Enable SecurityBoost
SecurityBoost improves the safety of the connection between the Kofax Capture server and workstation.
- Enable SecurityBoost in Kofax Capture. Refer to the Kofax Capture documentation for details.
-
Set a log-on user account for the
KC Plug-In
service. This user must have read access to the following folders:
-
\\%SERVER%\capturesv\config
-
\\%SERVER%\capturesv\BatchDb (and subfolders)
-
\\%SERVER%\capturesv\PubTypes (and subfolders)
-
- If the Save to Disk option in the KC Plug-In configuration is selected, make sure the write access is available for the following folder: \\%SERVER%\capturesv\images.
-
The user having the SecurityBoost option requires the "Local Launch" and "Local Activation"COM permission. You can
modify the COM permissions:
-
Open
. -
In the properties of Console Root\Component Services\Computers\My Computer, select the COM Security tab.
-
Under Launch and Activation Permissions, click Edit Default.
-
Select the user and modify the permissions.
-
- The user requires Full Control access to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Kofax\KIC-ED\KCPlugIn
-
To use the
KC Plug-In
web service interface (seeConfigure web service), configure the
following additional steps:
-
Reserve the namespace http://+:<port>/KIC-Electronic-Documents
-
Reserve the namespace https://+:<port>/KIC-Electronic-Documents and register the thumbprint of the certificate for the IP address:port (if you want to use SSL)
On Windows Server 2012 R2 or Windows 10, use the command netsh:
-
Syntax for namespace reservation:
Netsh http add urlacl url=URL user= User
Where
URL: Specifies the fully qualified Uniform Resource Locator (URL).
User: Specifies the user or user-group name.
-
Syntax for port 8001:
netsh http add urlacl url=http://+:8001/KIC-Electronic-Documents/ user=\EVERYONE
-
Syntax for port 8002 if SSL is enabled:
netsh http add urlacl url=https://+:8002/KIC-Electronic-Documents/ user=\EVERYONE
-
-
Syntax for SSL thumbprint registration:
netsh http add sslcert ipport= IPAddress:port certhash=CertHash appid=GUID
Where,
ipport: Specifies the IP address and port for the binding.
colon (:): This character is used as a delimiter between the IP address and the port number.
certhash: Specifies the SHA hash of the certificate. This hash is 20 bytes long and is specified as a hexadecimal string.
appid: Specifies the GUID to identify the owning application.
-
Syntax for port 8002:
netsh http add sslcert ipport=0.0.0.0:8002 certhash=a9f05807bb757c41ba2e1c457ac2a78f00395a69 appid={4f38c942-c7e7-421b-bcec-bd3290c3b921}
-
If SecurityBoost is not enabled, you must set the folder access permissions according to the Kofax Capture documentation.