diff --git a/modules/programs/virtualbox.nix b/modules/programs/virtualbox.nix
index 05209cb38e5..34b2c156632 100644
--- a/modules/programs/virtualbox.nix
+++ b/modules/programs/virtualbox.nix
@@ -9,13 +9,11 @@ let virtualbox = config.boot.kernelPackages.virtualbox; in
   boot.extraModulePackages = [ virtualbox ];
   environment.systemPackages = [ virtualbox ];
 
-  # ‘VBoxNetAdpCtl’ needs to be setuid root to allow users to create
-  # host-only networks (https://www.virtualbox.org/ticket/4014).
-  security.setuidOwners = singleton
-    { program = "VBoxNetAdpCtl";
-      source = "${virtualbox}/virtualbox/VBoxNetAdpCtl";
-      owner = "root";
-      group = "root";
-      setuid = true;
-    };
+  users.extraGroups = singleton { name = "vboxusers"; };
+  
+  services.udev.extraRules =
+    ''
+      KERNEL=="vboxdrv",    OWNER="root", GROUP="vboxusers", MODE="0660"
+      KERNEL=="vboxnetctl", OWNER="root", GROUP="root",      MODE="0600"
+    '';
 }
diff --git a/modules/services/hardware/udev.nix b/modules/services/hardware/udev.nix
index c4cd394108f..2a75212725a 100644
--- a/modules/services/hardware/udev.nix
+++ b/modules/services/hardware/udev.nix
@@ -17,12 +17,8 @@ let
   nixosRules = ''
 
     # Miscellaneous devices.
-    KERNEL=="sonypi",               MODE="0666"
     KERNEL=="kvm",                  MODE="0666"
     KERNEL=="kqemu",                MODE="0666"
-    KERNEL=="vboxdrv",  NAME="vboxdrv",  OWNER="root", GROUP="root", MODE="0666"
-    KERNEL=="vboxadd",  NAME="vboxadd",  OWNER="root", GROUP="root", MODE="0660"
-    KERNEL=="vboxuser", NAME="vboxuser", OWNER="root", GROUP="root", MODE="0666"
   '';
 
   # Perform substitutions in all udev rules files.