): Can be used to specify multiple alternative patterns. For example, "s*|t*" would match anything starting with either "s" or "t". get <vm> <property>: Retrieves the value of a single property only. If the property cannot be found, for example because the guest is not running, the following message is shown: No value set! set <vm> <property> [<value> [--flags <flags>]]: Enables you to set a guest property by specifying the keyword and value. If <value> is omitted, the property is deleted. With --flags, you can specify additional behavior. You can combine several flags by separating them with commas. TRANSIENT: The value will not be stored with the VM data when the VM exits. TRANSRESET: The value will be deleted as soon as the VM restarts or exits. RDONLYGUEST: The value can only be changed by the host, but the guest can only read it. RDONLYHOST: The value can only be changed by the guest, but the host can only read it. READONLY: The value cannot be changed at all. wait <vm> <pattern> --timeout <timeout>: Waits for a particular value described by the pattern string to change or to be deleted or created. The pattern rules are the same as for the enumerate subcommand. delete <vm> <property>: Deletes a guest property which has been set previously. The guestcontrol commands enable control of the guest from the host. See for an introduction. The guestcontrol command has two sets of subcommands. The first set requires guest credentials to be specified, the second does not. The first set of subcommands is of the following form: VBoxManage guestcontrol <uuid|vmname> <sub-command> [--username <name> ] [--passwordfile <file> | --password <password>] [--domain <domain> ] [-v|--verbose] [-q|quiet] ... The common options are as follows: [--username <name> ] [--passwordfile <file> | --password <password>] [--domain <domain> ] [-v|--verbose] [-q|quiet] The common options for the first set of subcommands are explained in the following list. <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --username <name> Specifies the user name on guest OS under which the process should run. This user name must already exist on the guest OS. If unspecified, the host user name is used. Optional --passwordfile <file>|--password Specifies the absolute path on guest file system of password file containing the password for the specified user account or password for the specified user account. Optional. If both are omitted, empty password is assumed. --domain <domain> User domain for Windows guests. Optional. -v|--verbose Makes the subcommand execution more verbose. Optional -q|--quiet Makes the subcommand execution quieter. Optional. The first set of subcommands are as follows: run: Executes a guest program, forwarding stdout, stderr, and stdin to and from the host until it completes. VBoxManage guestcontrol <uuid|vmname> run [common-options] --exe <path to executable> [--timeout <msec>] [-E|--putenv <NAME>[=<VALUE>]] [--unquoted-args] [--ignore-operhaned-processes] [--profile] [--no-wait-stdout|--wait-stdout] [--no-wait-stderr|--wait-stderr] [--dos2unix] [--unix2dos] -- <program/arg0> [argument1] ... [argumentN]] <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --exe <path to executable> Specifies the absolute path of the executable on the guest OS file system. Mandatory. For example: C:\Windows\System32\calc.exe. --timeout <msec> Specifies the maximum time, in microseconds, that the executable can run, during which VBoxManage receives its output. Optional. If unspecified, VBoxManage waits indefinitely for the process to end, or an error occurs. -E|--putenv <NAME>=<VALUE> Sets, modifies, and unsets environment variables in the environment in which the program will run. Optional. The guest process is created with the standard default guest OS environment. Use this option to modify that default environment. To set or modify a variable use: <NAME>=<VALUE>. To unset a variable use: <NAME>= Any spaces in names and values should be enclosed by quotes. To set, modify, and unset multiple variables, use multiple instances of the --E|--putenv option. --unquoted-args Disables escaped double quoting, such as \"fred\", on arguments passed to the executed program. Optional. --ignore-operhaned-processes Ignore orphaned processes. Not yet implemented. Optional. --profile Use Profile. Not yet implemented. Optional. --no-wait-stdout|--wait-stdout Does not wait or waits until the guest process ends and receives its exit code and reason/flags. In the case of --wait-stdout, VBoxManage receives its stdout while the process runs. Optional. --no-wait-stderr|--wait-stderr Does not wait or waits until the guest process ends and receives its exit code, error messages, and flags. In the case of --wait-stderr, VBoxManage receives its stderr while the process runs. Optional. --dos2unix Converts output from DOS/Windows guests to UNIX/Linux-compatible line endings, CR + LF to LF. Not yet implemented. Optional. --unix2dos Converts output from a UNIX/Linux guests to DOS/Windows-compatible line endings, LF to CR + LF. Not yet implemented. Optional. [-- <program/arg0> [<argument1>] ... [<argumentN>]] Specifies the program name, followed by one or more arguments to pass to the program. Optional. Any spaces in arguments should be enclosed by quotes. On Windows there are certain limitations for