The situation:

-A corporate environment, with a corporate managed XP desktop (locked down, patched regularly, restricted user rights, no manual install of SW, AV, etc.)

The requirement:

-Using VMWare Workstation, run a sandboxed image (also XP) for specific testing purposes (with admin rights in the guest VM). No network connectivity is required. It can't be a separate standalone physical workstation disconnected from the network.

(FWIW, this is a legitimate, sanctioned requirement - not someone trying to get around corporate restrictions.)

The challenge:

-Do this in as safe/secure a manner as possible.

The proposed solution:

-Create an image with host-only networking.

-Perhaps remove the virtual ethernet adapter? (not sure if it's required for basic VMWare functionality?)

The question (finally):

-What potential risks remain (and how could I best mitigate them)?

One challenge is that the guest VM will not be a managed workstation itself, so patching, AV, etc. can't be guaranteed (and, ironically, would in fact be somewhat difficult given the proposed solution!)