User Manual SEB for Windows (from Version 1.8) »Manual for SEB 2.0 Old versions (until 1.7.1)

English   Deutsch

Configuration Files

There are two configuration files for SEB: SebStarter.ini and MsgHook.ini. Here's where they are located:

• under Windows XP:
  in the common application data folder, e.g.
  C:\Documents and Settings\All Users\Application Data\
  ETH Zuerich\SEB Windows 1.9.1
• under Windows Vista, Windows 7 and Windows 8:
  in the program data directory, e.g.
  C:\ProgramData\ETH Zuerich\SEB Windows 1.9.1

In order to configure SEB for an online exam, the teacher can edit both ini files using an arbitrary text editor like Notepad. However, it is much easier to double-click on the GUI editor SebWindowsConfig.exe delivered with SEB. In the opening SEB Windows Configuration Window, the two configuration files delivered with SEB, SebStarter.ini and MsgHook.ini, are then automatically loaded. They contain default values, which are displayed in the GUI window:

The teacher can change these settings via mouse clicks and keyboard inputs in the GUI editor, and save his/her settings back to hard disk by clicking on Save ... config file. Reloading the files via Open ... config file is also possible, as well as resetting to the default settings (Default ... settings) or to the values loaded from file (Restore ... config file):



Finally, the editor can be quit with or without saving both configuration files (Save both config files and exit or Exit without saving, respectively).

SebStarter.ini is the primary configuration file. Below you see the default settings of the SebStarter.ini delivered with SEB Windows 1.9.1:

Important options of the SebStarter.ini file:

WriteLogFileSebStarterLog
The SEB Client can write log files, which are helpful for analysis of eventual problems when running SEB. To accomplish this, the option WriteLogFileSebStarterLog=1 and WriteLogFileMsgHookLog=1 must be set in the SebStarter.ini and in the MsgHook.ini file, respectively. In the SebWindowsConfig.exe tool, these options are named Write logfile SebStarter.log and Write logfile MsgHook.log .
When running the SEB Client, the log files SebStarter.log and MsgHook.log are written into the same directory as their corresponding ini files.

AllowVirtualMachine
determines if the SEB Client is allowed to run on a Virtual Machine (e.g. for exams in virtual desktop environments) or not (in order to prevent potential manipulations).

ForceWindowsService
determines if the SEB Client shall run only in conjunction with the SEB Windows Service. The purpose of the SEB Windows Service will be explained in the following:


Some values stored in the Windows Registry database do influence the system behaviour of Windows, and thus the security of online exams. Beginning with Windows Vista, these options are displayed in the Windows Security Screen with the blue desktop background, which appears when pressing the key combination Ctrl_Alt_Del. (Until Windows XP, pressing Ctrl_Alt_Del directly invoked the Task Manager).

Usually, these options should all be disabled for an online exam, in order to prevent from manipulations or from accessing forbidden resources. This particularly holds for the Task Manager, since programs can be terminated or started from within that tool. Hence all values are set to Enable...=0 (or are unchecked) by default.

Until Windows XP, the user was usually logged in as an Administrator, so the SEB client (SebStarter.exe) could set the Windows Registry values by itself, since it had the necessary rights to do so.

From Windows Vista, the users (hence also the examinees) are for security reasons urged to logging in as Standard User rather than as Administrator. However, a SEB Client started by a Standard User does not have the necessary rights to set the Windows Registry values.

A SEB Windows Service, running as a background process, is therefore indispensable, which takes over this task. This service is delivered in a .msi file together with the SEB Client, and installed and started automatically by the Microsoft Installer. The SEB Windows Service does also work under Windows XP.

The Windows Registry values one by one:

EnableSwitchUser
activates the button "Benutzer wechseln" or "Switch User", respectively.

EnableLockThisComputer
activates the button "Computer sperren" or "Lock this computer", respectively.

EnableChangeAPassword
activates the button "Kennwort ändern..." or "Change a password...", respectively.

EnableStartTaskManager
activates the button "Task-Manager starten" or "Start Task Manager", respectively.