graphical applications. See . Examples of using the guestcontrol run command are as follows: VBoxManage --nologo guestcontrol "My VM" run --exe "/bin/ls" --username foo --passwordfile bar.txt --wait-exit --wait-stdout -- -l /usr VBoxManage --nologo guestcontrol "My VM" run --exe "c:\\windows\\system32\\ipconfig.exe" --username foo --passwordfile bar.txt --wait-exit --wait-stdout Note that the double backslashes in the second example are only required on UNIX hosts. For certain commands a user name of an existing user account on the guest must be specified. Anonymous executions are not supported for security reasons. A user account password, however, is optional and depends on the guest's OS security policy or rules. If no password is specified for a given user name, an empty password will be used. On certain OSes like Windows the security policy may needs to be adjusted in order to allow user accounts with an empty password set. Also, global domain rules might apply and therefore cannot be changed. Starting at &product-name; 4.1.2 guest process execution by default is limited to serve up to five guest processes at a time. If a new guest process gets started which would exceed this limit, the oldest not running guest process will be discarded in order to be able to run that new process. Also, retrieving output from this old guest process will not be possible anymore then. If all five guest processes are still active and running, starting a new guest process will result in an appropriate error message. To raise or lower the guest process execution limit, either use the guest property /VirtualBox/GuestAdd/VBoxService/--control-procs-max-kept or VBoxService command line by specifying --control-procs-max-kept needs to be modified. A restart of the guest OS is required afterwards. To serve unlimited guest processes, a value of 0 needs to be set, but this is not recommended. start: Executes a guest program until it completes. VBoxManage guestcontrol <uuid|vmname> start [common-options] [--exe <path to executable>] [--timeout <msec>] [-E|--putenv <NAME>[=<VALUE>]] [--unquoted-args] [--ignore-operhaned-processes] [--profile] -- <program/arg0> [argument1] ... [argumentN]] Where the options are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --exe <path to executable> Specifies the absolute path of the executable on the guest OS file system. Mandatory. For example: C:\Windows\System32\calc.exe --timeout <msec> Specifies the maximum time, in microseconds, that the executable can run. Optional. If unspecified, VBoxManage waits indefinitely for the process to end, or an error occurs. -E|--putenv <NAME>=<VALUE> Sets, modifies, and unsets environment variables in the environment in which the program will run. Optional. The guest process is created with the standard default guest OS environment. Use this option to modify that default environment. To set or modify a variable use: <NAME>=<VALUE>. To unset a variable use: <NAME>= Any spaces in names and values should be enclosed by quotes. To set, modify, or unset multiple variables, use multiple instances of the --E|--putenv option. --unquoted-args Disables escaped double quoting, such as \"fred\", on arguments passed to the executed program. Optional. --ignore-operhaned-processes Ignores orphaned processes. Not yet implemented. Optional. --profile Use a profile. Not yet implemented. Optional. [-- <program/arg0> [<argument1>] ... [<argumentN>]] Specifies the program name, followed by one or more arguments to pass to the program. Optional. Any spaces in arguments should be enclosed by quotes. On Windows there are certain limitations for graphical applications. See . Examples of using the guestcontrol start command are as follows: VBoxManage --nologo guestcontrol "My VM" start --exe "/bin/ls" --username foo --passwordfile bar.txt --wait-exit --wait-stdout -- -l /usr VBoxManage --nologo guestcontrol "My VM" start --exe "c:\\windows\\system32\\ipconfig.exe" --username foo --passwordfile bar.txt --wait-exit --wait-stdout Note that the double backslashes in the second example are only required on UNIX hosts. For certain commands a user name of an existing user account on the guest must be specified. Anonymous executions are not supported for security reasons. A user account password, however, is optional and depends on the guest's OS security policy or rules. If no password is specified for a given user name, an empty password will be used. On certain OSes like Windows the security policy may needs to be adjusted in order to allow user accounts with an empty password set. Also, global domain rules might apply and therefore cannot be changed. Starting at &product-name; 4.1.2 guest process execution by default is limited to serve up to five guest processes at a time. If a new guest process gets started which would exceed this limit, the oldest not running guest process will be discarded in order to be able to run that new process. Also, retrieving output from this old guest process will not be possible anymore then. If all five guest processes are still active and running, starting a new guest process will result in an appropriate error message. To raise or lower the guest process execution limit, either use the guest property /VirtualBox/GuestAdd/VBoxService/--control-procs-max-kept or VBoxService command line