SEBWIN-316: Finally grouped all security related settings. Implemented mapping for virtual machine policy.

SafeExamBrowser.Client.UnitTests/ClientControllerTests.cs

@@ -212,7 +212,7 @@ namespace SafeExamBrowser.Client.UnitTests
 			var correct = new Random().Next(1, 50);
 			var lockScreenResult = new Func<LockScreenResult>(() => ++attempt == correct ? result : new LockScreenResult());
 
-			context.Settings.QuitPasswordHash = hash;
+			context.Settings.Security.QuitPasswordHash = hash;
 			hashAlgorithm.Setup(a => a.GenerateHashFor(It.Is<string>(p => p == result.Password))).Returns(hash);
 			lockScreen.Setup(l => l.WaitForResult()).Returns(lockScreenResult);
 			uiFactory
@@ -692,9 +692,9 @@ namespace SafeExamBrowser.Client.UnitTests
 			var dialog = new Mock<IPasswordDialog>();
 			var dialogResult = new PasswordDialogResult { Password = "blobb", Success = true };
 
-			settings.QuitPasswordHash = "1234";
+			settings.Security.QuitPasswordHash = "1234";
 			dialog.Setup(d => d.Show(It.IsAny<IWindow>())).Returns(dialogResult);
-			hashAlgorithm.Setup(h => h.GenerateHashFor(It.Is<string>(s => s == dialogResult.Password))).Returns(settings.QuitPasswordHash);
+			hashAlgorithm.Setup(h => h.GenerateHashFor(It.Is<string>(s => s == dialogResult.Password))).Returns(settings.Security.QuitPasswordHash);
 			runtimeProxy.Setup(r => r.RequestShutdown()).Returns(new CommunicationResult(true));
 			uiFactory.Setup(u => u.CreatePasswordDialog(It.IsAny<TextKey>(), It.IsAny<TextKey>())).Returns(dialog.Object);
 
@@ -714,7 +714,7 @@ namespace SafeExamBrowser.Client.UnitTests
 			var dialog = new Mock<IPasswordDialog>();
 			var dialogResult = new PasswordDialogResult { Success = false };
 
-			settings.QuitPasswordHash = "1234";
+			settings.Security.QuitPasswordHash = "1234";
 			dialog.Setup(d => d.Show(It.IsAny<IWindow>())).Returns(dialogResult);
 			runtimeProxy.Setup(r => r.RequestShutdown()).Returns(new CommunicationResult(true));
 			uiFactory.Setup(u => u.CreatePasswordDialog(It.IsAny<TextKey>(), It.IsAny<TextKey>())).Returns(dialog.Object);
@@ -735,7 +735,7 @@ namespace SafeExamBrowser.Client.UnitTests
 			var dialog = new Mock<IPasswordDialog>();
 			var dialogResult = new PasswordDialogResult { Password = "blobb", Success = true };
 
-			settings.QuitPasswordHash = "1234";
+			settings.Security.QuitPasswordHash = "1234";
 			dialog.Setup(d => d.Show(It.IsAny<IWindow>())).Returns(dialogResult);
 			hashAlgorithm.Setup(h => h.GenerateHashFor(It.IsAny<string>())).Returns("9876");
 			uiFactory.Setup(u => u.CreatePasswordDialog(It.IsAny<TextKey>(), It.IsAny<TextKey>())).Returns(dialog.Object);

SafeExamBrowser.Client.UnitTests/Operations/ApplicationOperationTests.cs

@@ -20,6 +20,7 @@ using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.Monitoring.Contracts.Applications;
 using SafeExamBrowser.Settings;
 using SafeExamBrowser.Settings.Applications;
+using SafeExamBrowser.Settings.Security;
 
 namespace SafeExamBrowser.Client.UnitTests.Operations
 {
@@ -263,7 +264,7 @@ namespace SafeExamBrowser.Client.UnitTests.Operations
 		[TestMethod]
 		public void Perform_MustNotStartMonitorWithoutKioskMode()
 		{
-			context.Settings.KioskMode = KioskMode.None;
+			context.Settings.Security.KioskMode = KioskMode.None;
 			monitor.Setup(m => m.Initialize(It.IsAny<ApplicationSettings>())).Returns(new InitializationResult());
 
 			var result = sut.Perform();
@@ -275,7 +276,7 @@ namespace SafeExamBrowser.Client.UnitTests.Operations
 		[TestMethod]
 		public void Perform_MustStartMonitorWithKioskMode()
 		{
-			context.Settings.KioskMode = KioskMode.CreateNewDesktop;
+			context.Settings.Security.KioskMode = KioskMode.CreateNewDesktop;
 			monitor.Setup(m => m.Initialize(It.IsAny<ApplicationSettings>())).Returns(new InitializationResult());
 
 			var result = sut.Perform();
@@ -283,7 +284,7 @@ namespace SafeExamBrowser.Client.UnitTests.Operations
 			monitor.Verify(m => m.Start(), Times.Once);
 			Assert.AreEqual(OperationResult.Success, result);
 
-			context.Settings.KioskMode = KioskMode.DisableExplorerShell;
+			context.Settings.Security.KioskMode = KioskMode.DisableExplorerShell;
 			monitor.Reset();
 			monitor.Setup(m => m.Initialize(It.IsAny<ApplicationSettings>())).Returns(new InitializationResult());
 
@@ -331,7 +332,7 @@ namespace SafeExamBrowser.Client.UnitTests.Operations
 		[TestMethod]
 		public void Revert_MustNotStopMonitorWithoutKioskMode()
 		{
-			context.Settings.KioskMode = KioskMode.None;
+			context.Settings.Security.KioskMode = KioskMode.None;
 
 			var result = sut.Revert();
 
@@ -342,14 +343,14 @@ namespace SafeExamBrowser.Client.UnitTests.Operations
 		[TestMethod]
 		public void Revert_MustStopMonitorWithKioskMode()
 		{
-			context.Settings.KioskMode = KioskMode.CreateNewDesktop;
+			context.Settings.Security.KioskMode = KioskMode.CreateNewDesktop;
 
 			var result = sut.Revert();
 
 			monitor.Verify(m => m.Stop(), Times.Once);
 			Assert.AreEqual(OperationResult.Success, result);
 
