Enable SecurityBoost
SecurityBoost improves the safety of the connection between the Kofax Capture server and workstation.
- Enable SecurityBoost in Kofax Capture. Refer to the Kofax Capture documentation for details.
-
Set a log on user account for the
KC Plug-In
service. This user must have read access to the following folders:
-
\\%SERVER%\capturesv\config
-
\\%SERVER%\capturesv\BatchDb (and subfolders)
-
\\%SERVER%\capturesv\PubTypes (and subfolders)
-
- If the Save to Disk option in KC Plug-In configuration is selected, write access is also necessary to the following folder: \\%SERVER%\capturesv\images.
- The user having SecurityBoost option requires the "Local Launch" and "Local Activation" COM permission. COM permissions can be modified with Control Panel > Administrative Tools > Component Services. Select COM Security tab in properties of Console Root\Component Services\Computers\My Computer. Click Edit Default under Launch and Activation Permissions. Select the user and modify the permissions.
- The user requires Full Control access to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Kofax\KIC-ED\KCPlugIn
-
To use
KC Plug-In
web service interface (Configure KC Plug-In web service interface), additional steps are necessary:
-
Reserve the namespace http://+:<port>/KIC-Electronic-Documents
-
Reserve the namespace https://+:<port>/KIC-Electronic-Documents and register the thumbprint of the certificate for the IP address:port (if you want to use SSL)
On Windows Server 2012 R2 or Windows 10, use the command netsh:
-
Namespace reservation syntax:
Netsh http add urlacl url=URL user= User
The url parameter specifies the fully qualified Uniform Resource Locator (URL). The user parameter specifies the user or user-group name.
-
For port 8001:
netsh http add urlacl url=http://+:8001/KIC-Electronic-Documents/ user=\EVERYONE
-
For port 8002 if SSL is enabled:
netsh http add urlacl url=https://+:8002/KIC-Electronic-Documents/ user=\EVERYONE
-
-
SSL thumbprint registration syntax:
netsh http add sslcert ipport= IPAddress:port certhash=CertHash appid=GUID
The ipport parameter specifies the IP address and port for the binding. A colon character (:) is used as a delimiter between the IP address and the port number. The certhash parameter specifies the SHA hash of the certificate. This hash is 20 bytes long and is specified as a hexadecimal string. The appid parameter specifies the GUID to identify the owning application.
-
For port 8002:
netsh http add sslcert ipport=0.0.0.0:8002 certhash=a9f05807bb757c41ba2e1c457ac2a78f00395a69 appid={4f38c942-c7e7-421b-bcec-bd3290c3b921}
-
-
If SecurityBoost is not enabled, the folder access permissions should be set according to the Kofax Capture documentation.