by specifying --control-procs-max-kept needs to be modified. A restart of the guest OS is required afterwards. To serve unlimited guest processes, a value of 0 needs to be set, but this is not recommended. copyfrom: Copies files from the guest to the host file system. Only available with Guest Additions 4.0 or later installed. VBoxManage guestcontrol <uuid|vmname> copyfrom [common-options] [--follow] [--R|recursive] --target-directory <host-dst-dir> <guest-src0> [<guest-src1> [...]] Where the parameters are as follows: <uid|vmname> Specifies the VM UUID or VM name. Mandatory. --follow Enables symlink following on the guest file system. Optional. -R|--recursive Enables recursive copying of files and directories from the specified guest file system directory. Optional. --target-directory <host-dst-dir> Specifies the absolute path of the host file system destination directory. Mandatory. For example: C:\Temp. <guest-src0> [<guest-src1> [...]] Specifies the absolute paths of guest file system files to be copied. Mandatory. For example: C:\Windows\System32\calc.exe. Wildcards can be used in the expressions. For example: C:\Windows\System*\*.dll. copyto: Copies files from the host to the guest file system. Only available with Guest Additions 4.0 or later installed. VBoxManage guestcontrol <uuid|vmname> copyto [common-options] [--follow] [--R|recursive] --target-directory <guest-dst> <host-src0> [<host-src1> [...]] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --follow Enables symlink following on the host file system. Optional. -R|--recursive Enables recursive copying of files and directories from the specified host file system directory. Optional. --target-directory <guest-dst> Specifies the absolute path of the guest file system destination directory. Mandatory. For example: C:\Temp. <host-src0> [<host-src1> [...]] Specifies the absolute paths of host file system files to be copied. Mandatory. For example: C:\Windows\System32\calc.exe. Wildcards can be used in the expressions. For example: C:\Windows\System*\*.dll. md|mkdir|createdir|createdirectory: Creates one or more directories on the guest file system. Only available with Guest Additions 4.0 or later installed. VBoxManage guestcontrol <uuid|vmname> md|mkdir|createdir|createdirectory [common-options] [--parents] [--mode <mode>] <guest-dir0> [<guest-dir1> [...]] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --parents Creates any absent parent directories of the specified directory. Optional. For example: If specified directory is D:\Foo\Bar and D:\Foo is absent, it will be created. In such a case, had the --parents option not been used, this command would have failed. --mode <mode> Specifies the permission mode on the specified directories, and any parents, if the --parents option is used. Currently octal modes only, such as. 0755, are supported. <guest-dir0> [<guest-dir1> [...]] Specifies a list of absolute paths of directories to be created on guest file system. Mandatory. For example: D:\Foo\Bar. All parent directories must already exist unless the switch --parents is used. For example, in the above example D:\Foo. The specified user must have sufficient rights to create the specified directories, and any parents that need to be created. rmdir|removedir|removedirectory: Deletes specified guest file system directories. Only available with installed Guest Additions 4.3.2 and later. VBoxManage guestcontrol <uuid|vmname> rmdir|removedir|removedirectory [common-options] [--recursive|-R] <guest-dir0> [<guest-dir1> [...]] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --recursive Recursively removes directories and contents. Optional. <guest-dir0> [<guest-dir1> [...]] Specifies a list of the absolute paths of directories to be deleted on guest file system. Mandatory. Wildcards are allowed. For example: D:\Foo\*Bar. The specified user must have sufficient rights to delete the specified directories. rm|removefile: Deletes specified files on the guest file system. Only available with installed Guest Additions 4.3.2 and later. VBoxManage guestcontrol <uuid|vmname> rm|removefile [common-options] [-f|--force] <guest-file0> [<guest-file1> [...]] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. -f|--force Enforce operation and override any requests for confirmations. Optional. <guest-file0> [<guest-file1> [...]] Specifies a list of absolute paths of files to be deleted on guest file system. Mandatory. Wildcards are allowed. For example: D:\Foo\Bar\text*.txt. The specified user should have sufficient rights to delete the specified files. mv|move|ren|rename: Renames files and/or directories on the guest file system. Only available with installed Guest Additions 4.3.2 and later. VBoxManage guestcontrol <uuid|vmname> mv|move|ren|rename [common-options] <guest-source0> [<guest-source1> [...]] <guest-dest> Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. <guest-source0> [<guest-source1> [...]] Specifies absolute paths of files or a single directory to be moved and renamed on guest file system. Mandatory. Wildcards are allowed in file names. The specified user should have sufficient rights to access the specified files. <dest> Specifies the absolute path of the destination file or directory to which the files are to be moved. Mandatory. If only one file to be moved, <dest> can