-			context.Settings.KioskMode = KioskMode.DisableExplorerShell;
+			context.Settings.Security.KioskMode = KioskMode.DisableExplorerShell;
 			monitor.Reset();
 
 			result = sut.Revert();

SafeExamBrowser.Client/ClientController.cs

@@ -275,7 +275,7 @@ namespace SafeExamBrowser.Client
 			var applicationList = string.Join(Environment.NewLine, applications.Select(a => $"- {a.Name}"));
 			var message = $"{text.Get(TextKey.LockScreen_Message)}{Environment.NewLine}{Environment.NewLine}{applicationList}";
 			var title = text.Get(TextKey.LockScreen_Title);
-			var hasQuitPassword = !string.IsNullOrEmpty(Settings.QuitPasswordHash);
+			var hasQuitPassword = !string.IsNullOrEmpty(Settings.Security.QuitPasswordHash);
 			var allowOption = new LockScreenOption { Text = text.Get(TextKey.LockScreen_AllowOption) };
 			var terminateOption = new LockScreenOption { Text = text.Get(TextKey.LockScreen_TerminateOption) };
 			var lockScreen = uiFactory.CreateLockScreen(message, title, new [] { allowOption, terminateOption });
@@ -292,7 +292,7 @@ namespace SafeExamBrowser.Client
 				if (hasQuitPassword)
 				{
 					var passwordHash = hashAlgorithm.GenerateHashFor(result.Password);
-					var isCorrect = Settings.QuitPasswordHash.Equals(passwordHash, StringComparison.OrdinalIgnoreCase);
+					var isCorrect = Settings.Security.QuitPasswordHash.Equals(passwordHash, StringComparison.OrdinalIgnoreCase);
 
 					if (isCorrect)
 					{
@@ -591,7 +591,7 @@ namespace SafeExamBrowser.Client
 
 		private bool TryInitiateShutdown()
 		{
-			var hasQuitPassword = !string.IsNullOrEmpty(Settings.QuitPasswordHash);
+			var hasQuitPassword = !string.IsNullOrEmpty(Settings.Security.QuitPasswordHash);
 			var requestShutdown = false;
 			var succes = false;
 
@@ -633,7 +633,7 @@ namespace SafeExamBrowser.Client
 			if (result.Success)
 			{
 				var passwordHash = hashAlgorithm.GenerateHashFor(result.Password);
-				var isCorrect = Settings.QuitPasswordHash.Equals(passwordHash, StringComparison.OrdinalIgnoreCase);
+				var isCorrect = Settings.Security.QuitPasswordHash.Equals(passwordHash, StringComparison.OrdinalIgnoreCase);
 
 				if (isCorrect)
 				{

SafeExamBrowser.Client/Operations/ApplicationOperation.cs

@@ -15,8 +15,8 @@ using SafeExamBrowser.Core.Contracts.OperationModel.Events;
 using SafeExamBrowser.I18n.Contracts;
 using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.Monitoring.Contracts.Applications;
-using SafeExamBrowser.Settings;
 using SafeExamBrowser.Settings.Applications;
+using SafeExamBrowser.Settings.Security;
 
 namespace SafeExamBrowser.Client.Operations
 {
@@ -144,7 +144,7 @@ namespace SafeExamBrowser.Client.Operations
 
 		private void StartMonitor()
 		{
-			if (Context.Settings.KioskMode != KioskMode.None)
+			if (Context.Settings.Security.KioskMode != KioskMode.None)
 			{
 				monitor.Start();
 			}
@@ -152,7 +152,7 @@ namespace SafeExamBrowser.Client.Operations
 
 		private void StopMonitor()
 		{
-			if (Context.Settings.KioskMode != KioskMode.None)
+			if (Context.Settings.Security.KioskMode != KioskMode.None)
 			{
 				monitor.Stop();
 			}

SafeExamBrowser.Configuration/ConfigurationData/DataMapping/ConfigurationFileDataMapper.cs

@@ -16,23 +16,12 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 		{
 			switch (key)
 			{
-				case Keys.ConfigurationFile.AdminPasswordHash:
-					MapAdminPasswordHash(settings, value);
-					break;
 				case Keys.ConfigurationFile.ConfigurationPurpose:
 					MapConfigurationMode(settings, value);
 					break;
 			}
 		}
 
-		private void MapAdminPasswordHash(AppSettings settings, object value)
-		{
-			if (value is string hash)
-			{
-				settings.AdminPasswordHash = hash;
-			}
-		}
-
 		private void MapConfigurationMode(AppSettings settings, object value)
 		{
 			const int CONFIGURE_CLIENT = 1;

SafeExamBrowser.Configuration/ConfigurationData/DataMapping/GeneralDataMapper.cs

@@ -6,7 +6,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  */
 
-using System.Collections.Generic;
 using SafeExamBrowser.Settings;
 using SafeExamBrowser.Settings.Logging;
 
@@ -24,31 +23,6 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 			}
 		}
 
-		internal override void MapGlobal(IDictionary<string, object> rawData, AppSettings settings)
-		{
-			MapApplicationLogAccess(rawData, settings);
-		}
-
-		private void MapApplicationLogAccess(IDictionary<string, object> rawData, AppSettings settings)
-		{
-			var hasValue = rawData.TryGetValue(Keys.General.AllowApplicationLog, out var value);
-
-			if (hasValue && value is bool allow)
-			{
-				settings.AllowApplicationLogAccess = allow;
-			}
-
-			if (settings.AllowApplicationLogAccess)
-			{
-				settings.ActionCenter.ShowApplicationLog = true;
-			}
-			else
-			{
-				settings.ActionCenter.ShowApplicationLog = false;
-				settings.Taskbar.ShowApplicationLog = false;
-			}
-		}
-
 		private void MapLogLevel(AppSettings settings, object value)
 		{
 			const int ERROR = 0, WARNING = 1, INFO = 2;

SafeExamBrowser.Configuration/ConfigurationData/DataMapping/SecurityDataMapper.cs

