Laserfiche Web Access 9.2 Installation Guide White Paper September 2014
Table of Contents Introduction... 4 Preinstallation... 4 System Requirements... 4 Minimum Server Requirements... 4 Recommended Server Requirements... 4 Software Requirements... 5 Laserfiche Server... 5 Web Server... 5 Client Workstation... 5 Installing Web Access... 5 Web Access Help... 8 Online Documentation... 8 Local Documentation... 8 Post Installation Information... 10 Types of Firewall Configurations... 10 Firewall Setup... 13 Configuring Web Access... 13 Configuration Page... 13 Repositories... 14 Profiles... 16 Authentication... 17 Laserfiche Authentication Service... 19 E-mail... 20 Export Settings... 22 Watermarks... 22 Configuration Page Access... 23 Logging... 24 Metadata Preview Pane... 26 2
IFilter... 26 Configuring Default Upload and Download Limits... 27 Disabling Token Substitution in Sticky Note, Text Box, and Callout Text Annotations... 29 Laserfiche Web Accelerator... 29 Laserfiche Distributed Computing Cluster... 30 Laserfiche Web Administration Console... 30 Administering Web Access... 30 Prompting for Login Information... 30 Automatic Login... 31 Using Windows Authentication... 31 Configuring Kerberos... 33 Configuring SSL and Basic Authentication... 34 Configuring SSL between the Web Access and Laserfiche Servers... 40 IIS Configuration... 40 Serving Dynamic Content in IIS 6.0... 40 Editing the IIS 6.0 Metabase... 40 Configuring IIS 7... 41 Configuring IIS 8 and IIS 8.5... 42 Points of Integration... 43 Custom Context Menus... 43 Custom Login... 44 Displaying Web Access in an IFrame... 46 Launching Web Scanning with a Custom URL... 46 Troubleshooting... 49 Running the 32-bit Version of Web Access on a 64-Bit Edition of Windows.. 51 3
Introduction Web Access is an ASP.NET 4.0 web application that allows you to access and modify your Laserfiche repository from any computer using a web browser. Web Access incorporates many of the features and options available in the Laserfiche Windows Client. Preinstallation Prior to installing Laserfiche Web Access, make sure your system meets the following requirements. Install the Laserfiche Server software (version 9.2 or later) and create a repository using the Laserfiche 9 Administration Console (which can be installed with the Laserfiche Client). IIS (Internet Information Services) must be installed on the computer where you plan to install Web Access. A network firewall should be installed to keep your Laserfiche repositories secure. It will need to be configured appropriately depending on how you will be using Web Access to access your repositories. System Requirements Below are the minimum and recommended system requirements for Laserfiche Web Access. The term "server" refers to the web server. Minimum Server Requirements CPU: 2 GHz or faster processor Memory: 1 GB RAM Operating system: Windows Server 2003 (Service Pack 1) with IIS 6, Windows Server 2008 with IIS 7, Windows 7 with IIS 7.5, Windows Server 2008 R2 with IIS 7.5, Windows Server 2012 with IIS 8, Windows 8 with IIS 8, Windows Server 2012 R2 with IIS 8.5, Windows 8.1 with IIS 8.5. Note: Server operating systems (Windows Server 2012, etc.) are preferred. Home editions of Windows 7 may not include IIS features necessary for full Web Access functionality. Recommended Server Requirements CPU: 2.8 GHz or faster processor Memory: 2 GB RAM 4
Note: Hardware requirements may fluctuate based on the number of users logged in to the server. If you expect to have many simultaneous connections to your Web Access server, we encourage you to configure it with a faster CPU and/or add more RAM. Note: Serving high-resolution images can require large amounts of system resources. If your repository contains high-resolution images, make sure that the total paging file size on the Web Access server is at least twice the amount of physical memory (RAM) Software Requirements Below are the recommended software requirements for Laserfiche Web Access. Laserfiche Server Laserfiche Web Access 9.2 requires version 9.2 or later of the Laserfiche Server. Web Access is not compatible with standalone editions of Laserfiche (Executive, Desktop, etc.). Web Server Web Access is an ASP.NET 4.0 Web application for IIS. Ensure the Windows Authentication feature in IIS 7 or IIS 8 is enabled. Internet Information Services (IIS): IIS 6 (Windows Server 2003), IIS 7 (Windows Server 2008), IIS 7.5 (Windows 7 or Windows Server 2008 R2), IIS 8 (Windows 8 or Windows Server 2012). Client Workstation Web Access is best viewed using Internet Explorer 9 or higher (Internet Explorer 7 and Internet Explorer 8 are supported), Firefox 3 or higher, Safari 4 or higher, Chrome 6 or higher. Note: Internet Explorer 7 users should install Microsoft security update 947864 (MS08-024). Installing Web Access Insert the Laserfiche Web Access DVD and the installation should automatically launch. If it does not, double-click Autorun.exe on the Web Access DVD. 5
1. On the Choose Language Setup step, select how you want the installation displayed. This language setting only affects the installation. 2. On the Welcome step, click Next. 3. On the License Agreement step, read the license agreement and select I accept the terms in the License Agreement if you agree to the terms of the license agreement. Click Next to continue. 4. On the Custom Setup step, select the components you want to install and the location that you want to install t hem. Click Next to continue. Note: If you have more than one website in IIS, the IIS Options step will be displayed. You can choose to use the default website for Web Access, or you can specify another website. This option will not be displayed if you do not have more than one website on your web server. 5. On the Laserfiche Product Activation step, specify the desired method for activating Web Access. If you have an activation key, select the Activate online using the following activation key option and specify the activation key in the text box. The installation will contact Laserfiche over the Internet at the end of the installation. If you received a license file, select the Activate using license file option and browse to the path where the Web Access license file can be found. If you are in a Laserfiche Rio environment, select the Activate using the Rio License Manager option. Click Next to continue. 6. If you chose to activate using the Rio License Manager, you will be prompted to complete the following additional steps. If not, skip to step 7. Note: The following instructions refer to terms and concepts specific to Laserfiche Rio. If you are not familiar with these concepts, see the License Manager help files or the Laserfiche Rio Deployment Guide on the Laserfiche Support Site. a. In the first Register to a License Manager step, in the License Manager Server option, type the name of your Rio License Manager server computer. In the Log on as option, select whether to log in as the current Windows user or as another Windows user. Click Next to continue. b. In the second Register to a License Manager step, in the License database option, select the license database for your Rio installation. In the License block option, select the Web Access instance you want to use. In most cases, there will be only one license database and only one Web Access license block. 6
c. In the same step, select whether to use an existing registration or register a new Web Access instance. If you or your Rio administrator already registered this computer for Web Access, select Use existing registration and then choose the computer from the list. If not, select Register new instance. Click Next to continue. Note: If you are upgrading an existing installation, in most cases you should choose Use existing registration. Registering a new instance when an existing registration exists may result in unnecessary reallocation of repository named users or public portal licenses. d. Note: If the available license information seems incomplete or out of date, you may need to renew your master license to get the most current information. Click Renew Master License to do so. e. Click Next to continue. Note: If you are using Laserfiche Directory Server for license management and you have configured organizations, the Organization path option will be displayed after this step. Select the organization you want to use in this option. This option will not be displayed if you do not have organizations configured, or if you are not using Laserfiche Directory Server. f. In the final Register to a License Manager step, review the settings for your new License Manager registration. Click Next and proceed with the installation. 7. On the Laserfiche Service Settings step, specify the default account to use when IIS is configured for anonymous authentication. You can specify a custom Windows domain account or use the Windows Internet Guest (IUSR) account. Anonymous Access allows visitors to access IIS without providing a user name and password. For most situations, you can choose the built-in IUSR guest account. You should only need to specify a domain account if you have a security configuration where the IUSR account cannot access the Web Access installation path. You can change this setting after the installation by modifying the Anonymous Authentication option for the Web Access virtual directory in IIS Manager. See this Microsoft TechNet article for more information on anonymous authentication: http://technet.microsoft.com/enus/library/cc731244(ws.10).aspx 8. On the Ready to Install step, click Install to start the installation process. 7
9. On the Prerequisites step, Web Access will detect for required IIS features and enable them if they are currently disabled. In addition, Web Access will install.net Framework 4.0 if it is not already installed on the Web Server. Click Install to begin the check. If.NET Framework is already installed, click Next to continue. 10. The installation process will run, displaying the product or feature currently being installed and the status of the installation. When the installation is complete, click Next to continue 11. At the end of the installation, the Laserfiche Product Enhancement Program step will open. Select Yes if you want to participate, and No if you do not. You can opt out at any time. For more information, see the Product Enrichment Program help. Click Next to continue. 12. When the installation process is complete, click Finish to exit the installation wizard. You can automatically open the configuration page by selecting Launch Web Access configuration page on exit and click Finish. Note: The Web Access installation includes a subcomponent called the Laserfiche Authentication Service 9.2. By default, this service runs on port 8188. The installation package must use this port during the initial installation. If this port is not available, the installation cannot continue. If a third-party program is currently using this port, you must temporarily free port 8188 to complete the Web Access installation process. After the installation is complete, you can configure the Laserfiche Authentication Service 9.2 to run on a different port. Web Access Help Web Access offers two types of help files. Online Documentation The online documentation is hosted off of Laserfiche.com. This allows Laserfiche to update the documentation as needed and give you the most current information. It is also accessible from anywhere that has Internet access. Laserfiche User Guide Web Access Installation, Configuration, and Administration Help Laserfiche Administration Guide Local Documentation The local documentation is installed to your local machine when you install Web Access. This enables those without Internet access the ability to view the Web Access documentation. Because it is installed on your machine, changes 8