Remark:
Normally it makes no sense to permit the Task Manager inside SEB (thus during an online exam). Furthermore SEB is usually started in a new desktop (see option CreateNewDesktop below), which would cover an eventual Task Manager window and make it invisible. In case you want to permit the Task Manager in SEB anyhow, CreateNewDesktop must be disabled. An alternative possibility is to add the Task Manager as a third-party application TaskManager,taskmgr.exe; to the PermittedApplications (see below).

EnableLogOff
activates the button "Abmelden" or "Log off", respectively.

EnableShutDown
activates the button "Herunterfahren" or "Shutdown" in the lower right corner.

EnableEaseOfAccess
activates the button "Erleichterter Zugriff" or "Ease of Access" in the lower left corner, which offers help e.g. to visually or aurally handicapped persons, like the Magnifier Glass.

EnableVmWareClientShade
activates the "Shade" bar at the upper edge of a virtual desktop, if existent.

From SEB Windows 1.8.3, these Windows Registry values are configured twice. The options InsideSeb... define the values inside of SEB (which are thus valid during an exam, when SEB is running). The options OutsideSeb... define the values outside of SEB (which are thus valid in normal use, when SEB is not running). The standard defaults are to disable all options inside SEB and to enable all options outside SEB.

The reason for this procedure:

In case there are problems when SEB is operating and SEB is prematurely quit or SEB crashes, the Windows Registry values are out of tune, e.g. the Task Manager is disabled also in normal use, since for the computer the InsideSeb values are still valid. In order to restore the correct values, it was in this case necessary to edit the Windows Registry manually as administrator, which is cumbersome and error-prone.

From SEB Windows 1.8.3, it suffices instead (as long as the SebWindowsService is still running) to restart SEB once again and properly quit SEB using the SEB exit sequence (e.g. F3_F11_F6, see below). When quitting, the registry values are reset to the OutsideSeb values, and the Task Manager is available again.


Further options, not belonging to the Windows Registry values:

CreateNewDesktop

defines whether the SEB Client shall be executed in a newly created desktop window (in fullscreen mode), such that e.g. the task bar and the start menu at the bottom edge of the screen are blanked out. (Remark: In this case, also the Task Manager cannot be used in SEB anymore, even when being activated by EnableStartTaskManager, because he is then invisible in the background).

ShowSebApplicationChooser

defines whether after starting SEB, a popup window for permitted third-party applications appears in the upper left corner when Alt_Tab is pressed. For exams with third-party applications, this value must be set to 1, for exams without third-party applications, one can relinquish this popup window and set the value to 0.

PermittedApplications

defines the permitted third-party applications. SEB can run in conjunction with other programs, e.g. the Calculator or Notepad, both of which are set by default. In that case, the popup window for selection of third-party applications must be activated (set ShowSebApplicationChooser to 1) and these third-party applications must be added to PermittedApplications. They must have the following format:

[application1, Path-to-application1/application1-name;application2,Path-to-application2/application2-name;application3, Path-to-application3/application3-name].

The applications are separated from each other by semicolons. Alternatively, you can alternatively enter the paths in the SebStarter.bat script file. The format then looks like this:

In this case, SEB must be started by double-click on SebStarter.bat rather than SebStarter.exe. The script enhances the environment variable PATH by the paths to the third-party applications and then calls SEB.

AutostartProcess

defines an automatically starting process. Usually, this is the SEB client (AutostartProcess=Seb) in conjunction with a browser component. Currently it is the XULRunner, which must be inserted in the line SebBrowser=... .

Special scenario:
If you want to use SEB only as a pure kiosk application without browser, e.g. in order to secure a local exam application without a Learning Management System, then you must set AutostartProcess= (without the word Seb).

MonitorProcesses

When activated, all running applications and processes are observed. In case someone tries to launch a non-permitted application (no entry in PermittedApplications), this application is stopped. Hint: sometimes this option causes problems; thus it should be deactivated in case of doubt (set MonitorProcesses=0).

HookMessages

When activated, SEB intercepts key combinations like Alt_F4 or right mouse-click. In the other configuration file MsgHook.ini , you can define in detail which key combinations to allow and which not. Below you see the default settings of the MsgHook.ini delivered with SEB Windows 1.9.1:

In the example above, most key combinations are disabled (Enable...=0 means "Activate = false"). That means with this configuration, only few shortkeys are allowed.