@@ -8,6 +8,7 @@
 
 using System.Collections.Generic;
 using SafeExamBrowser.Settings;
+using SafeExamBrowser.Settings.Security;
 using SafeExamBrowser.Settings.Service;
 
 namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
@@ -18,6 +19,9 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 		{
 			switch (key)
 			{
+				case Keys.ConfigurationFile.AdminPasswordHash:
+					MapAdminPasswordHash(settings, value);
+					break;
 				case Keys.Security.AllowVirtualMachine:
 					MapVirtualMachinePolicy(settings, value);
 					break;
@@ -32,9 +36,38 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 
 		internal override void MapGlobal(IDictionary<string, object> rawData, AppSettings settings)
 		{
+			MapApplicationLogAccess(rawData, settings);
 			MapKioskMode(rawData, settings);
 		}
 
+		private void MapAdminPasswordHash(AppSettings settings, object value)
+		{
+			if (value is string hash)
+			{
+				settings.Security.AdminPasswordHash = hash;
+			}
+		}
+
+		private void MapApplicationLogAccess(IDictionary<string, object> rawData, AppSettings settings)
+		{
+			var hasValue = rawData.TryGetValue(Keys.General.AllowApplicationLog, out var value);
+
+			if (hasValue && value is bool allow)
+			{
+				settings.Security.AllowApplicationLogAccess = allow;
+			}
+
+			if (settings.Security.AllowApplicationLogAccess)
+			{
+				settings.ActionCenter.ShowApplicationLog = true;
+			}
+			else
+			{
+				settings.ActionCenter.ShowApplicationLog = false;
+				settings.Taskbar.ShowApplicationLog = false;
+			}
+		}
+
 		private void MapKioskMode(IDictionary<string, object> rawData, AppSettings settings)
 		{
 			var hasCreateNewDesktop = rawData.TryGetValue(Keys.Security.KioskModeCreateNewDesktop, out var createNewDesktop);
@@ -42,17 +75,17 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 
 			if (hasDisableExplorerShell && disableExplorerShell as bool? == true)
 			{
-				settings.KioskMode = KioskMode.DisableExplorerShell;
+				settings.Security.KioskMode = KioskMode.DisableExplorerShell;
 			}
 
 			if (hasCreateNewDesktop && createNewDesktop as bool? == true)
 			{
-				settings.KioskMode = KioskMode.CreateNewDesktop;
+				settings.Security.KioskMode = KioskMode.CreateNewDesktop;
 			}
 
 			if (hasCreateNewDesktop && hasDisableExplorerShell && createNewDesktop as bool? == false && disableExplorerShell as bool? == false)
 			{
-				settings.KioskMode = KioskMode.None;
+				settings.Security.KioskMode = KioskMode.None;
 			}
 		}
 
@@ -60,7 +93,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 		{
 			if (value is string hash)
 			{
-				settings.QuitPasswordHash = hash;
+				settings.Security.QuitPasswordHash = hash;
 			}
 		}
 
@@ -79,7 +112,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 		{
 			if (value is bool allow)
 			{
-				// TODO NEXT: settings.Security.VirtualMachinePolicy = ;
+				settings.Security.VirtualMachinePolicy = allow ? VirtualMachinePolicy.Allow : VirtualMachinePolicy.Deny ;
 			}
 		}
 	}

SafeExamBrowser.Configuration/ConfigurationData/DataValues.cs

@@ -13,6 +13,7 @@ using SafeExamBrowser.Settings;
 using SafeExamBrowser.Settings.Browser;
 using SafeExamBrowser.Settings.Browser.Proxy;
 using SafeExamBrowser.Settings.Logging;
+using SafeExamBrowser.Settings.Security;
 using SafeExamBrowser.Settings.Service;
 using SafeExamBrowser.Settings.UserInterface;
 
@@ -157,13 +158,15 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 			settings.Keyboard.AllowPrintScreen = false;
 			settings.Keyboard.AllowSystemKey = false;
 
-			settings.KioskMode = KioskMode.CreateNewDesktop;
-
 			settings.LogLevel = LogLevel.Debug;
 
 			settings.Mouse.AllowMiddleButton = false;
 			settings.Mouse.AllowRightButton = true;
 
+			settings.Security.AllowApplicationLogAccess = false;
+			settings.Security.KioskMode = KioskMode.CreateNewDesktop;
+			settings.Security.VirtualMachinePolicy = VirtualMachinePolicy.Deny;
+
 			settings.Service.DisableChromeNotifications = true;
 			settings.Service.DisableEaseOfAccessOptions = true;
 			settings.Service.DisableNetworkOptions = true;
@@ -178,8 +181,6 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 			settings.Service.DisableWindowsUpdate = true;
 			settings.Service.Policy = ServicePolicy.Mandatory;
 
-			settings.AllowApplicationLogAccess = false;
-
 			settings.Taskbar.EnableTaskbar = true;
 			settings.Taskbar.ShowApplicationInfo = false;
 			settings.Taskbar.ShowApplicationLog = false;

SafeExamBrowser.Runtime.UnitTests/Communication/RuntimeHostTests.cs

@@ -171,8 +171,9 @@ namespace SafeExamBrowser.Runtime.UnitTests.Communication
 		public void MustHandleConfigurationRequestCorrectly()
 		{
 			var args = default(ClientConfigurationEventArgs);
-			var configuration = new ClientConfiguration { Settings = new AppSettings { AdminPasswordHash = "12345" } };
+			var configuration = new ClientConfiguration { Settings = new AppSettings() };
 
+			configuration.Settings.Security.AdminPasswordHash = "12345";
 			sut.AllowConnection = true;
 			sut.ClientConfigurationNeeded += (a) => { args = a; args.ClientConfiguration = configuration; };
 			sut.AuthenticationToken = Guid.Empty;
@@ -184,7 +185,7 @@ namespace SafeExamBrowser.Runtime.UnitTests.Communication
 			Assert.IsNotNull(args);
 			Assert.IsNotNull(response);
 			Assert.IsInstanceOfType(response, typeof(ConfigurationResponse));
-			Assert.AreEqual(configuration.Settings.AdminPasswordHash, (response as ConfigurationResponse)?.Configuration.Settings.AdminPasswordHash);
+			Assert.AreEqual(configuration.Settings.Security.AdminPasswordHash, (response as ConfigurationResponse)?.Configuration.Settings.Security.AdminPasswordHash);
 		}
 
 		[TestMethod]