be file or directory, else it must be a directory. The specified user must have sufficient rights to access the destination file or directory. mktemp|createtemp|createtemporary: Creates a temporary file or directory on the guest file system, to assist subsequent copying of files from the host to the guest file systems. By default, the file or directory is created in the guest's platform specific temp directory. Not currently supported. Only available with installed Guest Additions 4.2 and later. VBoxManage guestcontrol <uuid|vmname> mktemp|createtemp|createtemporary [common-options] [--directory] [--secure] [--mode <mode>] [--tmpdir <directory>] <template> The parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --directory Creates a temporary directory instead of a file, specified by the <template> parameter. Optional. --secure Enforces secure file and directory creation. Optional. The permission mode is set to 0755. Operation fails if it cannot be performed securely. --mode <mode> Specifies the permission mode of the specified directory. Optional. Currently only octal modes, such as 0755, are supported. --tmpdir <directory> Specifies the absolute path of the directory on the guest file system where the file or directory specified will be created. Optional. If unspecified, the platform-specific temp directory is used. <template> Specifies a file name without a directory path, containing at least one sequence of three consecutive X characters, or ending in X. Mandatory. stat: Displays file or file system statuses on the guest. VBoxManage guestcontrol <uuid|vmname> stat [common-options] <file0> [<file1> [...]] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. <file0> [<file1> [...]] Specifies absolute paths of files or file systems on the guest file system. Mandatory. For example: /home/foo/a.out. The specified user should have sufficient rights to access the specified files or file systems. The second set of subcommands is of the form: VBoxManage guestcontrol <uuid|vmname> <sub-command> [-v|--verbose] [-q|quiet] ... The common options are as follows: [-v|--verbose] [-q|--quiet] Details of the common options for the second set of subcommands are as follows: -v|--verbose Makes the subcommand execution more verbose. Optional. -q|--quiet Makes the subcommand execution quieter. Optional. The second set of subcommands are as follows: list: Lists guest control configuration and status data. For example: open guest sessions, guest processes, and files. VBoxManage guestcontrol <uuid|vmname> list [common-opts] <all|sessions|processes|files> Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. all|sessions|processes|files Indicates whether to list all available data or guest sessions, processes or files. Mandatory. closeprocess: Terminates guest processes specified by PIDs running in a guest session, specified by the session ID or name. VBoxManage guestcontrol <uuid|vmname> closeprocess [common-options] --session-id <ID> | --session-name <name or pattern> <PID0> [<PID1> [...]] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --session-id <ID> Specifies the guest session by its ID. Optional. --session-name <name or pattern> Specifies the guest session by its name, or multiple sessions using a pattern containing wildcards. Optional. <PID0> [<PID1> [...]] Specifies a list of process identifiers (PIDs) of guest processes to be terminated. Mandatory. closesession: Closes specified guest sessions, specified either by session ID or name. VBoxManage guestcontrol <uuid|vmname> closesession [common-options] --session-id <ID> | --session-name <name or pattern> | --all Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --session-id <ID> Specifies the guest session to be closed by ID. Optional. --session-name <name or pattern> Specifies the guest session to be closed by name. Optional. Multiple sessions can be specified by using a pattern containing wildcards. --all Close all guest sessions. Optional. updatega|updateadditions|updateguestadditions: Ugrades Guest Additions already installed on the guest. Only available for already installed Guest Additions 4.0 and later. VBoxManage guestcontrol <uuid|vmname> updatega|updateadditions|updateguestadditions [common-options] [--source <New .ISO path>] [--wait-start] [-- <argument0> [<argument1> [...]]] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. --source <New .ISO path> Specifies the absolute path on the guest file system of the .ISO file for the Guest Additions update. Mandatory. --wait-start Indicates that VBoxManage starts the usual updating process on the guest and then waits until the actual Guest Additions updating begins, at which point VBoxManage self-terminates. Optional. Default behavior is that VBoxManage waits for completion of the Guest Additions update before terminating. Use of this option is sometimes necessary, as a running VBoxManage can affect the interaction between the installer and the guest OS. [-- <argument0> [<argument1> [...]]] Specifies optional command line arguments to be supplied to the Guest Additions updater. Useful for retrofitting features which are not currently installed. Arguments containing spaces should be enclosed by quotes. watch: Prints current guest control activity. VBoxManage guestcontrol <uuid|vmname> watch [common-options] Where the parameters are as