• News
• About
  • Demo
  • Roadmap
• Download
  • All Releases
• Windows
  • Quick Guide
  • User Manual
  • Release Notes
  • Developer
• MacOSX
  • User Manual
  • Release Notes
  • Developer Manual
• Support

User Manual SEB Windows (from Version 1.8) Old versions (until 1.7.1)

English   Deutsch

Configuration Files

There are two configuration files for SEB: SebStarter.ini and MsgHook.ini. Here's where they are located:

• under Windows XP:
  in the common application data folder, e.g.
  C:\Documents and Settings\All Users\Application Data\ETH Zuerich\SEB Windows 1.8.2
• under Windows 7:
  in the program data directory, e.g.
  C:\ProgramData\ETH Zuerich\SEB Windows 1.8.2

In order to configure SEB for an online exam, the teacher can edit both ini files using an arbitrary text editor like Notepad. However, it is much easier to double-click on the GUI editor SebWindowsConfig.exe delivered with SEB, and to load both ini files by clicking on Open file SebStarter.ini and Open file MsgHook.ini in the opening window SEB Windows Configuration Window:

The ini files delivered with SEB contain default settings, which are displayed in the GUI window:



The teacher can change these settings using mouse clicks and keyboard inputs, and save his/her settings back to hard disk by clicking on Save file SebStarter.ini and Save file MsgHook.ini.

SebStarter.ini is the primary configuration file. Below you see the default settings of the SebStarter.ini delivered with SEB Windows 1.8.2:

Important options of the SebStarter.ini file:

WriteLogFileSebStarterLog
The SEB Client can write log files, which are helpful for analysis of eventual problems when running SEB. To accomplish this, the option WriteLogFileSebStarterLog=1 and WriteLogFileMsgHookLog=1 must be set in the SebStarter.ini and in the MsgHook.ini file, respectively. In the SebWindowsConfig.exe tool, these options are named Write logfile SebStarter.log and Write logfile MsgHook.log .
When running the SEB Client, the log files SebStarter.log and MsgHook.log are written into the same directory as their corresponding ini files.

AllowVirtualMachine
determines if the SEB Client is allowed to run on a Virtual Machine (e.g. for exams in virtual desktop environments) or not (in order to prevent potential manipulations).

ForceWindowsService
determines if the SEB Client shall run only in conjunction with the SEB Windows Service. The purpose of the SEB Windows Service will be explained in the following:

Some values stored in the Windows Registry database do influence the system behaviour of Windows, and thus the security of online exams. Beginning with Windows Vista, these options are displayed in the Windows Security Screen with the blue desktop background, which appears when pressing the key combination Ctrl_Alt_Del. (Until Windows XP, pressing Ctrl_Alt_Del directly invoked the Task Manager).

Usually, these options should all be disabled for an online exam, in order to prevent from manipulations or from accessing forbidden resources. This particularly holds for the Task Manager, since programs can be terminated or started from within that tool. Hence all values are set to Enable...=0 (or are unchecked) by default.

Until Windows XP, the user was usually logged in as an Administrator, so the SEB client (SebStarter.exe) could set the Windows Registry values by itself, since it had the necessary rights to do so.

In Windows Vista and Windows 7, the users (hence also the examinees) are for security reasons urged to logging in as Standard User rather than as Administrator. However, a SEB Client started by a Standard User does not have the necessary rights to set the Windows Registry values.

A SEB Windows Service, running as a background process, is therefore indispensable, which takes over this task. This service is delivered in a .msi file together with the SEB Client, and installed and started automatically by the Microsoft Installer. The SEB Windows Service does also work under Windows XP, even though not being mandatory here.

The Windows Registry values one by one:

EnableSwitchUser
activates the button "Benutzer wechseln" or "Switch User", respectively

EnableLockThisComputer
activates the button "Computer sperren" or "Lock this computer", respectively

EnableChangeAPassword
activates the button "Kennwort ändern..." or "Change a password...", respectively

EnableStartTaskManager
activates the button "Task-Manager starten" or "Start Task Manager", respectively

EnableLogOff
activates the button "Abmelden" or "Log off", respectively

EnableShutDown
activates the button "Herunterfahren" or "Shutdown" in the lower right corner

EnableEaseOfAccess
activates the button "Erleichterter Zugriff" or "Ease of Access" in the lower left corner, which offers help e.g. to visually or aurally handicapped persons, like the Magnifier Glass.

EnableVmWareClientShade
activates the "Shade" bar at the upper edge of a virtual desktop, if existent.

Further options, not belonging to the Windows Security Options:

CreateNewDesktop

defines whether the SEB Client shall be executed in a newly created desktop window (in fullscreen mode), such that e.g. the task bar and the start menu at the bottom edge of the screen are blanked out.

ShowSebApplicationChooser

defines whether after starting SEB, a popup window for permitted third-party applications appears in the upper left corner when Alt_Tab is pressed. For exams with third-party applications, this value must be set to 1, for exams without third-party applications, one can relinquish this popup window and set the value to 0.