SafeExamBrowser.Runtime.UnitTests/Operations/ConfigurationOperationTests.cs

@@ -13,11 +13,11 @@ using Moq;
 using SafeExamBrowser.Communication.Contracts.Data;
 using SafeExamBrowser.Configuration.Contracts;
 using SafeExamBrowser.Configuration.Contracts.Cryptography;
-using SafeExamBrowser.Settings;
 using SafeExamBrowser.Core.Contracts.OperationModel;
 using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.Runtime.Operations;
 using SafeExamBrowser.Runtime.Operations.Events;
+using SafeExamBrowser.Settings;
 
 namespace SafeExamBrowser.Runtime.UnitTests.Operations
 {
@@ -272,11 +272,13 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		public void Perform_MustOnlyAllowToEnterAdminPasswordFiveTimes()
 		{
 			var count = 0;
-			var localSettings = new AppSettings { AdminPasswordHash = "1234" };
+			var localSettings = new AppSettings();
-			var settings = new AppSettings { AdminPasswordHash = "9876", ConfigurationMode = ConfigurationMode.ConfigureClient };
+			var settings = new AppSettings { ConfigurationMode = ConfigurationMode.ConfigureClient };
 			var url = @"http://www.safeexambrowser.org/whatever.seb";
 
 			appConfig.AppDataFilePath = Path.Combine(Path.GetDirectoryName(GetType().Assembly.Location), nameof(Operations), "Testdata", FILE_NAME);
+			localSettings.Security.AdminPasswordHash = "1234";
+			settings.Security.AdminPasswordHash = "9876";
 
 			repository.Setup(r => r.TryLoadSettings(It.IsAny<Uri>(), out settings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
 			repository.Setup(r => r.TryLoadSettings(It.Is<Uri>(u => u.LocalPath.Contains(FILE_NAME)), out localSettings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
@@ -329,12 +331,14 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		public void Perform_MustSucceedIfAdminPasswordTestdata()
 		{
 			var password = "test";
-			var currentSettings = new AppSettings { AdminPasswordHash = "1234", ConfigurationMode = ConfigurationMode.ConfigureClient };
+			var currentSettings = new AppSettings { ConfigurationMode = ConfigurationMode.ConfigureClient };
-			var nextSettings = new AppSettings { AdminPasswordHash = "9876", ConfigurationMode = ConfigurationMode.ConfigureClient };
+			var nextSettings = new AppSettings { ConfigurationMode = ConfigurationMode.ConfigureClient };
 			var url = @"http://www.safeexambrowser.org/whatever.seb";
 
+			currentSettings.Security.AdminPasswordHash = "1234";
 			nextSession.Settings = nextSettings;
-			hashAlgorithm.Setup(h => h.GenerateHashFor(It.Is<string>(p => p == password))).Returns(currentSettings.AdminPasswordHash);
+			nextSettings.Security.AdminPasswordHash = "9876";
+			hashAlgorithm.Setup(h => h.GenerateHashFor(It.Is<string>(p => p == password))).Returns(currentSettings.Security.AdminPasswordHash);
 			repository.Setup(r => r.TryLoadSettings(It.IsAny<Uri>(), out currentSettings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
 			repository.Setup(r => r.TryLoadSettings(It.Is<Uri>(u => u.AbsoluteUri == url), out nextSettings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
 			repository.Setup(r => r.ConfigureClientWith(It.IsAny<Uri>(), It.IsAny<PasswordParameters>())).Returns(SaveStatus.Success);
@@ -359,11 +363,13 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		[TestMethod]
 		public void Perform_MustNotAuthenticateIfSameAdminPassword()
 		{
-			var currentSettings = new AppSettings { AdminPasswordHash = "1234", ConfigurationMode = ConfigurationMode.ConfigureClient };
+			var currentSettings = new AppSettings { ConfigurationMode = ConfigurationMode.ConfigureClient };
-			var nextSettings = new AppSettings { AdminPasswordHash = "1234", ConfigurationMode = ConfigurationMode.ConfigureClient };
+			var nextSettings = new AppSettings { ConfigurationMode = ConfigurationMode.ConfigureClient };
 			var url = @"http://www.safeexambrowser.org/whatever.seb";
 
+			currentSettings.Security.AdminPasswordHash = "1234";
 			nextSession.Settings = nextSettings;
+			nextSettings.Security.AdminPasswordHash = "1234";
 			repository.Setup(r => r.TryLoadSettings(It.IsAny<Uri>(), out currentSettings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
 			repository.Setup(r => r.TryLoadSettings(It.Is<Uri>(u => u.AbsoluteUri == url), out nextSettings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
 			repository.Setup(r => r.ConfigureClientWith(It.IsAny<Uri>(), It.IsAny<PasswordParameters>())).Returns(SaveStatus.Success);
@@ -416,9 +422,10 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		{
 			var url = @"http://www.safeexambrowser.org/whatever.seb";
 			var location = Path.Combine(Path.GetDirectoryName(GetType().Assembly.Location), nameof(Operations), "Testdata", FILE_NAME);
-			var settings = new AppSettings { AdminPasswordHash = "1234", ConfigurationMode = ConfigurationMode.Exam };
+			var settings = new AppSettings { ConfigurationMode = ConfigurationMode.Exam };
 
 			appConfig.AppDataFilePath = location;
+			settings.Security.AdminPasswordHash = "1234";
 
 			repository
 				.Setup(r => r.TryLoadSettings(It.IsAny<Uri>(), out settings, It.IsAny<PasswordParameters>()))
@@ -427,13 +434,13 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 				.Setup(r => r.TryLoadSettings(It.Is<Uri>(u => u.Equals(new Uri(location))), out settings, It.IsAny<PasswordParameters>()))
 				.Returns(LoadStatus.Success);
 			repository
-				.Setup(r => r.TryLoadSettings(It.IsAny<Uri>(), out settings, It.Is<PasswordParameters>(p => p.IsHash == true && p.Password == settings.AdminPasswordHash)))
+				.Setup(r => r.TryLoadSettings(It.IsAny<Uri>(), out settings, It.Is<PasswordParameters>(p => p.IsHash == true && p.Password == settings.Security.AdminPasswordHash)))
 				.Returns(LoadStatus.Success);
 
 			var sut = new ConfigurationOperation(new[] { "blubb.exe", url }, repository.Object, hashAlgorithm.Object, logger.Object, sessionContext);
 			var result = sut.Perform();
 