made to the online documentation will not be reflected in the local documentation. If you have Internet access, we recommend you use the online documentation as it will be the most up-to-date. By default, Web Access is configured to use online documentation. Local help for Web Access is installed as a.zip file, and must be extracted to be used: 1. On the computer on which Web Access has been installed, navigate to C:\Program Files\Laserfiche\Web Access. (If you chose to install Web Access in a different location, navigate to that location instead.) 2. Open the WebHelp folder to install local user help. 3. Extract the zip file in place. 4. Open the WebHelpAdmin folder to install local installation and configuration help. 5. Extract the zip file in place. Note: The zip file must be extracted in place in the WebHelp or WebHelpAdmin folder, and the files should not be moved. If the files are moved or the zip file is extracted elsewhere, help buttons and links for the product will not function correctly. Note that some extraction programs will create a subfolder automatically when extracting the contents of a.zip file. If this is the case, you should either modify your extraction program s settings to extract directly to the WebHelp or WebHelpAdmin folder, or manually move the file contents from the subfolder to the WebHelp or WebHelpAdmin folder. Once you have extracted the local help, you will need to configure Web Access to use it. To configure Web Access to use local documentation: 1. Click Start, then Run. 2. In the Run dialog box type regedit. 3. In the Registry Editor, double-click HKEY_LOCAL_MACHINE, then SOFTWARE, then Laserfiche. 4. Select Web Access. 5. Click Edit in the menu, point to New, and select String Value. 6. Name the new value UseLocalHelp. 7. Double-click UseLocalHelp, type 1 under Value data, and click OK. After you close the Registry Editor, restart the Internet Information Services (IIS) service. To restart this service: 1. Click Start and select Control Panel. 9
2. Double-click Administrative Tools then Services. 3. Right-click IIS Admin and select Restart. Post Installation Information Types of Firewall Configurations When a user attempts to access a Laserfiche repository through Laserfiche Web Access, the user communicates with the web server hosting Laserfiche Web Access. The web server then communicates with the Laserfiche Server, which sends back the appropriate response to the Web Access server, which transmits it to the user. You can configure your setup so the firewall resides anywhere along that route. As a result, there are several different types of firewall configurations that can be implemented for Laserfiche Web Access. Note: If you have never configured a firewall, it is strongly recommended that you refer to another source for information on firewall configuration. You should also contact a network security professional prior to implementing a firewall solution. The following basic configurations are available when using Laserfiche Web Access with a firewall. Web server and the Laserfiche Server outside the firewall Web server outside the firewall; Laserfiche Server inside the firewall Web server and the Laserfiche Server inside the firewall Web server and the Laserfiche Server inside the primary firewall, but outside the secondary firewall Everything Outside the Firewall With this configuration, the firewall's security is not compromised in any way; the data protected within the firewall remains secure. On the down side, the Laserfiche Server is exposed to the outside world, which could be problematic if it contains sensitive data. 10
How does it work? 1. An Internet user (via web browser) requests information from the Laserfiche repository through a web site incorporating Laserfiche Web Access. 2. The request is received by the web server. The web server opens a connection with the Laserfiche Server using Laserfiche Web Access. 3. The Laserfiche Server receives the connection command and provides the requested information back to the user through Laserfiche Web Access. 4. The firewall is configured to allow Internet access from the private network. All access initiated from the Internet to the private network is restricted. Laserfiche Web Access Outside; Laserfiche Server Inside With this setup, the Laserfiche Server remains protected behind the firewall, however, the Laserfiche Web Access Server will need to be configured to connect to the Laserfiche Server. On the plus side, such a configuration would keep the Laserfiche Server relatively secure within the firewall. However, because a tunnel must exist to allow the Web Access server to communicate with the Laserfiche server, if the Web Access server were to be compromised, it could be used as a launching point of an attack through the firewall to the Laserfiche Server. How does it work? 1. An Internet user (via web browser) requests information from the Laserfiche repository through a web site incorporating Laserfiche Web Access. 2. The request is received by the Web Access server, which opens a connection with Laserfiche Web Access. 3. Laserfiche Web Access opens a connection with the Laserfiche Server via the firewall. 4. The firewall is configured to allow Internet access from the private network. All direct access initiated from the Internet to the private network is restricted. When Laserfiche Web Access makes a connection to the firewall, the firewall passes the request on to the Laserfiche Server located on the private network. Special care should be taken to only allow access to the ports that Laserfiche needs for connection and to only allow connections coming from the web server hosting the Laserfiche web product. 5. The Laserfiche Server receives the connection command and provides the requested information back to the user through Laserfiche Web Access. 11
By default, Laserfiche Server 9 listens on TCP port 80 or 5050. The Laserfiche Server broadcasts notifications on port 5051. If there is a firewall between your Laserfiche Server instance and your Web Access server, make sure ports 80 or 5050, and port 5051 are open on the firewall. You can use the Server Settings node of the Laserfiche 9 Administration Console to modify the default port settings. Note: The Laserfiche Server 9 installation automatically creates a Windows Firewall exception for the Laserfiche Server. Everything Inside the Firewall This type of configuration allows access to the Laserfiche Server and the Laserfiche Web Access server only through the firewall. In this case, the firewall acts as a proxy or a filtering gateway depending upon your network configuration. This requires careful configuration and entails an extra level of complexity for the firewall. With this configuration, the firewall would need to be reconfigured to allow arbitrary connections from the Internet to the web server. However, if access to Laserfiche documents from the Internet is not desired or if Web Access is only being used for an intranet and not for Internet access, then not allowing connections through the firewall would be acceptable. Be aware that you will be lowering the integrity of your firewall if you do configure the firewall to allow arbitrary connections from the Internet to the web server. How does it work? 1. An Internet user (via web browser) requests information from the Laserfiche repository through a web site incorporating Laserfiche Web Access. 2. The firewall is configured to allow Internet access from the private network. In addition, the firewall is configured to act as an HTTP proxy or router (depending on whether the firewall is proxy-based or filterbased). In other words, users would point their web browsers to the firewall itself and the firewall would forward the request to the web server located on the private network. 3. The request is received by the web server, which opens a connection with the Laserfiche Server. 4. The Laserfiche Server receives the connection command and provides the requested information back to the user through Laserfiche Web Access. Multiple Firewalls This configuration allows access to the Laserfiche Server and the Laserfiche Web Access server only through the firewall. In this case, the firewall acts as a proxy or a filtering gateway depending upon your network configuration. It 12
requires careful configuration and entails an extra level of complexity for the primary firewall. This setup is similar to the single within-firewall example, with the addition of a second firewall. In the case of a network compromise, a properly configured dual-firewall setup will provide a method of localizing the security breach. It offers additional security over an all-or-nothing model. How does it work? 1. An Internet user (via web browser) requests information from the Laserfiche repository through a web site incorporating Laserfiche Web Access. 2. The firewall is configured to allow Internet access from the private network. In addition, the firewall is configured to act as an HTTP proxy or router (depending on whether the firewall is proxy-based or filterbased). In other words, users would point their web browsers to the firewall itself and the firewall would forward the request to the web server located on the private network. 3. The request is received by the web server, which opens a connection with the Laserfiche Server. 4. The Laserfiche Server receives the connection command and provides the requested information back to the user through Laserfiche Web Access. 5. A second firewall is configured to allow Internet and Laserfiche access from the private network. All access initiated from the Internet or from the Laserfiche server to the private network is restricted. Firewall Setup By default, Laserfiche Server 9 listens on TCP port 80 or 5050. Laserfiche defaults to port 80. The Laserfiche Server broadcasts notifications on port 5051. If there is a firewall between your Laserfiche Server 9 instance and your Web Access server, please make sure that ports 80 or 5050, and port 5051 are open on the firewall. You can use the Server Settings node of the Laserfiche 9 Administration Console to modify the default port settings. Note: The Laserfiche Server 9 installation automatically creates a Windows Firewall exception for the Laserfiche Server. Configuring Web Access Configuration Page The Configuration Page enables you to configure repositories Web Access users can connect to. It also allows you to configure profiles, how users should authenticate to Web Access, an SMTP Server for outgoing e-mail 13
