Since last year’s test with the SBAC Browser, I have worked on a login script which proved to be quite successful for all Windows machines in our district.
The SBAC Secure Browser itself, is good and secure on its own, as it blocks out other components of the operating system. However, there are still some caveats in the browser itself, as well as the installation process, these cannot be controlled from within.
- The browser just recently added the ability to change the headphones volume control within the browser. However, this still only applies relatively to the overall system volume.
- If the SBAC Secure Browser is not installed on a computer, a technician may need to be called in. When dealing with thousands of computers, it may make it impossible to attend to all these missing browsers at the same time.
- The SBAC Browser takes over the whole screen, but everything is typically still running in the background, so a creative student may perhaps be able to do stuff outside the session. Furthermore, launching the browser in a dedicated session can open up that session for use for other purposes if not controlled. (i.e: Student closes the browser, and surfs the net under that user)
The script I wrote addresses all these issues. It is mostly documented inside the script. Below is all you need to know about it.
If you need any help implementing it, please let me know, and I can try to assist.
- Login the user and check for the SBAC Secure Browser.
- Install the SBAC Secure Browser if it’s not already found – Launch SBAC Secure Browser
- Increase the global system volume to a predetermined value
- Skip running the browser installation if a specific process is running. (This can be used if you using Thin Clients that are frozen, and cannot take advantage of the browser self installation.
- Windows explorer will terminate
- Monitor the session, and automatically logout the session if/when the browser is closed.
- Allow the user to relaunch the SBAC Secure Browser in case the browser close wasn’t intentional.
- KIX32.EXE : http://kixtart.org (please note that Kix32 needs to be accessible from the workstation. Ideally, that file would be in the path environment variable.)
- nircmd.exe : http://www.nirsoft.net/utils/nircmd.html
- InstallSBACSecureBrowser.exe : This is a browser installer Executable that runs as a user with admin privileges. You will be creating this with the kix2exe utility. (See installation instructions)
- Kix2exe, and (optionally) Kix2exe-GUI: http://kix2exe.ramonitor.nl/
- Unzip theSBAC Browser-Package file:
- Place the KIX32.exe in your \\domain\netlogon directory
- Place the nircmd folders (x86 and x64) into a network location that is readable by everyone.
- Install the Kix2exe, and Kix2exe-gui packages on your workstation
- Run the Kix2exe-gui, and select the “InstallSBACBrowser.kix” script.
- Modify the InstallSBACBrowser.kix to refer to the latest MSI of the SBAC Browser installer.
- You can change any of the parameters there, but the most important one is the “Run As”. This will be used to allow the installer to run even if the user does not have admin privileges on the workstations.
- Generate the EXE of the SBAC Browser installer, and place it in your NETLOGON.
- Open the SBACLogin.kix script, and modify the parameters in the appropriate sections. They are mostly the paths to the dependencies.
- Place the SBACLogin.kix in your NETLOGON directory, and point to it with your login script.
- Associate the login script with specific users that you want to be used for SBACTesting. (I have an account called sbactest with the login script associated with it)