-			repository.Verify(r => r.TryLoadSettings(It.IsAny<Uri>(), out settings, It.Is<PasswordParameters>(p => p.Password == settings.AdminPasswordHash)), Times.AtLeastOnce);
+			repository.Verify(r => r.TryLoadSettings(It.IsAny<Uri>(), out settings, It.Is<PasswordParameters>(p => p.Password == settings.Security.AdminPasswordHash)), Times.AtLeastOnce);
 
 			Assert.AreEqual(OperationResult.Success, result);
 		}
@@ -442,14 +449,16 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		public void Perform_MustAbortAskingForAdminPasswordIfDecidedByUser()
 		{
 			var password = "test";
-			var currentSettings = new AppSettings { AdminPasswordHash = "1234", ConfigurationMode = ConfigurationMode.ConfigureClient };
+			var currentSettings = new AppSettings { ConfigurationMode = ConfigurationMode.ConfigureClient };
-			var nextSettings = new AppSettings { AdminPasswordHash = "9876", ConfigurationMode = ConfigurationMode.ConfigureClient };
+			var nextSettings = new AppSettings { ConfigurationMode = ConfigurationMode.ConfigureClient };
 			var url = @"http://www.safeexambrowser.org/whatever.seb";
 
 			appConfig.AppDataFilePath = Path.Combine(Path.GetDirectoryName(GetType().Assembly.Location), nameof(Operations), "Testdata", FILE_NAME);
+			currentSettings.Security.AdminPasswordHash = "1234";
 			nextSession.Settings = nextSettings;
+			nextSettings.Security.AdminPasswordHash = "9876";
 
-			hashAlgorithm.Setup(h => h.GenerateHashFor(It.Is<string>(p => p == password))).Returns(currentSettings.AdminPasswordHash);
+			hashAlgorithm.Setup(h => h.GenerateHashFor(It.Is<string>(p => p == password))).Returns(currentSettings.Security.AdminPasswordHash);
 			repository.Setup(r => r.TryLoadSettings(It.IsAny<Uri>(), out currentSettings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
 			repository.Setup(r => r.TryLoadSettings(It.Is<Uri>(u => u.AbsoluteUri == url), out nextSettings, It.IsAny<PasswordParameters>())).Returns(LoadStatus.Success);
 

SafeExamBrowser.Runtime.UnitTests/Operations/KioskModeOperationTests.cs

@@ -9,11 +9,12 @@
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Moq;
 using SafeExamBrowser.Configuration.Contracts;
-using SafeExamBrowser.Settings;
 using SafeExamBrowser.Core.Contracts.OperationModel;
 using SafeExamBrowser.Logging.Contracts;
-using SafeExamBrowser.WindowsApi.Contracts;
 using SafeExamBrowser.Runtime.Operations;
+using SafeExamBrowser.Settings;
+using SafeExamBrowser.Settings.Security;
+using SafeExamBrowser.WindowsApi.Contracts;
 
 namespace SafeExamBrowser.Runtime.UnitTests.Operations
 {
@@ -65,7 +66,7 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 			var setStartup = 0;
 			var suspend = 0;
 
-			nextSettings.KioskMode = KioskMode.CreateNewDesktop;
+			nextSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 
 			desktopFactory.Setup(f => f.GetCurrent()).Callback(() => getCurrrent = ++order).Returns(originalDesktop.Object);
 			desktopFactory.Setup(f => f.CreateNew(It.IsAny<string>())).Callback(() => createNew = ++order).Returns(newDesktop.Object);
@@ -97,7 +98,7 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		{
 			var order = 0;
 
-			nextSettings.KioskMode = KioskMode.DisableExplorerShell;
+			nextSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
 			explorerShell.Setup(s => s.HideAllWindows()).Callback(() => Assert.AreEqual(1, ++order));
 			explorerShell.Setup(s => s.Terminate()).Callback(() => Assert.AreEqual(2, ++order));
 
@@ -118,7 +119,7 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 
 			desktopFactory.Setup(f => f.GetCurrent()).Returns(originalDesktop.Object);
 			desktopFactory.Setup(f => f.CreateNew(It.IsAny<string>())).Returns(newDesktop.Object);
-			nextSettings.KioskMode = KioskMode.CreateNewDesktop;
+			nextSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 
 			result = sut.Perform();
 
@@ -134,7 +135,7 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 			newDesktop.Verify(d => d.Close(), Times.Never);
 			originalDesktop.Verify(d => d.Activate(), Times.Never);
 
-			nextSettings.KioskMode = KioskMode.DisableExplorerShell;
+			nextSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
 
 			result = sut.Repeat();
 
@@ -150,8 +151,8 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 			newDesktop.Verify(d => d.Close(), Times.Once);
 			originalDesktop.Verify(d => d.Activate(), Times.Once);
 
-			currentSettings.KioskMode = nextSettings.KioskMode;
+			currentSettings.Security.KioskMode = nextSettings.Security.KioskMode;
-			nextSettings.KioskMode = KioskMode.CreateNewDesktop;
+			nextSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 
 			result = sut.Repeat();
 
@@ -175,8 +176,8 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 			var originalDesktop = new Mock<IDesktop>();
 			var success = true;
 
-			currentSettings.KioskMode = KioskMode.CreateNewDesktop;
+			currentSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
-			nextSettings.KioskMode = KioskMode.CreateNewDesktop;
+			nextSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 
 			desktopFactory.Setup(f => f.GetCurrent()).Returns(originalDesktop.Object);
 			desktopFactory.Setup(f => f.CreateNew(It.IsAny<string>())).Returns(newDesktop.Object);
@@ -204,8 +205,8 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		{
 			var success = true;
 
-			currentSettings.KioskMode = KioskMode.DisableExplorerShell;
+			currentSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
-			nextSettings.KioskMode = KioskMode.DisableExplorerShell;
+			nextSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
 
 			success &= sut.Perform() == OperationResult.Success;
 			success &= sut.Repeat() == OperationResult.Success;
@@ -233,8 +234,8 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 			var close = 0;
 			var resume = 0;
 