messages, watermark settings, if users can access the Configuration Page remotely, and Web Access logging levels. You must add at least one repository before you will be able to use Web Access. After you have installed Web Access, you can find the Configuration Page either through the Start menu or by typing the URL in your browser. Note: The Configuration Page can be automatically launched from the last step of the installation process by selecting Launch Laserfiche Web Access configuration page. A shortcut is located in the Start menu under All Programs, Laserfiche, Web Access, Web Access Configuration. The URL for the Configuration Page is http://machinename/laserfiche/configuration/configuration.aspx, where machinename is the name of the server where Web Access is installed. Language Picker Select the default language you want Web Access displayed in. Note: This option is only available when you have the Laserfiche language packs installed. Troubleshooting Tips: Server operating systems, such as Windows Server 2008, have an Enhanced Internet Security setting that requires all URLs (even ones on your network) to default to the Internet zone. The Internet zone is usually set to a high security level, causing standard features that usually work on normal workstations, like JavaScript, to be disabled. When Enhanced Internet Security is enabled, the Configuration Page may not be functional. Add the trusted Web Access URL to the Intranet zone (which has lower security) and refresh the page to get the Configuration Page to function correctly. If adding a repository does appear to do anything and you are on Windows 7 or later, User Access Control (UAC) may be affecting the page functionality. As a workaround, browse to the Config subfolder in the Web Files folder of your Web Access installation folder. Accept the UAC prompt which appears and try to add your repository again using the Web Access Configuration Page. If you receive a "Retrieving the COM class factory for component with CLSID {E479E155-4F63-4E98-8B23-FCCFF569CA81} failed due to the following error: 800736b1" error message when adding a repository, you may need to restart the machine after installing Web Access. Repositories The Repositories section of the Configuration Page allows you to configure Web Access to connect to a repository. 14
Repository Name: Enter the name of the repository you want to connect to. Server Name: Enter the name of the server where the repository is located. Connection Options: There are four ways in which you can connect to the repository. Note: A warning message will appear on the Configuration page if there is high latency between the Web Access Server and the Laserfiche Server o Prompt for Laserfiche Credentials: Users will be prompted for the Laserfiche username and password assigned to them by a Laserfiche administrator. Note: This option also allows users to enter their Windows credentials as long as they enter DOMAIN\username for their username. Web Access will be able to detect it's a Windows account by the backslash. Note: This option also allows users to enter their LDAP username (username@profilename) and password. o Prompt for Windows domain credentials: Users will be prompted to enter their Windows domain username and password. This option can be used as an alternative to Kerberos. Note: When configuring this option, the Select a login domain dialog will be displayed. This allows you to enter the domain users will log in to so they don't have to specify it each time they log in. If left blank, this is effectively the same as choosing Prompt for Laserfiche credentials. 15
o Auto-login using integrated Windows authentication: Users will automatically be logged in to the repository using the Windows username and password used to log in to the computer or network. Additional IIS configuration might be necessary. o Use SSL: Select this checkbox if you want the Web Access server to connect to the Laserfiche server using an SSL connection. This will force users to always log in to the repository using SSL. Note: To use SSL, the server name must be written as a fully qualified domain name (FQDN) such as mycomputer.laserfiche.com. This is a different process from configuring SSL between Web Access and the user's Internet browser. For more information, see the Configuring SSL DevNotes on the Laserfiche Support Site. Note: This is a different process from configuring SSL between Web Access and the user's Internet browser. Add Profile: This option enables administrators to configure multiple login methods per repository. o Profile Name: Type a name for the profile. Profiles Profiles allow administrators to configure multiple login methods per repository. Note: Profiles are not supported for Laserfiche Rio and Laserfiche Avante. To create a profile 1. Open the Web Access Configuration page (http://machinename/laserfiche/configuration/configuration.aspx, where machinename is the name of the server where Web Access is installed). 2. Select Add Profile next to the repository you want to add a profile to. 3. In the Add Profile dialog box, type a profile name. Under Connection Type, select Auto-login with specified Laserfiche account to associate the profile with a Laserfiche or LDAP account and enter the Laserfiche 16
or LDAP username and password. Select Auto-login using integrated Windows authentication to associate the profile with a Windows account. Click OK. 4. Open Web Access (http://machinename/laserfiche). 5. Select Use Profile, select the profile you want to use from the dropdown menu, and click Login. 6. To send a profile link to another user, navigate to the folder you want to create the link to. 7. In the URL, after the repository name, add &profile= followed by the profile name. 8. You can now copy the URL and send it. Authentication Restricting/Allowing Access Administrators can explicitly restrict or allow specific Laserfiche or Windows users access to a repository. By restricting an account, you will prevent anyone from using that login to gain access to the repository regardless of whether or not they enter the correct password. This also is useful if you only want Web Access configured to be viewable over the Internet for specific users. This setting is configured per repository. Repository: Select the repository you want to configure access to. 17
Laserfiche accounts are: Select Allowed if you want all users logging in with Laserfiche accounts to have access to the repository. Select Denied if you want to restrict all users with Laserfiche accounts. Windows accounts are: Select Allowed if you want all users logging in with Windows accounts to have access to the repository. Select Denied if you want to restrict all users with Windows accounts. The following users are: You can restrict or allow specific users' access to Web Access. Enter the user's Laserfiche username, LDAP username, or Windows account name (domain\username) and click Add User. You can add as many users as you want to this list. Once added, click Verify Account List to verify all accounts in the list at once. Enter any account credentials that can access the Laserfiche Server to ensure the accounts you added to the list exist and are configured properly (Laserfiche, Windows, or LDAP account). Once verified, select Allowed to give all the users in this list access or Denied to deny them access. This option overrides the previous two options. For example, if you deny all users with Laserfiche accounts access to Web Access, you can explicitly grant a specific Laserfiche account user access to the repository by adding them to this list and selecting Allowed. Windows Authentication You can configure if the Login Page should display the Use Windows Authentication checkbox allowing users to select if they want to log in using Windows authentication. Select Show the "Use Windows Authentication" checkbox on the Login screen to display it on the Login Page. Note that additional configuration may be required for Windows authentication to work. Cookie Authentication A cookie is a small text file containing information such as user preferences or credentials that is stored by a web browser on a user's machine. The web server tells the browser to store this cookie information on your machine to identify who you are when you visit the site again. Most sites requiring you to provide credentials will set a cookie once your credentials have been verified, allowing you to freely navigate to all parts of a site as long as that cookie is present and validated. Administrators can configure Web Access so users can authenticate using authentication tokens generated by the new Laserfiche Authentication Service and stored in the user s browser cookies. As long as the browser retains the cookie, the user will be automatically logged in when opening a Web Access session from a new browser window. The Login page allows users to choose 18
between private and public authentication modes to control how long the cookie is active or valid. Choosing the This is a private computer option enables the cookie to stay valid longer. Choosing the This is a public or shared computer option causes the cookie to expire in a shorter period of time. When the cookie expires, the next user will not be able to access your information. You can control the expiration periods through a configuration file. To enable cookie authentication 1. Select Allow Web Access to authenticate users using authentication tokens stored in the user's cookies. Note: If cookie authentication is not working, ensure the Laserfiche Authentication Service is started. Laserfiche Authentication Service The Laserfiche Authentication Service, which is installed during the Web Access installation, is a Windows Communication Foundation (WCF) Service that generates tokens for Laserfiche connections (similar to the cookie authentication used when accessing Microsoft Outlook via the Web). This service contains two specific authentication profiles, public and private. Public: This profile is for users connecting to Web Access through a public or shared computer who do not want to risk having their Laserfiche sessions used by other people. The Laserfiche Authentication service generates the login token under a public profile and the session is terminated after 15 minutes of inactivity. Private: This profile is for users connecting to Web Access through a private secured computer. These users prefer to only log in once per day and are confident their Laserfiche session token is safe on their own machine. The Laserfiche Authentication service generates the login token under the private profile and the session will be terminated after eight hours. Since the user is the only one using this computer, this allows them to stay logged in for a longer period of inactivity before ending the session. Configuring Session Timeouts The Laserfiche Authentication Service's default session timeouts for public and private profiles can be modified. For example, if you want the public profile to maintain a connection for 25 minutes instead of 15, you can configure this in the service's settings. 19
