One way would be to give them only standard user rights to the host OS, no ability to install programs, and rights only to unlock the partition with the VM on it and to run that VM.
If you are going to do that, I am not sure what is the added benefit of the VM. In that case might as well use full-disc-encryption on the physical hardware. -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