-			currentSettings.KioskMode = KioskMode.CreateNewDesktop;
+			currentSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
-			nextSettings.KioskMode = KioskMode.CreateNewDesktop;
+			nextSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 
 			desktopFactory.Setup(f => f.GetCurrent()).Returns(originalDesktop.Object);
 			desktopFactory.Setup(f => f.CreateNew(It.IsAny<string>())).Returns(newDesktop.Object);
@@ -266,8 +267,8 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		{
 			var order = 0;
 
-			currentSettings.KioskMode = KioskMode.DisableExplorerShell;
+			currentSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
-			nextSettings.KioskMode = KioskMode.DisableExplorerShell;
+			nextSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
 			explorerShell.Setup(s => s.Start()).Callback(() => Assert.AreEqual(1, ++order));
 			explorerShell.Setup(s => s.RestoreAllWindows()).Callback(() => Assert.AreEqual(2, ++order));
 
@@ -284,7 +285,7 @@ namespace SafeExamBrowser.Runtime.UnitTests.Operations
 		[TestMethod]
 		public void MustDoNothingWithoutKioskMode()
 		{
-			nextSettings.KioskMode = KioskMode.None;
+			nextSettings.Security.KioskMode = KioskMode.None;
 
 			Assert.AreEqual(OperationResult.Success, sut.Perform());
 			Assert.AreEqual(OperationResult.Success, sut.Repeat());

SafeExamBrowser.Runtime.UnitTests/RuntimeControllerTests.cs

@@ -20,6 +20,7 @@ using SafeExamBrowser.I18n.Contracts;
 using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.Runtime.Operations.Events;
 using SafeExamBrowser.Settings;
+using SafeExamBrowser.Settings.Security;
 using SafeExamBrowser.Settings.Service;
 using SafeExamBrowser.UserInterface.Contracts;
 using SafeExamBrowser.UserInterface.Contracts.MessageBox;
@@ -223,7 +224,7 @@ namespace SafeExamBrowser.Runtime.UnitTests
 			var passwordDialog = new Mock<IPasswordDialog>();
 			var result = new PasswordDialogResult { Password = "test1234", Success = true };
 
-			currentSettings.KioskMode = KioskMode.DisableExplorerShell;
+			currentSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
 			passwordDialog.Setup(p => p.Show(It.IsAny<IWindow>())).Returns(result);
 			uiFactory.Setup(u => u.CreatePasswordDialog(It.IsAny<string>(), It.IsAny<string>())).Returns(passwordDialog.Object);
 
@@ -247,7 +248,7 @@ namespace SafeExamBrowser.Runtime.UnitTests
 				runtimeHost.Raise(r => r.PasswordReceived += null, new PasswordReplyEventArgs { RequestId = id, Success = true });
 			});
 
-			currentSettings.KioskMode = KioskMode.CreateNewDesktop;
+			currentSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 			clientProxy.Setup(c => c.RequestPassword(It.IsAny<PasswordRequestPurpose>(), It.IsAny<Guid>())).Returns(new CommunicationResult(true)).Callback(passwordReceived);
 
 			sut.TryStart();
@@ -266,7 +267,7 @@ namespace SafeExamBrowser.Runtime.UnitTests
 				runtimeHost.Raise(r => r.PasswordReceived += null, new PasswordReplyEventArgs { RequestId = id, Success = false });
 			});
 
-			currentSettings.KioskMode = KioskMode.CreateNewDesktop;
+			currentSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 			clientProxy.Setup(c => c.RequestPassword(It.IsAny<PasswordRequestPurpose>(), It.IsAny<Guid>())).Returns(new CommunicationResult(true)).Callback(passwordReceived);
 
 			sut.TryStart();
@@ -281,7 +282,7 @@ namespace SafeExamBrowser.Runtime.UnitTests
 		{
 			var args = new PasswordRequiredEventArgs();
 
-			currentSettings.KioskMode = KioskMode.CreateNewDesktop;
+			currentSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 			clientProxy.Setup(c => c.RequestPassword(It.IsAny<PasswordRequestPurpose>(), It.IsAny<Guid>())).Returns(new CommunicationResult(false));
 
 			sut.TryStart();
@@ -299,7 +300,7 @@ namespace SafeExamBrowser.Runtime.UnitTests
 			};
 
 			StartSession();
-			currentSettings.KioskMode = KioskMode.DisableExplorerShell;
+			currentSettings.Security.KioskMode = KioskMode.DisableExplorerShell;
 
 			sessionSequence.Raise(s => s.ActionRequired += null, args);
 
@@ -324,7 +325,7 @@ namespace SafeExamBrowser.Runtime.UnitTests
 			var reply = new MessageBoxReplyEventArgs();
 
 			StartSession();
-			currentSettings.KioskMode = KioskMode.CreateNewDesktop;
+			currentSettings.Security.KioskMode = KioskMode.CreateNewDesktop;
 
 			clientProxy.Setup(c => c.ShowMessage(
 				It.IsAny<string>(),

SafeExamBrowser.Runtime/Operations/ConfigurationOperation.cs

@@ -11,12 +11,12 @@ using System.IO;
 using SafeExamBrowser.Communication.Contracts.Data;
 using SafeExamBrowser.Configuration.Contracts;
 using SafeExamBrowser.Configuration.Contracts.Cryptography;
-using SafeExamBrowser.Settings;
 using SafeExamBrowser.Core.Contracts.OperationModel;
 using SafeExamBrowser.Core.Contracts.OperationModel.Events;
 using SafeExamBrowser.I18n.Contracts;
 using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.Runtime.Operations.Events;
+using SafeExamBrowser.Settings;
 
 namespace SafeExamBrowser.Runtime.Operations
 {
@@ -126,7 +126,7 @@ namespace SafeExamBrowser.Runtime.Operations
 
 				if ((!hasProgramDataFile && !hasAppDataFile) || status == LoadStatus.Success)
 				{
-					currentPassword = settings?.AdminPasswordHash;
+					currentPassword = settings?.Security.AdminPasswordHash;
 					status = TryLoadSettings(uri, source, out passwordParams, out settings, currentPassword);
 				}
 			}
@@ -147,7 +147,7 @@ namespace SafeExamBrowser.Runtime.Operations
 
 		private OperationResult LoadSettingsForReconfiguration(Uri uri)
 		{
-			var currentPassword = Context.Current.Settings.AdminPasswordHash;
+			var currentPassword = Context.Current.Settings.Security.AdminPasswordHash;
 			var source = UriSource.Reconfiguration;
 			var status = TryLoadSettings(uri, source, out var passwordParams, out var settings, currentPassword);
 