To modify a session timeout period 1. Navigate to <Installation Directory>\Laserfiche\Laserfiche Authentication Service 9.2 2. Open LfAuthenticationServiceHost.exe.config in a text editor. 3. Look for <add key="publictimeout" value="900000"/> <add key="privatetimeout" value="28800000"/> 4. The length of the session is represented in milliseconds. Below is a table with sample minute to millisecond conversions. Minutes/Hours 1 minute = 6000 milliseconds Milliseconds 5 minutes 300000 10 minutes 600000 30 minutes 1800000 1 hour 3600000 4 hours 14400000 10 hours 36000000 5. To modify the public timeout period, change the "PublicTimeout" value. To modify the private timeout period, change the "PrivateTimeout" value. For example, to change the public timeout period to maintain a connection for 30 minutes, the new public timeout tag would look like this: <add key="publictimeout" value="1800000"/>. E-mail Specifying an SMTP Server for outgoing e-mail messages The E-mail section of the Configuration Page allows you to specify an SMTP mail server to interact with e-mail export features in Web Access. If you do not specify an SMTP Server, Web Access will not be able to directly send e- mail messages. However, users can still choose to save the.msg file to their local computers to manually send out the e-mail using their personal e-mail client software. Note: Sending e-mail directly through Web Access requires the MAPI license feature for your Laserfiche Server. 20
SMTP Server: Enter the name of your mail server. o Save: Save your mail server settings. o Save and Verify: Save your mail server settings and verify they are configured correctly by providing an e-mail address in the Mail Server Verification dialog box for Web Access to send an e- mail to. Reply Address: Enter the reply e-mail address you want displayed in the e-mail header's From field. The Reply Address is required to verify the e-mail settings. By default, the reply address is WebAccess@laserfiche.com. Reply Display Name: Specify the display name that you want displayed for the e-mail. By default, the display name is Laserfiche Web Access 9.2 SMTP server requires username and password (Optional): If your mail server requires a username and password, select this option and enter them. Tip: Once configured, these settings will be saved to the WebAccessConfig.xml file under <Installation Directory>\Laserfiche\Web Access\Web Files\Config\. They will be listed in the MailSettings section next to User and Password. Note: These settings only apply to repositories on servers that have the MAPI feature. Specifying a Microsoft Exchange Server's Exchange Web Service URL for incoming e-mail messages The E-mail Import (Outlook Address Resolution) section of the Configuration page allows you to configure Web Access to connect to a Microsoft Exchange Server's Exchange Web Services in order to facilitate extracting the e-mail address from the recipient field when importing e-mail messages. 21
Exchange Web Service URL: Specify the URL to your Exchange Server's Exchange Web Services. Autodiscover: Web Access can attempt to automatically detect the location of the Web service. You will be prompted to specify an e-mail address to start the auto-detection process. Exchange Server requires user name and password: If your Exchange Server requires a user name and password, select this option and specify the appropriate values. Note: This feature is available in Microsoft Exchange Server 2007 SP1 and later. Export Settings The Export Settings section of the Configuration Page allows you to modify the page limit when generating a PDF from a Laserfiche imaged document. By default, Web Access is configured to limit generated PDFs to 75 pages. This means that when users attempt to export a Laserfiche imaged document as a PDF file and the document contains more than 75 pages, only the first 75 pages of the document will be included in the downloaded PDF file. Maximum pages for exporting PDF: Specify the page limit for generated PDF files. Note: This setting only affects PDFs created during the export process for Laserfiche imaged documents. This setting has no bearing on the length of PDF files stored as electronic documents in Laserfiche. Watermarks The Watermarks section on the Configuration Page allows you to decide if you want watermarks to be displayed on your imaged documents when viewing them in the Document Viewer. Show watermarks in the Laserfiche Web Access Document Viewer Cleared: The Group Watermark header and footer setting configured in the Laserfiche Administration console will not be displayed when viewing the document in the Document Viewer. The group watermark configured in the Laserfiche Administration console will still be exported on the document. If no watermarks are configured in the 22
Laserfiche Administration Console, the document will be exported without a watermark. Selected without Watermark text: The Group Watermark header and footer settings configured in the Laserfiche Administration console will be displayed when viewing the document in the Document Viewer. When exported, the document will display the group watermark. If no watermarks are configured in the Laserfiche Administration Console, nothing will be displayed when viewing the document in the Document Viewer and the document will be exported without a watermark. Selected with Watermark text: The Group Watermark header and footer settings configured in the Laserfiche Administration console and the text typed in the Watermark text field will be displayed when viewing the document in the Document Viewer. When exported, the group watermark will be displayed on the document. The text defined in the Watermark text field is never exported on a document; it is for display purposes only. If no watermarks are configured in the Laserfiche Administration console, the Web Access Watermark text will not be displayed when viewing the document in the Document Viewer and the document will be exported without a watermark. You can enter up to 63 characters in the Watermark Text text box. Note: Group Watermarks configured in the Laserfiche Administration console will never be displayed on the document when viewing it in the Document Viewer. Note: If multiple group watermarks have been configured in the Laserfiche Administration console, the user will be prompted to choose one when exporting a document. Configuration Page Access Administrators can give specific users access to the Configuration Page remotely, as long as the user is part of the local administrators group or a specified Windows group on the Web Access server machine. After adding specific users to one of these types of groups, you can then allow that group remote access to the page. 23
To allow remote access: Select the Allow remote access to specific Windows group checkbox, then select if the users who should have remote access are part of the Local administrators group or part of a Specified Windows group. If selecting Specified Windows group, enter the group name as DOMAIN\groupname. Note: Ensure the Windows Authentication feature is enabled in IIS to allow remote access to the Configuration Page. Tip: In IIS 7 or IIS 8, you will need to have Windows Authentication first installed under IIS, Security before you can enable it. Troubleshooting If you receive a The configuration page can only be accessed locally error, this means remote access has not been set up. If you receive an Access is denied error, this means the user trying to access the page remotely has not been added to the appropriate group. Logging The Logging section of the Configuration Page allows you to select a log level for Web Access, as well as to turn tracing on and off in order to locate a specific problem. "Debug" will provide the most detailed logs; these may take up more space, so you may want to use this level only when you are troubleshooting a specific problem. Trace Log Level: Allows you to log errors to a text file, located at c:\trace.txt. The location of the trace file is determined by the Web.config file located in the Web Files folder of the Web Access program directory. Note: The first time you enable logging, you will need to modify web.config. To do so, complete the following steps: 24
1. Navigate to the Web Access installation directory and open Web Files. 2. Open web.config in a text or XML editing program. 3. Search or navigate to the section beginning with the following characters: <-- Enable the following block to log trace messages to a file --> 4. Remove the <!-- and --> brackets from the line beginning <add name="testtractor". 5. Optional: To modify the location of the trace file, locate the initializedata="c:\trace.txt" attribute and change the path and file. Note that you must specify a file name; you cannot specify only a path. 6. Save web.config. Event Log Level: Determines which errors will appear in the Windows Event Log, which you can view using the Windows Event Viewer. Enable LFSO Tracing: Logs LFSO communication information between Web Access and the Laserfiche Server. Note: The Web Access application pool identity requires full control over the trace file path. Trace file path: Specify where you want to store the LFSO trace log file. The file name automatically contains the application name (Web Access), process id (the IIS worker process), and timestamp. Enable WinHTTP Tracing: Enables Windows HTTP Services (WinHTTP) tracing on the Web Server. Note: Enabling WinHTTP tracing requires local administrative rights on the web server. This means that the Web Access application pool identity must be running as a user that has local administrative rights. By default, Web Access runs in the WebAccessAppPool application pool. On UAC-enabled operating systems (Windows Sever 2008 and later), you must turn off UAC in order for Web Access to properly generate the WinHTTP trace log. Note: Enabling WinHTTP tracing is a computer-wide setting that will log all traffic through Windows HTTP Services and may log information not related to Laserfiche communication. Note: Both the Laserfiche Client and Web Access contain options for enabling WinHTTP tracing. Because the WinHTTP tracing option is a computer-wide setting, if both are installed on the same 25
