Advanced featuresEnable SecurityBoost

Enable SecurityBoost

SecurityBoost improves the safety of the connection between the Kofax Capture server and workstation.

  1. Enable SecurityBoost in Kofax Capture. Refer to the Kofax Capture documentation for details.
  2. Set a log-on user account for the KC Plug-In service. This user must have read access to the following folders:

    • \\%SERVER%\capturesv\config

    • \\%SERVER%\capturesv\BatchDb (and subfolders)

    • \\%SERVER%\capturesv\PubTypes (and subfolders)

  3. If the Save to Disk option in the KC Plug-In configuration is selected, make sure the write access is available for the following folder: \\%SERVER%\capturesv\images.
  4. The user having the SecurityBoost option requires the "Local Launch" and "Local Activation"COM permission. You can modify the COM permissions:

    1. Open Control Panel > Administrative Tools > Component Services.

    2. In the properties of Console Root\Component Services\Computers\My Computer, select the COM Security tab.

    3. Under Launch and Activation Permissions, click Edit Default.

    4. Select the user and modify the permissions.

  5. The user requires Full Control access to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Kofax\KIC-ED\KCPlugIn
  6. To use the KC Plug-In web service interface (seeConfigure web service), configure the following additional steps:

    • Reserve the namespace http://+:<port>/KIC-Electronic-Documents

    • Reserve the namespace https://+:<port>/KIC-Electronic-Documents and register the thumbprint of the certificate for the IP address:port (if you want to use SSL)

    On Windows Server 2012 R2 or Windows 10, use the command netsh:

    • Syntax for namespace reservation: 

      Netsh http add urlacl  url=URL user= User

      Where

      URL: Specifies the fully qualified Uniform Resource Locator (URL).

      User: Specifies the user or user-group name.

      • Syntax for port 8001: 

        netsh http add urlacl url=http://+:8001/KIC-Electronic-Documents/ user=\EVERYONE

      • Syntax for port 8002 if SSL is enabled: 

        netsh http add urlacl url=https://+:8002/KIC-Electronic-Documents/ user=\EVERYONE

    • Syntax for SSL thumbprint registration: 

      netsh http add sslcert ipport= IPAddress:port certhash=CertHash appid=GUID

      Where,

      ipport: Specifies the IP address and port for the binding.

      colon (:): This character is used as a delimiter between the IP address and the port number.

      certhash: Specifies the SHA hash of the certificate. This hash is 20 bytes long and is specified as a hexadecimal string.

      appid: Specifies the GUID to identify the owning application.

    • Syntax for port 8002: 

      netsh http add sslcert ipport=0.0.0.0:8002 certhash=a9f05807bb757c41ba2e1c457ac2a78f00395a69 appid={4f38c942-c7e7-421b-bcec-bd3290c3b921}

If SecurityBoost is not enabled, you must set the folder access permissions according to the Kofax Capture documentation.