@@ -311,7 +311,7 @@ namespace SafeExamBrowser.Runtime.Operations
 
 			if (mustAuthenticate)
 			{
-				var nextPassword = Context.Next.Settings.AdminPasswordHash;
+				var nextPassword = Context.Next.Settings.Security.AdminPasswordHash;
 				var hasSettingsPassword = passwordParams.Password != null;
 				var sameAdminPassword = currentPassword.Equals(nextPassword, StringComparison.OrdinalIgnoreCase);
 

SafeExamBrowser.Runtime/Operations/KioskModeOperation.cs

@@ -10,7 +10,7 @@ using SafeExamBrowser.Core.Contracts.OperationModel;
 using SafeExamBrowser.Core.Contracts.OperationModel.Events;
 using SafeExamBrowser.I18n.Contracts;
 using SafeExamBrowser.Logging.Contracts;
-using SafeExamBrowser.Settings;
+using SafeExamBrowser.Settings.Security;
 using SafeExamBrowser.WindowsApi.Contracts;
 
 namespace SafeExamBrowser.Runtime.Operations
@@ -43,12 +43,12 @@ namespace SafeExamBrowser.Runtime.Operations
 
 		public override OperationResult Perform()
 		{
-			logger.Info($"Initializing kiosk mode '{Context.Next.Settings.KioskMode}'...");
+			logger.Info($"Initializing kiosk mode '{Context.Next.Settings.Security.KioskMode}'...");
 			StatusChanged?.Invoke(TextKey.OperationStatus_InitializeKioskMode);
 
-			activeMode = Context.Next.Settings.KioskMode;
+			activeMode = Context.Next.Settings.Security.KioskMode;
 
-			switch (Context.Next.Settings.KioskMode)
+			switch (Context.Next.Settings.Security.KioskMode)
 			{
 				case KioskMode.CreateNewDesktop:
 					CreateNewDesktop();
@@ -63,7 +63,7 @@ namespace SafeExamBrowser.Runtime.Operations
 
 		public override OperationResult Repeat()
 		{
-			var newMode = Context.Next.Settings.KioskMode;
+			var newMode = Context.Next.Settings.Security.KioskMode;
 			var result = OperationResult.Success;
 
 			if (activeMode == newMode)

SafeExamBrowser.Runtime/RuntimeController.cs

@@ -13,14 +13,15 @@ using SafeExamBrowser.Communication.Contracts.Events;
 using SafeExamBrowser.Communication.Contracts.Hosts;
 using SafeExamBrowser.Communication.Contracts.Proxies;
 using SafeExamBrowser.Configuration.Contracts;
-using SafeExamBrowser.Settings;
-using SafeExamBrowser.Settings.Service;
 using SafeExamBrowser.Core.Contracts.OperationModel;
 using SafeExamBrowser.Core.Contracts.OperationModel.Events;
 using SafeExamBrowser.I18n.Contracts;
 using SafeExamBrowser.Logging.Contracts;
 using SafeExamBrowser.Runtime.Contracts;
 using SafeExamBrowser.Runtime.Operations.Events;
+using SafeExamBrowser.Settings;
+using SafeExamBrowser.Settings.Security;
+using SafeExamBrowser.Settings.Service;
 using SafeExamBrowser.UserInterface.Contracts;
 using SafeExamBrowser.UserInterface.Contracts.MessageBox;
 using SafeExamBrowser.UserInterface.Contracts.Windows;
@@ -193,11 +194,11 @@ namespace SafeExamBrowser.Runtime
 			RegisterSessionEvents();
 
 			runtimeWindow.ShowProgressBar = false;
-			runtimeWindow.ShowLog = Session.Settings.AllowApplicationLogAccess;
+			runtimeWindow.ShowLog = Session.Settings.Security.AllowApplicationLogAccess;
-			runtimeWindow.TopMost = Session.Settings.KioskMode != KioskMode.None;
+			runtimeWindow.TopMost = Session.Settings.Security.KioskMode != KioskMode.None;
 			runtimeWindow.UpdateStatus(TextKey.RuntimeWindow_ApplicationRunning);
 
-			if (Session.Settings.KioskMode == KioskMode.DisableExplorerShell)
+			if (Session.Settings.Security.KioskMode == KioskMode.DisableExplorerShell)
 			{
 				runtimeWindow.Hide();
 			}
@@ -226,9 +227,9 @@ namespace SafeExamBrowser.Runtime
 			{
 				runtimeWindow.ShowProgressBar = false;
 				runtimeWindow.UpdateStatus(TextKey.RuntimeWindow_ApplicationRunning);
-				runtimeWindow.TopMost = Session.Settings.KioskMode != KioskMode.None;
+				runtimeWindow.TopMost = Session.Settings.Security.KioskMode != KioskMode.None;
 
-				if (Session.Settings.KioskMode == KioskMode.DisableExplorerShell)
+				if (Session.Settings.Security.KioskMode == KioskMode.DisableExplorerShell)
 				{
 					runtimeWindow.Hide();
 				}
@@ -404,7 +405,7 @@ namespace SafeExamBrowser.Runtime
 		private void AskForPassword(PasswordRequiredEventArgs args)
 		{
 			var isStartup = !SessionIsRunning;
-			var isRunningOnDefaultDesktop = SessionIsRunning && Session.Settings.KioskMode == KioskMode.DisableExplorerShell;
+			var isRunningOnDefaultDesktop = SessionIsRunning && Session.Settings.Security.KioskMode == KioskMode.DisableExplorerShell;
 
 			if (isStartup || isRunningOnDefaultDesktop)
 			{
@@ -419,7 +420,7 @@ namespace SafeExamBrowser.Runtime
 		private void ShowMessageBox(MessageEventArgs args)
 		{
 			var isStartup = !SessionIsRunning;
-			var isRunningOnDefaultDesktop = SessionIsRunning && Session.Settings.KioskMode == KioskMode.DisableExplorerShell;
+			var isRunningOnDefaultDesktop = SessionIsRunning && Session.Settings.Security.KioskMode == KioskMode.DisableExplorerShell;
 			var message = text.Get(args.Message);
 			var title = text.Get(args.Title);
 