computer, modifying WinHTTP tracing options in one of the client application affects the other application as well. Trace folder path: Specify where you want to store the WinHTTP trace log file. Metadata Preview Pane The Metadata Preview Pane section of the Configuration Page allows you to control the default behavior of the Metadata Preview Pane in the Folder Browser when viewing template and field values. By default, when a user selects multiple entries, Web Access detects and compares what fields are assigned to the selected documents. When there are a large number of fields, the Preview Pane may take a long time to fully load. In certain situations, a user may not need to see the existing field values and just wants to update a group of documents to all have the same value for a field. When a user multi-selects more than the specified number of entries in the Folder Browser, the metadata Preview Pane will present the option to either Show fields or Update fields. The Show fields option enables the standard behavior of displaying field values. The Update fields option displays a writeonly version of the preview pane and allows users to update field values without waiting for Web Access to load and display existing field values. Note: Users can still update field values when they choose to show field values Allow users to directly update field values: Allow users to choose the display option for the Folder Browser Preview Pane. Minimum number of selected entries: Specify the minimum number of entries a user must multi-select in the Folder Browser before given the option to choose whether to load field information or to directly update field values. IFilter An IFilter is a Windows tool that Laserfiche can take advantage of when retrieving the text and the properties associated with an electronic file. By default, Windows provides several IFilters that allow you to retrieve text from HTML documents, XML documents, Multipurpose Internet Mail Extension (MIME) files, and Microsoft Office files. In addition to the filters provided by Windows, IFilters for other types of files exist. To take advantage of one of these IFilters, download and install it on the web server hosting Web Access. After an IFilter has been installed there, it will be immediately available for use by Web Access. Text pages can be created for that type of file by following the instructions provided in the Extracting Text from Electronic Documents topic. 26
Tip: IFilters are typically created by the manufacturer of the software that created the file. The primary purpose of an IFilter is to retrieve all text associated with an electronic file. As a result, it will not store text according to the original pagination in the electronic file. Instead, all text retrieved from the electronic file will be treated as a single page. A new text page will be created after a certain number of characters have been retrieved from the electronic file. Note: Extracting text from an electronic file will overwrite any Laserfiche pages associated with the electronic document. Configuring Default Upload and Download Limits By default, Web Access allows users to: Upload files that are no larger than 2,097,151KBs (2GB; unless you are on IIS 7, in which case the default is 30 MB) and take no longer than 3,600 seconds (1 hour) to upload. Export files that are no larger than 204,800KBs (200MB) and take no longer than 7,200 seconds (2 hours) to download. E-mail files that are no larger than 204,800KBs (200MB) and take no longer than 110 seconds (less than 2 minutes) to download. Instructions on modifying these settings will NOT be covered in this article, as increasing the default e-mail limits is not recommended. To modify the settings above, open the Web.config file, which is in the Web Access installation directory. By default, the file is located in "C:\Program Files\Laserfiche\Web Access\Web Files" or "C:\Program Files (x86)\laserfiche\web Access\Web Files." Note: In order for a change to take effect, restart Internet Information Services (IIS) or restart the application pool hosting Web Access. Note: In the code blocks listed below, some of the initial values may vary if the Web.config file has previously been edited. To modify upload limits: 1. In Web.config, locate the following code block: <location path="dialogs/uploadfilepage.aspx"> <system.web> <neatupload usehttpmodule="true" /> <!-- By Default This allows uploads of sizes up to 2GB --> <httpruntime maxrequestlength="2097151" executiontimeout="3600" /> </system.web> </location> 27
2. If necessary, change the value of the maxrequestlength setting to the maximum number of KBs a file can be before it cannot be uploaded via Web Access. We do not recommend setting this value greater than 2,097,151KBs (2GB). 3. In the previous step, if you changed the maxrequestlength setting to a value larger than 30,720KBs (30MBs), and if you are using IIS 7 or higher, add the following code block directly under the <system.webserver> section. Modify the maxallowedcontentlength setting to ensure it matches the maxrequestlength setting. We do not recommend setting this value greater than 2,097,151KBs (2GB). <security> <requestfiltering> <requestlimits maxallowedcontentlength="x" /> </requestfiltering> </security> 4. If necessary, change the value of the executiontimeout setting to the maximum number of seconds that can pass during the upload process before the file cannot be uploaded via Web Access. 5. Save your changes and close the text editor. To modify export limits: 1. In Web.config, locate the following code block: <location path="dialogs/export/getexportfile.aspx"> <system.web> <!-- By Default This allows downloads to go on for 2 hours --> <httpruntime executiontimeout="7200" /> </system.web> </location> 2. If necessary, change the value of the executiontimeout setting to the maximum number of seconds that can pass during the export process before the file cannot be exported via Web Access. 3. If you need to change the maximum number of KBs a file can be before it cannot be exported via Web Access, replace <httpruntime executiontimeout="7200" /> with <httpruntime maxrequestlength="x" executiontimeout="7200" />. Replace X with the file size limit you want (in KBs). We do not recommend setting this value greater than 2,097,151KBs (2GB). 4. Save your changes and close the text editor. 28
Disabling Token Substitution in Sticky Note, Text Box, and Callout Text Annotations By default, Laserfiche will automatically replace tokens in sticky note, text box, and callout text annotations. You can disable this feature for specific users by manually adding the following trustee attribute to the appropriate user or group: [SETTINGS]SubstituteTextAnnotationTokens Set the value of the attribute to No to prevent Laserfiche from automatically replacing tokens in sticky notes, text boxes, and callout text boxes. To re-enable the option, set the attribute value to Yes or remove the attribute completely. Note: The value is case sensitive. Trustee attributes are accessible through the Laserfiche Administration Console. Please see the Laserfiche Administration Guide for more information on trustee attributes. Laserfiche Web Accelerator The Laserfiche Web Accelerator section of the Web Access Configuration page lets you enable and configure Web Accelerator for specific repositories. Web Accelerator carries high-load processes, such as image processing, for Web Access, allowing the performance impacts of resources intensive processes on Web Access to be lessened. Before enabling Web Accelerator, you will first need to install it. For information about installing and configuring Laserfiche Web Accelerator, see Laserfiche Web Accelerator 9.1 Installation Guide. To enable Web Accelerator: 1. On the Web Access Configuration page, under Laserfiche Web Accelerator, select Enabled. 2. Next to Server, type http://webacceleratorservername/image, where WebAcceleratorServerName equals the machine name of the Web Accelerator host. 3. Next to Verification code, paste the Web Accelerator verification code that was generated on the Web Accelerator Configuration page. 4. If you have more than one repository registered on the Web Access Configuration page, checkboxes will appear for each repository. Select the repositories you want Web Accelerator to serve. 5. Click Test to ensure the successful connection(s). Then click Save. 29
Laserfiche Distributed Computing Cluster The Laserfiche Distributed Computing Cluster section of the Web Access Configuration page allows you to connect your Web Access Server to a Distributed Computing Cluster installation. When enabled, the Web Access Server will send certain tasks, like OCR processing, to the cluster. Distributed Computing Cluster will perform the tasks and return the finished work to the Web Access Server. Learn more about Distributed Computing Cluster. To enable Distributed Computing Cluster: 1. On the Configuration Page under Laserfiche Distributed Computing Cluster, select the Enabled checkbox. 2. Next to Scheduler, enter name of the machine where the Distributed Computing Cluster scheduler is installed. 3. Next to Port, enter the port that the Web Access Server will use to communicate with the Distributed Computing Cluster scheduler. Laserfiche Web Administration Console The Laserfiche Web Administration Console section of the Web Access Configuration page lets you specify a Web Administration Console that will be accessible from Web Access by administrative users. If you enable Distributed Computing Cluster, then Web Administration Console can be used for OCR monitoring purposes. To enable linking to the Web Administration Console: 1. On the Web Access Configuration page under Laserfiche Web Administration Console, select the Enabled checkbox. 2. For the URL, open the Laserfiche Web Administration Console, copy the URL from the browser's address bar and paste it next to URL in the Web Access Configuration page. 3. Click Save. Administering Web Access Most Web Access administration activities are related to controlling which Laserfiche repository users can access and what types of access are permitted. See the Laserfiche Administration Guide for information about creating repositories, setting up users, controlling repository security, and similar topics. Prompting for Login Information Web Access will always request login information if auto-login is not configured. Login information may be a Laserfiche username and password or Windows domain credentials. 30
To turn off auto-login 1. Open the Web Access configuration page at http://machinename/laserfiche/configuration/configuration.aspx, where machinename is the name of the server where Web Access is installed. 2. In the list of repositories, find the one for which you want to require login information. 3. Select Prompt for Laserfiche credentials or Prompt for Windows domain credentials. 4. Depending on which one you choose, users will be able to log in using their Laserfiche and/or Windows credentials to access Web Access. Note: If you select Prompt for Laserfiche credentials or Prompt for Windows domain credentials (without configuring a domain name), users will be able to enter either their Laserfiche or Windows credentials to authenticate. Automatic Login You can configure Web Access to automatically log users into a repository. To do this, you will need to specify a Laserfiche or Windows domain account that Web Access will always use to log in to the repository. You can also let the browser auto-detect the Windows user account currently being used and log the user in with that account. Anyone accessing the repository through Web Access will be automatically logged in using that user account, and will have all the security rights and privileges assigned to that user. To configure automatic login 1. On the computer hosting Web Access, open the Web Access configuration page at http://machinename/laserfiche/configuration/configuration.aspx, where machinename is the name of the server where Web Access is installed. 2. In the list of repositories, click Edit next to the one you want to configure. 3. Select Auto-login using integrated Windows authentication from the drop-down list and click Save. 4. Ensure IIS is configured for integrated Windows authentication. Using Windows Authentication When Windows Authentication is configured as the login method for a repository, users with valid Windows credentials will either be prompted to enter their Windows credentials or automatically be logged in using these 31