PermittedApplications

defines the permitted third-party applications. SEB can run in conjunction with other programs, e.g. the Calculator or Notepad, both of which are set by default. In that case, the popup window for selection of third-party applications must be activated (set ShowSebApplicationChooser to 1) and these third-party applications must be added to PermittedApplications. They must have the following format:

[application1, Path-to-application1/application1-name;application2,Path-to-application2/application2-name;application3, Path-to-application3/application3-name].

The applications are separated from each other by semicolons. Alternatively, you can alternatively enter the paths in the SebStarter.bat script file. The format then looks like this:

In this case, SEB must be started by double-click on SebStarter.bat rather than SebStarter.exe. The script enhances the environment variable PATH by the paths to the third-party applications and then calls SEB.

AutostartProcess

defines an automatically starting process. Usually, this is the SEB client (AutostartProcess=Seb) in conjunction with a browser component. Currently it is the XULRunner, which must be inserted in the line SebBrowser=... .

Special scenario:
If you want to use SEB only as a pure kiosk application without browser, e.g. in order to secure a local exam application without a Learning Management System, then you must set AutostartProcess= (without the word Seb).

MonitorProcesses

When activated, all running applications and processes are observed. In case someone tries to launch a non-permitted application (no entry in PermittedApplications), this application is stopped. Hint: sometimes this option causes problems; thus it should be deactivated in case of doubt (set MonitorProcesses=0).

HookMessages

When activated, SEB intercepts key combinations like Alt_F4 or right mouse-click. In the other configuration file MsgHook.ini , you can define in detail which key combinations to allow and which not. Below you see the default settings of the MsgHook.ini delivered with SEB Windows 1.8.2:

In the example above, most key combinations are disabled (Enable...=0 means "Activate = false"). That means with this configuration, only few shortkeys are allowed.

One exception is the SEB exit sequence, which allows for finishing the SEB at any point of time. It is a combination of three function keys which must be pressed in a certain order and then held down simultaneously (just like Ctrl_Alt_Del for calling the Windows Security Screen or the Task Manager). By default, the SEB exit sequence is set to F3_F11_F6, which means the user must press the three function keys F3, F11, F6 in this exact order, and then keep them pressed for a moment.

The SEB exit sequence can be customised in MsgHook.ini by setting the variables B1, B2 and B3. The function keys F1, F2, ..., F12 are coded as decimal values (virtual key codes) according to the following table:

Function key	Code
F1	112
F2	113
F3	114
F4	115
F5	116
F6	117
F7	118
F8	119
F9	120
F10	121
F11	122
F12	123

If we now set the variable B1 to 115:

the first function key to be pressed changes from F3 to F4, since we changed the first variable B1, and 115 is the decimal value for the virtual key code for F4. Since we did not change B2 and B3, the second and third function key are left intact, so in summary the SEB exit sequence changes from the default sequence F3_F11_F6 to the custom sequence F4_F11_F6. With B2 and B3, you can change the other two function keys of the SEB exit sequence as well, for example the values

will change the SEB exit sequence to F4_F5_F6.

Remark: If third-party applications shall be admitted in SEB, you also have to admit the shortkey Alt_Tab by setting

in MsgHook.ini, as well as setting

in SebStarter.ini. In SEB, you must then press Alt_Tab, which will launch the Permitted Applications popup window, from which you can choose the desired third-party application.

Certificates

In SEB using XULRunner (version 1.4 and above) problems with SSL certificates can occur:

• If your secured site is using certificates which are generally trusted by browsers like Firefox, there might be a problem with SEB XULRunner. The problem occurs when your server certificate is signed by an intermediate certificate of any trusted certification authority. In that case the whole issuer chain must be provided to the browser for validation. You might have to ask your server administrator to change their settings to solve the problem.
  For further information please consult the documentation of your webserver: Apache 2.2, IIS.
• Self-signed certificates need to be imported into SEB's XULRunner. Since XULRunner doesn't provide an easy way to add exceptions for not generally trusted certificates, you can open the page in Firefox, accept the certificate, then copy the file cert_override.txt to the XULRunner application profile.

Connect Browser and Test

Before you start SEB, you should define the starting page of your online exam, and what keyboard shortcuts should be suppressed by SEB during the online exam. The latter have been described in the Configuration Files section above. At first, you can use the default values already given in the downloaded SEB.

In order to change the start URL of SEB, set the value ExamUrl in the file SebStarter.ini to the corresponding web address, e.g..

LMS Extensions

In order to use Safe Exam Browser, current versions of ILIAS and Moodle do not need extensions anymore. The connectivity to SEB is already included in these LMS. In case an older ILIAS version is used, you can find informations on installing the "Naviless" skin in ILIAS in the ILIAS Information Center. And for older Moodle versions, you can find informations on installing the extension in the Readme file attached to the the download file.