Enable SecurityBoost

SecurityBoost improves the safety of the connection between the Kofax Capture server and workstation.

  1. Enable SecurityBoost in Kofax Capture. Refer to the Kofax Capture documentation for details.
  2. Set a log on user account for the KC Plug-In service. This user must have read access to the following folders:
    • \\%SERVER%\capturesv\config

    • \\%SERVER%\capturesv\BatchDb (and subfolders)

    • \\%SERVER%\capturesv\PubTypes (and subfolders)

  3. If the Save to Disk option in KC Plug-In configuration is selected, write access is also necessary to the following folder: \\%SERVER%\capturesv\images.
  4. The user having SecurityBoost option requires the "Local Launch" and "Local Activation" COM permission. COM permissions can be modified with Control Panel > Administrative Tools > Component Services. Select COM Security tab in properties of Console Root\Component Services\Computers\My Computer. Click Edit Default under Launch and Activation Permissions. Select the user and modify the permissions.
  5. The user requires Full Control access to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Kofax\KIC-ED\KCPlugIn
  6. To use KC Plug-In web service interface (Configure KC Plug-In web service interface), additional steps are necessary:
    • Reserve the namespace http://+:<port>/KIC-Electronic-Documents

    • Reserve the namespace https://+:<port>/KIC-Electronic-Documents and register the thumbprint of the certificate for the IP address:port (if you want to use SSL)

    On Windows Server 2012 R2 or Windows 10, use the command netsh:

    • Namespace reservation syntax:

      Netsh http add urlacl  url=URL user= User

      The url parameter specifies the fully qualified Uniform Resource Locator (URL). The user parameter specifies the user or user-group name.

      • For port 8001:

        netsh http add urlacl url=http://+:8001/KIC-Electronic-Documents/ user=\EVERYONE
      • For port 8002 if SSL is enabled:

        netsh http add urlacl url=https://+:8002/KIC-Electronic-Documents/ user=\EVERYONE
    • SSL thumbprint registration syntax:

      netsh http add sslcert ipport= IPAddress:port certhash=CertHash appid=GUID

      The ipport parameter specifies the IP address and port for the binding. A colon character (:) is used as a delimiter between the IP address and the port number. The certhash parameter specifies the SHA hash of the certificate. This hash is 20 bytes long and is specified as a hexadecimal string. The appid parameter specifies the GUID to identify the owning application.

      • For port 8002:

        netsh http add sslcert ipport= certhash=a9f05807bb757c41ba2e1c457ac2a78f00395a69 appid={4f38c942-c7e7-421b-bcec-bd3290c3b921}

If SecurityBoost is not enabled, the folder access permissions should be set according to the Kofax Capture documentation.