credentials when they visit the Web Access page. You can configure login methods on the Web Access Configuration Page. Configuring Web Access for Windows authentication 1. Configure your Laserfiche repository to accept Windows users for authentication. In order for a Windows user to be able to log in using Windows Authentication, that user must be allowed access to the repository. The Windows account can be granted access in a few different ways: The Windows account can be added directly. The Windows user can be associated with a Laserfiche user. The Windows group has been added to the Trusted Accounts list. Laserfiche administrators can do this through the Laserfiche Administration Console. The administrator must also configure Web Access to accept Windows credentials and pass them to the Laserfiche server. 2. Ensure IIS is configured so users can automatically be logged in using Window authentication. By default, IIS is configured to allow users to log in using their Windows credentials without any additional configuration. However, if you are updating to a newer version of Web Access or have previously modified your IIS settings, follow the steps below to configure IIS for Windows authentication. Note: Ensure the Windows Authentication feature is installed under Security on IIS 7 or IIS 8 to allow Windows users to automatically log in. Tip: In IIS 7, IIS 8, or IIS 8.5, you will need to have Windows Authentication first installed under IIS, Security before you can enable it. 1. Open Internet Information Services (IIS) Manager. You can find it under Administrative Tools in the Start Menu in Windows 7 or machines with server operating systems like Windows Server 2003 or Windows Server 2008. 2. Select the Web Access virtual directory. By default, this will be named Laserfiche and located under Default Web Site in the Web Sites folder. 3. If you are using IIS 7, IIS 7.5, IIS 8, or IIS 8.5: 32
Double-click on Authentication in the center pane. In the Authentication Configuration Pane, enable Windows Authentication. If you do not see a Windows Authentication option, check to see whether the Windows Authentication feature is installed on your copy of IIS. Note: The Web Access application runs as the application pool user. This user requires read and write access to the tempdirectory and cachedirectory and read access to the Config subfolder inside the Web Files folder of the Web Access installation folder. Access to these specific files is configured for you during the Web Access installation. 3. If the Laserfiche Server and Web Access are installed on different machines, and you want to log in using Windows Authentication, you have three options: Option 1: You can configure Kerberos to enable users to log in using Integrated Windows authentication. Users will never be prompted to provide credentials, as the browser will automatically authenticate and log them in. This method requires knowledge and setup of Kerberos. Option 2: You can configure Basic Authentication to enable users to log in by providing Windows credentials to the browser. If the user's first login attempt is successful, all future login attempts will not prompt for credentials until the session times out. This method requires knowledge and setup of Basic Authentication. Option 3: You can configure Web Access to enable users to log in by providing Windows credentials to the Web Access Login Page. Users must manually provide credentials each time they want to log in. Since this method requires no knowledge or setup of Kerberos or Basic Authentication, it is the method we recommend. Tip: When using Option 2 or 3, credentials are passed in plaintext. As a result, these methods should never be used without also using SSL. Configuring Kerberos Kerberos support enables Windows authentication to fully function when Web Access and the Laserfiche Server are installed on different computers. Kerberos allows authentication information to be delegated from the computer hosting Web Access to the computer hosting Laserfiche Server. For more information on enabling Kerberos for Windows authentication, see the 33
Enabling Kerberos Support for Windows Authentication Knowledge Base article and/or the Setting Up Kerberos for Web Access 8 on IIS 7 white paper. Configuring SSL and Basic Authentication Basic authentication can be used as an alternative to Kerberos to allow information to be delegated from the computer hosting Web Access to the computer hosting the Laserfiche Server. This authentication method allows the application to run as the browser user, provided the browser user provides correct Windows authentication. These Windows credentials are transmitted in plain text, which means the web server does not need to use Kerberos to authenticate into a separate machine. Because the credentials are sent from IIS to Web Access in plain text, this method should never be used without also using SSL to protect the password. Configuring Basic Authentication To configure Basic Authentication on the machine hosting the Web Access server (IIS): IIS 6 (Windows Server 2003) 1. Click Start and select Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS). 3. In the left pane, double-click your computer name, then Web Sites, then Default Web Site. 4. Right-click Laserfiche and select Properties. 5. Select the Directory Security tab. 6. Under Authentication and access control, click Edit 7. Clear the Anonymous access and Integrated Window authentication checkboxes. 8. Select Basic authentication (password is sent in clear text) and click Yes in the IIS Manager pop-up dialog box. 9. Click OK and close any other windows that are open. IIS 7 (Windows Server 2008 or Windows 7) 1. Click Start and select Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS) Manager. 3. In the Connections pane on the left, under Default Web Site, select Laserfiche 34
4. In the middle pane, under IIS, double-click Authentication 5. Right-click Anonymous Authentication and select Disable 6. Right-click Basic Authentication and select Enable. Basic Authentication should not be used without also using SSL to protect the password. IIS 8 or IIS 8.5 (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2) 1. Open the Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS) Manager. 3. In the Connections pane on the left, under Default Web Site, select Laserfiche 4. In the middle pane, under IIS, double-click Authentication 5. Right-click Anonymous Authentication and select Disable. 6. Right-click Basic Authentication and select Enable. Basic Authentication should not be used without also using SSL to protect the password. Configuring SSL (HTTPS) To set up an SSL (HTTPS) connection between the machine hosting the Web Access server and the Internet browser IIS 6 (Windows Server 2003) 1. Click Start and select Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS). 3. In the left pane, double-click your computer name, then Web Sites. 4. Right-click Default Web Site and select Properties. 5. Select the Directory Security tab. 6. Under Secure communications, click Server Certificate. 7. In the Welcome to the Web Server Certificate Wizard, click Next. 8. Select Create a new certificate and click Next. 9. Select Send the request immediately to an online certification authority and click Next. 10. Type a name for your new certificate and click Next. 35
11. Type your Organization and Organizational unit. For example, your organization might be Laserfiche and your unit might be Human Resources. Click Next. 12. Type the common name for your site and click Next. 13. Type your Country/Region, State/province, City/locality and click Next. 14. Select a certificate authority from the drop-down menu and click Next. 15. Click Next, then Finish. 16. Click OK to close the Default Web Site Properties dialog box. 17. In the left pane, double-click your computer name, then Web Sites, then Default Web Site. 18. Right-click Laserfiche and select Properties. 19. Select the Directory Security tab. 20. Under Authentication and access control, click Edit. 21. Under Secure communications click Edit. 22. Select Require secure channel (SSL) and Require 128-bit encryption. 23. Click OK to close the Secure Communications dialog box. 24. Click OK to close the Laserfiche Properties dialog box. 25. Restart IIS. IIS 7 (Windows Server 2008 and Windows 7) 1. Click Start and select Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS) Manager. 3. In the Connections pane on the left, select the computer name. 4. Under the IIS section, double-click Server Certificates. 5. In the Actions pane on the right, click Create Domain Certificate. 6. In the Distinguished Name Properties step, specify the required information for the certificate and click Next. 7. In the Online Certification Authority step, click Select, choose your certificate authority, and click OK. 8. Give your certificate authority a friendly name and click Finish. 9. In the Connections pane on the left, double-click the computer name, then double-click Sites. 10. In the Sites pane in the middle, select Default Web Site. 36
11. In the Actions pane on the right, select Bindings. 12. In the Site Bindings dialog box, click Add. 13. Under Type, select https. An SSL certificate drop-down menu will appear. 14. In the SSL certificate drop-down menu, select the friendly name you assigned to your certificate authority in step 8 and click OK. 15. Close the Site Bindings dialog box. 16. In the Connections pane, under Default Web Site, select Laserfiche. 17. In the middle pane, under IIS, double-click SSL Settings. 18. Select Require SSL and Require 128-bit SSL and click Apply in the Actions pane on the right. IIS 8 or IIS 8.5 (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2) 37 1. Open the Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS) Manager. 3. In the Connections pane on the left, select the computer name. 4. Under the IIS section, double-click Server Certificates. 5. In the Actions pane on the right, click Create Domain Certificate. 6. In the Distinguished Name Properties step, specify the required information for the certificate and click Next. 7. In the Online Certification Authority step, click Select, choose your certificate authority, and click OK. 8. Give your certificate authority a friendly name and click Finish. 9. In the Connections pane on the left, double-click the computer name, then double-click Sites. 10. In the Sites pane in the middle, select Default Web Site. 11. In the Actions pane on the right, select Bindings. 12. In the Site Bindings dialog box, click Add. 13. Under Type, select https. An SSL certificate drop-down menu will appear. 14. In the SSL certificate drop-down menu, select the friendly name you assigned to your certificate authority in step 8 and click OK. 15. Close the Site Bindings dialog box. 16. In the Connections pane, under Default Web Site, select Laserfiche.