SafeExamBrowser.Settings/AppSettings.cs

@@ -11,6 +11,7 @@ using SafeExamBrowser.Settings.Applications;
 using SafeExamBrowser.Settings.Browser;
 using SafeExamBrowser.Settings.Logging;
 using SafeExamBrowser.Settings.Monitoring;
+using SafeExamBrowser.Settings.Security;
 using SafeExamBrowser.Settings.Service;
 using SafeExamBrowser.Settings.SystemComponents;
 using SafeExamBrowser.Settings.UserInterface;
@@ -28,16 +29,6 @@ namespace SafeExamBrowser.Settings
 		/// </summary>
 		public ActionCenterSettings ActionCenter { get; set; }
 
-		/// <summary>
-		/// The hash code of the administrator password for the settings.
-		/// </summary>
-		public string AdminPasswordHash { get; set; }
-
-		/// <summary>
-		/// Determines whether any log information will be accessible via the user interface.
-		/// </summary>
-		public bool AllowApplicationLogAccess { get; set; }
-
 		/// <summary>
 		/// All settings related to external applications.
 		/// </summary>
@@ -63,11 +54,6 @@ namespace SafeExamBrowser.Settings
 		/// </summary>
 		public KeyboardSettings Keyboard { get; set; }
 
-		/// <summary>
-		/// The kiosk mode which determines how the computer is locked down.
-		/// </summary>
-		public KioskMode KioskMode { get; set; }
-
 		/// <summary>
 		/// The global log severity to be used.
 		/// </summary>
@@ -79,9 +65,9 @@ namespace SafeExamBrowser.Settings
 		public MouseSettings Mouse { get; set; }
 
 		/// <summary>
-		/// The hash code of the quit password.
+		/// All security-related settings.
 		/// </summary>
-		public string QuitPasswordHash { get; set; }
+		public SecuritySettings Security { get; set; }
 
 		/// <summary>
 		/// All service-related settings.
@@ -106,6 +92,7 @@ namespace SafeExamBrowser.Settings
 			Browser = new BrowserSettings();
 			Keyboard = new KeyboardSettings();
 			Mouse = new MouseSettings();
+			Security = new SecuritySettings();
 			Service = new ServiceSettings();
 			Taskbar = new TaskbarSettings();
 		}

SafeExamBrowser.Settings/SafeExamBrowser.Settings.csproj

@@ -70,11 +70,13 @@
     <Compile Include="Browser\Proxy\ProxyProtocol.cs" />
     <Compile Include="Browser\Proxy\ProxyConfiguration.cs" />
     <Compile Include="ConfigurationMode.cs" />
-    <Compile Include="KioskMode.cs" />
+    <Compile Include="Security\KioskMode.cs" />
     <Compile Include="Logging\LogLevel.cs" />
     <Compile Include="Monitoring\KeyboardSettings.cs" />
     <Compile Include="Monitoring\MouseSettings.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Security\SecuritySettings.cs" />
+    <Compile Include="Security\VirtualMachinePolicy.cs" />
     <Compile Include="Service\ServicePolicy.cs" />
     <Compile Include="Service\ServiceSettings.cs" />
     <Compile Include="AppSettings.cs" />

SafeExamBrowser.Settings/Security/KioskMode.cs

@@ -6,10 +6,10 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  */
 
-namespace SafeExamBrowser.Settings
+namespace SafeExamBrowser.Settings.Security
 {
 	/// <summary>
-	/// Defines all kiosk modes which the application supports.
+	/// Defines all kiosk modes which SEB supports.
 	/// </summary>
 	public enum KioskMode
 	{
@@ -19,12 +19,12 @@ namespace SafeExamBrowser.Settings
 		None,
 
 		/// <summary>
-		/// Creates a new desktop and runs the client application on it, without modifying the default desktop.
+		/// Creates a new desktop and runs the client on it, without modifying the default desktop.
 		/// </summary>
 		CreateNewDesktop,
 
 		/// <summary>
-		/// Terminates the Windows explorer shell and runs the client application on the default desktop.
+		/// Terminates the Windows explorer shell and runs the client on the default desktop.
 		/// </summary>
 		DisableExplorerShell
 	}

SafeExamBrowser.Settings/Security/SecuritySettings.cs

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2019 ETH Zürich, Educational Development and Technology (LET)
+ * 
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+using System;
+
+namespace SafeExamBrowser.Settings.Security
+{
+	/// <summary>
+	/// Defines all settings related to security.
+	/// </summary>
+	[Serializable]
+	public class SecuritySettings
+	{
+		/// <summary>
+		/// The hash code of the administrator password for the settings.
+		/// </summary>
+		public string AdminPasswordHash { get; set; }
+
+		/// <summary>
+		/// Determines whether any log information will be accessible via the user interface.
+		/// </summary>
+		public bool AllowApplicationLogAccess { get; set; }
+
+		/// <summary>
+		/// The kiosk mode which determines how the computer is locked down.
+		/// </summary>
+		public KioskMode KioskMode { get; set; }
+
+		/// <summary>
+		/// The hash code of the quit password.
+		/// </summary>
+		public string QuitPasswordHash { get; set; }
+
+		/// <summary>
+		/// Determines whether SEB is allowed to run in a virtual machine.
+		/// </summary>
+		public VirtualMachinePolicy VirtualMachinePolicy { get; set; }
+	}
+}

SafeExamBrowser.Settings/Security/VirtualMachinePolicy.cs

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2019 ETH Zürich, Educational Development and Technology (LET)
+ * 
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+namespace SafeExamBrowser.Settings.Security
+{
+	/// <summary>
+	/// Defines all policies with respect to running SEB in a virtual machine.
+	/// </summary>
+	public enum VirtualMachinePolicy
+	{
+		/// <summary>
+		/// SEB is allowed to be run in a virtual machine.
+		/// </summary>
+		Allow,
+
+		/// <summary>
+		/// SEB is not allowed to be run in a virtual machine.
+		/// </summary>
+		Deny
+	}
+}