follows: <uuid|vmname> Specifies the VM UUID or VM name. Mandatory. This command supports monitoring the usage of system resources. Resources are represented by various metrics associated with the host system or a particular VM. For example, the host system has a CPU/Load/User metric that shows the percentage of time CPUs spend executing in user mode over a specific sampling period. Metric data is collected and retained internally. It may be retrieved at any time with the VBoxManage metrics query subcommand. The data is available as long as the background VBoxSVC process is alive. That process terminates shortly after all VMs and frontends have been closed. By default no metrics are collected at all. Metrics collection does not start until VBoxManage metrics setup is invoked with a proper sampling interval and the number of metrics to be retained. The interval is measured in seconds. For example, to enable collecting the host processor and memory usage metrics every second and keeping the five most current samples, the following command can be used: VBoxManage metrics setup --period 1 --samples 5 host CPU/Load,RAM/Usage Metric collection can only be enabled for started VMs. Collected data and collection settings for a particular VM will disappear as soon as it shuts down. Use the VBoxManage metrics list subcommand to see which metrics are currently available. You can also use the --list option with any subcommand that modifies metric settings to find out which metrics were affected. Note that the VBoxManage metrics setup subcommand discards all samples that may have been previously collected for the specified set of objects and metrics. To enable or disable metrics collection without discarding the data, VBoxManage metrics enable and VBoxManage metrics disable subcommands can be used. Note that these subcommands expect metrics as parameters, not submetrics such as CPU/Load or RAM/Usage. In other words enabling CPU/Load/User while disabling CPU/Load/Kernel is not supported. The host and VMs have different sets of associated metrics. Available metrics can be listed with VBoxManage metrics list subcommand. A complete metric name may include an aggregate function. The name has the following form: Category/Metric[/SubMetric][:aggregate]. For example, RAM/Usage/Free:min stands for the minimum amount of available memory over all retained data if applied to the host object. Subcommands may apply to all objects and metrics or can be limited to one object and a list of metrics. If no objects or metrics are given in the parameters, the subcommands will apply to all available metrics of all objects. You may use an asterisk "*" to explicitly specify that the command should be applied to all objects or metrics. Use host as the object name to limit the scope of the command to host-related metrics. To limit the scope to a subset of metrics, use a metric list with names separated by commas. For example, to query metric data on the CPU time spent in user and kernel modes by the virtual machine named test, use the following command: VBoxManage metrics query test CPU/Load/User,CPU/Load/Kernel The following list summarizes the available subcommands: list Shows the parameters of the currently existing metrics. Note that VM-specific metrics are only available when a particular VM is running. setup Sets the interval between taking two samples of metric data and the number of samples retained internally. The retained data is available for displaying with the query subcommand. The --list option shows which metrics have been modified as the result of the command execution. enable Resumes data collection after it has been stopped with the disable subcommand. Note that specifying submetrics as parameters will not enable underlying metrics. Use --list to find out if the command worked as expected. disable Suspends data collection without affecting collection parameters or collected data. Note that specifying submetrics as parameters will not disable underlying metrics. Use --list to find out if the command worked as expected. query Retrieves and displays the currently retained metric data. The query subcommand does not remove or flush retained data. If you query often enough you will see how old samples are gradually being phased out by new samples. collect Sets the interval between taking two samples of metric data and the number of samples retained internally. The collected data is displayed periodically until Ctrl+C is pressed, unless the --detach option is specified. With the --detach option, this subcommand operates the same way as setup does. The --list option shows which metrics match the specified filter. NAT networks use the Network Address Translation (NAT) service, which works in a similar way to a home router. It groups systems using it into a network and prevents outside systems from directly accessing those inside, while letting systems inside communicate with each other and outside systems using TCP and UDP over IPv4 and IPv6. A NAT service is attached to an internal network. Virtual machines to make use of one should be attached to it. The name of an internal network is chosen when the NAT service is created, and the internal network will be created if it does not already exist. The following is an example command to create a NAT network: VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable Here, natnet1 is the name of the internal network to be used and 192.168.15.0/24 is the network address and mask of the NAT service interface. By default, in this static configuration the gateway will be assigned the address 192.168.15.1, the address after the interface address, though this is subject to change. To add a DHCP server to the NAT network after creation, run the following command: VBoxManage natnetwork modify --netname natnet1 --dhcp on The subcommands for VBoxManage natnetwork are as follows: VBoxManage natnetwork add --netname <name> [--network <network>] [--enable|--disable] [--dhcp on|off] [--port-forward-4 <rule>] [--loopback-4 <rule>] [--ipv6 on|off] [--port-forward-6 <rule>] [--loopback-6 <rule>] VBoxManage natnetwork add: Creates a new internal network interface, and adds a NAT network service. This command is a prerequisite for enabling attachment of VMs to the NAT network. Parameters are as follows: --netname <name> Where <name> is the name of the new internal network interface on the host OS. --network <network> Where <network> specifies the static or DHCP network address and mask of the NAT service interface. The default is a static network address. --enable|--disable Enables and disables the NAT network service. --dhcp on|off Enables and disables a DHCP server specified by --netname. Use of this option also indicates that it is a DHCP server. --port-forward-4 <rule> Enables IPv4 port forwarding, with a rule specified by <rule>. --loopback-4 <rule> Enables the IPv4 loopback interface, with a rule specified by <rule>. --ipv6 on|off Enables and disables IPv6. The default setting is IPv4, disabling IPv6 enables IPv4. --port-forward-6 <rule> Enables IPv6 port forwarding, with a rule specified by <rule>. --loopback-6 <rule> Enables the IPv6 loopback interface, with a rule specified by <rule>. VBoxManage natnetwork remove --netname <name> VBoxManage natnetwork remove: Removes a NAT network service. Parameters are as follows: --netname <name> Where <name> specifies an existing NAT network service. Does not remove any DHCP server enabled on the network. VBoxManage natnetwork modify --netname <name> [--network <network>] [--enable|--disable] [--dhcp on|off] [--port-forward-4 <rule>] [--loopback-4 <rule>] [--ipv6 on|off] [--port-forward-6 <rule>] [--loopback-6 <rule>] VBoxManage natnetwork modify: Modifies an existing NAT network service. Parameters are as follows: --netname <name> Where <name> specifies an existing NAT network service. --network <network> Where <network> specifies the new static or DHCP network address and mask of the NAT service interface. The default is a static network address. --enable|--disable Enables and disables the NAT network service. --dhcp on|off Enables and disables a DHCP server. If a DHCP server is not present, using enable adds a new DHCP server. --port-forward-4 <rule> Enables IPv4 port forwarding, with a rule specified by <rule>. --loopback-4 <rule> Enables the IPv4 loopback interface, with a rule specified by <rule>. --ipv6 on|off Enables and disables IPv6. The default setting is IPv4, disabling IPv6 enables IPv4. --port-forward-6 <rule> Enables IPv6 port forwarding, with a rule specified by <rule>. --loopback-6 <rule> Enables IPv6 loopback interface, with a rule specified by <rule>. VBoxManage natnetwork start --netname <name> VBoxManage natnetwork start: Starts the specified NAT network service and any associated DHCP server. Parameters are as follows: --netname <name> Where <name> specifies an existing NAT network service. VBoxManage natnetwork stop --netname <name> VBoxManage natnetwork stop: Stops the specified NAT network service and any DHCP server. Parameters are as follows: --netname <name> Where <name> specifies an existing NAT network service. VBoxManage natnetwork list [<pattern>] VBoxManage natnetwork list: Lists all NAT network services, with optional filtering. Parameters are as follows: [<pattern>] Where <pattern> is an optional filtering pattern. The hostonlyif command enables you to change the IP configuration of a host-only network interface. For a description of host-only networking, see . Each host-only interface is identified by a name and can either use the internal DHCP server or a manual IP configuration, both IP4 and IP6. The following list summarizes the available subcommands: ipconfig "<name>" Configures a host-only interface. create Creates a new vboxnet<N> interface on the host OS. This command is essential before you can attach VMs to a host-only network. remove vboxnet<N> Removes a vboxnet<N> interface from the host OS. The usbdevsource commands enable you to add and remove USB devices globally. The following command adds a USB device. VBoxManage usbdevsource add <source name> --backend <backend> --address <address> Where the command line options are as follows: <source name>: Specifies the ID of the source USB device to be added. Mandatory. --backend <backend>: Specifies the USB proxy service backend to use. Mandatory. --address <address>: Specifies the backend specific address. Mandatory. The following command removes a USB device. VBoxManage usbdevsource remove <source name> Where the command line options are as follows: <source name>: Specifies the ID of the source USB device to be removed. Mandatory.