17. In the middle pane, under IIS, double-click SSL Settings. 18. Select Require SSL and Require 128-bit SSL and click Apply in the Actions pane on the right. You should now be able to launch Web Access using https instead of http. If you are unable to access Web Access from a machine other than your Web Access server, disable the firewall on your Web Access Server machine. Additional steps, beyond configuring the virtual directory, are required when setting up Web Access and Web Access Light for SSL. The steps below allow URL's mistakenly typed with http to be replaced with https. IIS 6 (Windows Server 2003) 1. Click Start and select Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS) Manager. 3. In the left pane, double-click your computer name, Web Sites, then Default Web Site. 4. Right-click Laserfiche and select Properties. 5. Select the Custom Errors tab. 6. Double-click the 403;4 HTTP Error. 7. Under Message Type, select URL. 8. Next to URL type /RedirectSSL/RedirectSSL.aspx and click OK. 9. In the Laserfiche Properties dialog box, click Apply, then OK. 10. In the left pane, expand Default Web Site and double-click Laserfiche. 11. Right-click RedirectSSL and select Properties. 12. Select the Directory Security tab. 13. Under Anonymous access and authentication control, click Edit. 14. Select Enable anonymous access. Ensure everything else is cleared and click OK. 15. Under Secure communications, click Edit. 16. Ensure Require secure channel (SSL) and Require 128-bit encryption are cleared. If Require 128-bit encryption is ghosted, select Require secure channel (SSL) to make it active. Once active, clear Require 128- bit encryption, then Require secure channel (SSL), then click OK. 17. Close all other dialog boxes. Note: No additional configuration is necessary to redirect Web Access Light. 38
IIS 7 (Windows Server 2008 or Windows 7) 1. Click Start and select Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS) Manager. 3. In the Connections pane on the left, double-click your computer name, Sites, then Default Web Site. 4. Under Default Web Site, select Laserfiche. 5. In the middle pane under IIS, double-click Error Pages. 6. Right-click the 403.4 Status Code and select Edit. 7. Select Respond with a 302 Redirect and type https://servername/laserfiche 8. Click OK. IIS 8 or IIS 8.5 (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2) 1. Open the Control Panel. 2. Double-click Administrative Tools, then Internet Information Services (IIS) Manager. 3. In the Connections pane on the left, double-click your computer name, Sites, then Default Web Site. 4. Under Default Web Site, select Laserfiche. 5. In the middle pane under IIS, double-click Error Pages. 6. Right-click the 403.4 Status Code and select Edit. 7. Select Respond with a 302 Redirect and type https://servername/laserfiche 8. Click OK. To redirect http to https in Web Access Light, perform the additional steps below. 1. Under Default Web Site, select Laserfiche, then Light. 2. In the middle pane, double-click Error Pages. 3. Right-click the 403.4 Status Code and select Edit. 4. Select Respond with a 302 Redirect and type https://servername/laserfiche/light 5. Click OK. Note: Redirecting will not work on the server machine. However, it will work on any other machine, regardless of the operating system. 39
Configuring SSL between the Web Access and Laserfiche Servers Secure Socket Layer (SSL) is a cryptographic protocol used to encrypt and secure communications. You can configure SSL between the Web Access Server and Laserfiche Server to provide extra security for information sent between the two. Selecting this option on the Web Access Configuration Page, will enable the Web Access Server to connect to the Laserfiche Server using an SSL connection if SSL has been configured on the Laserfiche Server. To configure SSL on the Laserfiche Server, see the Configuring SSL DevNotes on the Laserfiche Support Site. Note: This is not the same as configuring SSL between the Web Access server and the Internet Browser. IIS Configuration Laserfiche Web Access works with Microsoft's Internet Information Services (IIS) to provide access to the documents in the Laserfiche repository. Web Access requires Internet Information Services 5.1 or above. This section of the documentation describes some of the additional configuration that may be necessary to run Web Access on IIS 6 or IIS 7. Serving Dynamic Content in IIS 6.0 A default installation of IIS 6.0 (Windows Server 2003) only serves static content. You must configure IIS to allow dynamic ASP.NET content in order to use Laserfiche Web Access. To enable ASP.NET content in IIS 6.0 1. To open IIS, click Start, select Control Panel, double-click Administrative Tools and double-click Internet Information Services 2. Expand the ServerName node and click Web Service Extensions. 3. Select ASP.NET v4.0.30319, which should be listed to the right as one of the available extensions, and click Allow (located to the left of the extensions list). Editing the IIS 6.0 Metabase The IIS metabase stores configuration information for your installation of IIS. The IIS 6.0 metabase is stored as two XML files. This allows a user to directly edit the metabase and alter its contents using commonly available text editors. While the IIS manager MMC snap-in presents a graphical user interface for editing the metabase, many settings can only be edited by directly modifying the metabase XML files. The metabase xml files are stored at C:\Windows\System32\inetsrv. 40
The metabase XML file can be edited using any text editor program. By default, directly editing the metabase XML file requires that IIS first be stopped. However, IIS includes a feature that allows you to directly edit the metabase XML while IIS is running. You can enable this feature through the Internet Information Servers (IIS) Manager MMC snap-in. To enable direct editing of the Metabase XML while IIS is running 1. Open the Internet Information Services (IIS) Manager. 2. Right-click the appropriate server name and click Properties. 3. Select the Enable Direct Metabase Edit option. 4. Click OK to save your change and close the dialog box Configuring IIS 7 IIS 7.x offers a wide variety of configuration options, so the exact features you install may depend on your organization's needs. In addition to the features required for basic web server functionality, make sure the following features are installed. The items in parentheses after each feature name describe where to find the specific feature. Features: IIS Management Service (under Web Management Tools) ASP.NET (under Application Development Features) Windows Authentication (under Security) o Windows Authentication is not required to install and run Web Access. However, it is required if you want to configure Windows accounts to log in to your repository using auto-login or if you want users to be able to access the Configuration Page remotely. To install these features in Windows 7 1. Open the Control Panel and select Programs and Features. 2. Select Turn Windows features on or off. 3. In the Windows Features dialog box, select the features you want to install. 4. Restart if prompted. To install these features in Windows Server 2008 (R2) 1. Click Start, point to Administrative Tools, then click Server Manager. 2. In the Server Manager hierarchy pane, expand Roles, and click Web Server (IIS). 41
3. In the Web Server (IIS) pane, scroll to the Role Services section, and click Add Role Services. 4. On the Select Role Services page of the Add Role Services wizard, select the features you want to install. Configuring IIS 8 and IIS 8.5 IIS 8.x offers a wide variety of configuration options, so the exact features you install may depend on your organization's needs. Configuring IIS 8 in Windows Server 2012 or Windows Server 2012 R2 1. In the Dashboard of the Server Manager, click Manage, then Add Roles and Features. This will launch the Add Roles and Features Wizard. 2. On the Server Selection step, select the server where you want to install these roles. This should be the server where Web Access is installed. 3. On the Server Roles step, select Web Server (IIS). Click Add Features when prompted. On the Role Services step, fill in the checkboxes next to the following Role Services. Click Add Features when prompted. Windows Authentication (under Security) ASP.NET 4.5 (under Application Development) IIS Management Scripts and Tools (under Management Tools) Management Service (under Management Tools) 4. Click Next to continue. In the Confirmation step, ensure you have selected all the required Role Services and click Install. Note: Windows Authentication is not required to install and run Web Access. However, it is required if you want to configure Windows accounts to log in to your repository using auto-login or if you want users to be able to access the Configuration page remotely. To install these features in Windows 8 1. Open the Control Panel and select Programs and Features. 2. Select Turn Windows features on or off. 3. In the Windows Features dialog box, fill in the checkboxes next to the following Features. IIS Management Service (under Web Management Tools) ASP.NET 4.5 (under Application Development Features under World Wide Web Services) 42
Windows Authentication (under Security) Note: Home Basic and Home Starter editions of Windows 7 do not include the necessary IIS web server features to install Web Access. Note: The Home Premium edition of Windows 7 does not include the Windows Authentication feature in IIS. Users will not be able to use Windows authentication to log in to Web Access or access the Web Access Configuration page from a remote computer. Note: Windows Authentication is not required to install and run Web Access. However, it is required if you want to configure Windows accounts to log in to your repository using auto-login or if you want users to be able to access the Configuration page remotely. Restart if prompted. Points of Integration Custom Context Menus Web Access gives you the ability to modify actions inside different context menus. A context menu is a menu displayed when you right-click an entry, document, toolbar, etc., in a specified region. Client-side custom actions can be added to any of the different context menus, which, when selected, will run a custom script. For example, you can create a custom action that will display the number of documents inside a folder when you right-click a folder and select the action. You can also add actions that are listed in the Web Access menu bar to context menus. For example, instead of selecting an entry and clicking Export from the menu bar, you can add Export to the entry context menu and select it from there. You can also remove Web Access actions that are not commonly used from various context menus. For more information, see the Client Side Custom Context Menus in Web Access 8.1 white paper on the Laserfiche Support Site at https://support.laserfiche.com. Note: Before modifying the XML files, you should create a backup of the files so you can restore the context menus to default. If you do not have a backup and want to revert to the default context menus, delete the CustomContextMenu. XML file and Web Access will automatically use the default context menu configuration. Once deleted, you will need to manually re-create the XML file if you want to modify the context menus. 43
