No, to restrict file system access isn't feasible to implement in SEB neither for Windows nor macOS. What you need to do if you want to use permitted third party applications in exams which have file system access (open/save file dialogs) is to use a virtual machine together with SEB. You can then use SEB for Windows to start the VM as a permitted process, SEB then prevents that users can access other applications or the file system on the physical machine. Inside the VM you have a system with an empty file system and restricted internet access, then you can run also complex software in a secure way.
We at ETH Zurich are using virtual desktop infrastructure (VDI) for such exams, then you just need SEB on the clients and connect through a full screen browser window (using VMware Horizon HTML access) to the virtual desktop running on a server. On the virtual desktop we're using another instance of SEB, which allows to use different permitted applications depending on exam (separate SEB config files per exam). If you're interested in details about that environment, I can send you a paper describing our exam environment.
Daniel
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm also looking to use SEB in combination with VDI (Horizon View).
Could you share the paper with me where your describe your exam environment? I'm very interested in that.
Kind regards, Pim.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Daniel
I do NOT want the students to access (open and save) files on webdav or other shared drives.
Do you think that is the way to go on BYOD?
That sounds to me as the way to do it on our school computers.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
SEB doesn't restrict access to local or shared drives. To restrict access to local drives is technically impossible without hacking deep into Windows (you can hide local drives in Explorer windows, but when users enter the path manually, they can access everything).
So even if we could stop access to any kind of shared drives, local drives (including USB sticks) would still be a problem.
That's why we always use virtual desktop infrastructure with any kind of third party applications which can access the file system (have a file open/save dialog). Here is a description in German about the system we use.
To disable all kinds of Windows features if you use third party applications in exams is way beyond the scope of SEB. We won't go that way. Use VDI if you want use third party applications.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi everybody!
Is it possible to restrict access to certain files or directories in SEB?
Thanks.
Marco.
No, to restrict file system access isn't feasible to implement in SEB neither for Windows nor macOS. What you need to do if you want to use permitted third party applications in exams which have file system access (open/save file dialogs) is to use a virtual machine together with SEB. You can then use SEB for Windows to start the VM as a permitted process, SEB then prevents that users can access other applications or the file system on the physical machine. Inside the VM you have a system with an empty file system and restricted internet access, then you can run also complex software in a secure way.
We at ETH Zurich are using virtual desktop infrastructure (VDI) for such exams, then you just need SEB on the clients and connect through a full screen browser window (using VMware Horizon HTML access) to the virtual desktop running on a server. On the virtual desktop we're using another instance of SEB, which allows to use different permitted applications depending on exam (separate SEB config files per exam). If you're interested in details about that environment, I can send you a paper describing our exam environment.
Daniel
Hello Daniel,
I'm also looking to use SEB in combination with VDI (Horizon View).
Could you share the paper with me where your describe your exam environment? I'm very interested in that.
Kind regards, Pim.
Hi Pim,
We just added a list of publications on the use of SEB to the website.
There is a technical report about SEB and VDI and another paper with also the pedagogical background and the organizational challenges.
Kind regards,
Daniel
Hi Daniel
I do NOT want the students to access (open and save) files on webdav or other shared drives.
Do you think that is the way to go on BYOD?
That sounds to me as the way to do it on our school computers.
SEB doesn't restrict access to local or shared drives. To restrict access to local drives is technically impossible without hacking deep into Windows (you can hide local drives in Explorer windows, but when users enter the path manually, they can access everything).
So even if we could stop access to any kind of shared drives, local drives (including USB sticks) would still be a problem.
That's why we always use virtual desktop infrastructure with any kind of third party applications which can access the file system (have a file open/save dialog). Here is a description in German about the system we use.
To disable all kinds of Windows features if you use third party applications in exams is way beyond the scope of SEB. We won't go that way. Use VDI if you want use third party applications.