One exception is the SEB exit sequence, which allows for finishing the SEB at any point of time. It is a combination of three function keys which must be pressed in a certain order and then held down simultaneously (just like Ctrl_Alt_Del for calling the Windows Security Screen or the Task Manager). By default, the SEB exit sequence is set to F3_F11_F6, which means the user must press the three function keys F3, F11, F6 in this exact order, and then keep them pressed for a moment.

The SEB exit sequence can be customised in MsgHook.ini by setting the variables B1, B2 and B3. The function keys F1, F2, ..., F12 are coded as decimal values (virtual key codes) according to the following table:

Function key	Code
F1	112
F2	113
F3	114
F4	115
F5	116
F6	117
F7	118
F8	119
F9	120
F10	121
F11	122
F12	123

If we now set the variable B1 to 115:

the first function key to be pressed changes from F3 to F4, since we changed the first variable B1, and 115 is the decimal value for the virtual key code for F4. Since we did not change B2 and B3, the second and third function key are left intact, so in summary the SEB exit sequence changes from the default sequence F3_F11_F6 to the custom sequence F4_F11_F6. With B2 and B3, you can change the other two function keys of the SEB exit sequence as well, for example the values

will change the SEB exit sequence to F4_F5_F6.

Important: If you try out a SEB exit sequence but quitting SEB does not work, it might help to try out another sequence. For example, the sequence F1_F2_F3 is empirically unsuitable. Possibly the F1 key should be omitted completely, since it is reserved for the help function by many programs and is also responsible for the Windows Help. Higher function keys seem to be less problematic.

In case you cannot quit SEB anymore and the Task Manager is locked when pressing Ctrl_Alt_Del, it currently only helps to restart your computer. After the restart, you can copy the file MsgHook.ini located in the program data directory, set another key sequence, copy this modified MsgHook.ini back into the program data directory, thus overwriting / replacing the old MsgHook.ini. Afterwards you can restart SEB and test the new SEB exit sequence.

Remarks:

1.) If third-party applications shall be admitted in SEB, you also have to admit the shortkey Alt_Tab by setting

in MsgHook.ini, as well as setting

in SebStarter.ini. In SEB, you must then press Alt_Tab, which will launch the Permitted Applications popup window, from which you can choose the desired third-party application.

2.) If the Start Menu shall be admitted in SEB, CreateNewDesktop must be deactivated, since a new desktop would cover the Start Menu and thus make it invisible. In this case, you must therefore set

in MsgHook.ini and

in SebStarter.ini.

Certificates

In SEB using XULRunner (version 1.4 and above) problems with SSL certificates can occur:

• If your secured site is using certificates which are generally trusted by browsers like Firefox, there might be a problem with SEB XULRunner. The problem occurs when your server certificate is signed by an intermediate certificate of any trusted certification authority. In that case the whole issuer chain must be provided to the browser for validation. You might have to ask your server administrator to change their settings to solve the problem.
  For further information please consult the documentation of your webserver: Apache 2.2, IIS.
• Self-signed certificates need to be imported into SEB's XULRunner. Since XULRunner doesn't provide an easy way to add exceptions for not generally trusted certificates, you can open the page in Firefox, accept the certificate, then copy the file cert_override.txt to the XULRunner application profile.

Connect Browser and Test

Before you start SEB, you should define the starting page of your online exam, and what keyboard shortcuts should be suppressed by SEB during the online exam. The latter have been described in the Configuration Files section above. At first, you can use the default values already given in the downloaded SEB.

In order to change the start URL of SEB, set the value ExamUrl in the file SebStarter.ini to the corresponding web address, e.g..

LMS Extensions

In order to use Safe Exam Browser, current versions of ILIAS and Moodle do not need extensions anymore. The connectivity to SEB is already included in these LMS. In case an older ILIAS version is used, you can find informations on installing the "Naviless" skin in ILIAS in the ILIAS Information Center. And for older Moodle versions, you can find informations on installing the extension in the Readme file attached to the the download file.