Custom Login Administrators can create a customized HTML login page for their Web Access site. It can be customized to match the look and feel of their specific organization, it can hide specific items (e.g., the repository name), and display additional instructions or information about how to log in, etc. Administrators can also customize it to direct users to a specific entry or external URL. For example, if you want users to work out of a specific folder every day, customize the log in page to log them in and take them directly to that folder. Web Access provides a ProcessLogin.aspx page (included with the Web Access installation) that receives login credentials entered and posted by your customized login page. The form must use HTTP post (i.e., method="post") to collect data. It uses these credentials to log in and direct users to the appropriate page. This post receiver (ProcessLogin.aspx page) requires the form values to have the following names: Repository, Username, and Password. If these element names are not in the form, the ProcessLogin.aspx will not be able to process the form, and the user will be redirected to the standard Web Access login page. Optionally, it also accepts a form value named Destination, which enables you to enter a URL users will be directed to after successfully logging in. Here is an example of a form built using HTML that can be successfully processed by the ProcessLogin.aspx page: <HTML> <form action="http://machinename/laserfiche/processlogin.aspx" method="post"> <div>repository: <input name="repository" value="myrepository" /></div> <div>username: <input name="username" /></div> <div>password: <input type="password" name="password" /></div> <input type="hidden" name="destination" value="http://machinename/laserfiche/#id%3d140%3bpage%3d1%3bview%3dpage s" /> <input type="submit" value="login" /> </form> </HTML> http://machineame/laserfiche/processlogin.aspx: The form action needs to be directed to the ProcessLogin.aspx page. 44
machinename: Web server machine name. method="post": Ensure the value of the method property is post. Repository: The name of the repository being logged into (the repository must already be configured on the Web Access Configuration page). Username: The username given to the specific user. Password: The password given to the specific user. You can add default values to the element names. In the HTML example above, a default value of MyRepository has been added to the Repository element name. When a user accesses this customized login page, the repository name will be populated for them. You can optionally add a Destination control element to the form that contains an entry or external URL that users will be redirected to after successfully signing in. If this is not configured, the user will be redirected to the Index.aspx page. In the HTML example above, an entry URL directing users to an entry with ID 1 (the root repository) has been defined next to value. The two types of URLs are described below. Entry URL: The URL of a specific folder or document inside a repository. The easiest way to obtain an entry URL is by navigating to the document or folder in Web Access and copying its URL. See the URLs topic for examples of different entry URLs. Note: If you create a form that has multiple repositories to choose from, you will need to add specific code to the form to allow the repository name in the destination URL to dynamically change. Tip: Specific elements can be hidden from users and still passed to the ProcessLogin.aspx page. For example, users do not necessarily need to see the URL of the folder they are being directed to. In the form example above, the Destination element is hidden but still defined enabling the ProcessLogin.aspx page to redirect users to the correct folder. External URL: Enter the complete URL of the external web site (e.g., http://www.laserfiche.com). You must provide the protocol section of the URL (http, https, etc.) for the post receiver to recognize that the URL is not relative. Note: The customized login page is a single sign on solution. Logging out of Web Access will direct users to the standard Web Access login page, not the custom login page. 45
Displaying Web Access in an IFrame Inline frames (iframes) enable you to display the contents of another HTML page or web site in a window (frame) on your site. Visitors can view information inside the iframe without leaving or having to reload your web site. For example, you have a web site with three sections: News, About Us, and Documents.You can create links from your web site's home page that will open each of these sections in an embedded window (iframe) on your home page. Visitors would not have to leave your site or reload a page to see the different sections. To display Web Access in an iframe on your web site Insert this html into the body of the html page that will contain the iframe: <iframe src="http://machinename/laserfiche" width="x" height="y" id="idname"> <p>message displayed when the browser does not support iframes</p> </iframe> Machinename: The name of the server where Web Access is installed. x: The width of the iframe (% or px). y: The height of the iframe (% or px). idname: The unique id given to the iframe. The id attribute can be used by Javascript or CSS to make changes to or style the specific iframe. Message displayed when the browser does not support iframes: This is a custom message you create to inform users they are using a browser that does not support iframes. Note: There are other optional attributes you can add to your iframe besides width and height. For example: align, frameborder, marginheight, margin width, scrolling, etc. Launching Web Scanning with a Custom URL Web Access uses a custom protocol handler to launch Web Scanning. You can pass custom parameters through Web Access to customize how Scanning will load. For example, you can specify that Scanning should launch with a specific default template and field values. You can also specify parameters that can hide certain parts of the Scanning user interface. See the following basic form of a custom Laserfiche Scanning URI: lfwa80://scanning/<locationofscanningservice.asmx>?<custom parameters> Laserfiche Scanning accepts the following parameters: Parameter Description 46
r=repositoryname b=entryid c=entryid d=1 p=pagenumber ci=languagestring rtl=1 cl=entryid Specifies the Laserfiche repository name. The specified repository must be listed on the Web Access Configuration page. The parameter is required for all custom Scanning URIs. Loads Web Scanning in basic mode and scans into the specified entry. By default, Scanning launches in Standard mode if the URI does not include the b or c parameter. Loads Web Scanning in standard mode and scans into the specified entry. By default, Scanning launches in Standard mode if the URI does not include the b or c parameter Specifies that the entry ID set on the b or c parameter is a document and that Web Scanning will scan into the existing document. This parameter is required if the EntryID specified for the b or c parameter is a document. If scanning into an existing document, Scanning will insert new pages after the specified page number. Loads Web Scanning in a different language mode if the appropriate Laserfiche language pack is installed. Loads Web Scanning in Right-To-Left user interface mode. Specifies that Scanning will automatically fill in the template and field data with the same values as the specified entry. custom=customizationstring Specifies default values when loading Scanning and whether certain parts of the user interface is disabled. The following table details acceptable values for the CustomizationString. Keyword name:'documentname' path:'folderpath' Description Specifies the default document name. Specifies the default destination Laserfiche 47
folder path. volume:'volumename' volid:'volumeid' template:'templatename' [FieldName]'FieldValue' {TagName}'TagComment' Specifies the default destination Laserfiche volume using the volume name. Specifies the default destination Laserfiche volume using the volume ID. Specifies the default Laserfiche template to use for the scanned document. Specifies default field values. For a multivalue field, separate multiple values with a character. Assign a default tag to the scanned document. (AttributeName)'AttributeValue' Set a user attribute value for that specific instance of Laserfiche Scanning. (ProtectedItems)'IntegerValue' A user attribute that locks certain default document settings as read-only in the Scanning user interface. IntegerValue can be a sum of the following values: 1: User cannot change the default template. 2: User cannot change the default document name. 4: User cannot change the default volume. 8: User cannot change the default destination folder path. Sample custom Scanning URI's: The following sample launches Scanning in Basic mode and tells Scanning to Connect to a repository named "MyRepository" Scan into an existing document that has an entry ID of 434166 Insert new pages after page 3 lfwa80://scanning/http://mywebserver/laserfiche/app_services/scanningser vice.asmx?r=myrepository&b=434166&d=1&p=3 This next sample launches Scanning in Standard mode and tells Scanning to Connect to a repository named "MyRepository" 48
Scan new documents into an existing folder that has an entry ID of 22307 Set the default document name to "MyNewDoc" Set the default template to "General" Set the value of the Document field to "MyField Value" Prevent the user from being able to change the default template or path of new documents lfwa80://scanning/http://mywebserver/laserfiche/app_services/scanningser vice.asmx?r=myrepository&c=22307&custom=name:'mynewdoc'template:'ge neral'[document]'myfieldvalue'(protecteditems)'9' The following sample launches Scanning in Standard mode and tells Scanning to Connect to a repository named "MyRepository" Scan new documents into the "\Folder 1\SubFolder 2" folder Set the default document name to "MyNewDoc" Set the default volume to volume ID 124 Set the default template to "General" Set 3 default values for a multi-value field named "Author" Prevent the user from modifying the default document name, template, path, and volume. lfwa80://scanning/http://mywebserver/laserfiche/app_services/scanningser vice.asmx?r=myrepository&custom=name:'mynewdoc'path:'\\folder 1\\SubFolder 2'volid:'124'template:'General'[Author]'Value1 Value2 Value3'(ProtectedItem s)'15' Troubleshooting Question: I set up Web Access for Windows authentication, but now my users encounter an error screen when trying to log in. What s wrong? Answer: Ensure you have added and trusted the Windows user in the Laserfiche Administration Console. Answer: You may get this error if the Web Access server and Laserfiche Server are on different machines and you have not configured Kerberos or Basic Authentication. 49
Answer: In Internet Explorer, ensure Enable Integrated Windows authentication is set. Usually this is done by changing the zone of the web site from "Internet" to "Trusted" or" Local intranet." Answer: In Firefox, you may need to add the web site to about:config: o network.automatic-ntlm-auth.trusted-uris o network.negotiate-auth.delegation-uris o network.negotiate-auth.trusted-uris Question: I set up Web Access for Kerberos, but my users can t log in through Firefox, but can log in through Internet Explorer, What s wrong? Answer: In Firefox, you may need to add the web site to about:config: o network.automatic-ntlm-auth.trusted-uri o network.negotiate-auth.delegation-uris o network.negotiate-auth.trusted-uris Question: I am trying to extract text from an electronic document, but nothing is happening. What s wrong? Answer: Text extraction in Web Access takes place on the web server. Ensure that the appropriate IFilters are installed on your web server. Question: The Internet Explorer process is using huge amounts of memory when I use Web Access. Is there a fix? Answer: Please see Microsoft Knowledge Base article http://support.microsoft.com/kb/947864. Question: I am getting a generic error screen. Is there any way to get more specific error information? Answer: By default, custom errors is set to remote only, meaning that you will only see the detailed error messages when using Web Access from the server machine itself. If you can only reproduce the error on a remote machine, you can turn the custom error messages off by going into web.config in the Web Files folder, searching for customerrors and setting that value to Off. Question: I am getting the message Could not establish trust relation for SSL/TLS secure channel when launching Web Scanning. What s wrong? 50 Answer: This usually occurs when you're accessing Web Access through https with Firefox. It indicates that the SSL certificate looks invalid or untrustworthy to Firefox. To address this you can do one of the following things: o Use a valid certificate for your Web Access site. o Launch Web Scanning from Internet Explorer.
o Import the certificate into Firefox. For more information, see https://support.laserfiche.com/kb/kbarticle.aspx?articleid=1012263 Question: How do I change the location of the Web Access tempdirectory? Answer: You can provide one by editing Config\WebAccessConfig.xml in the Web Access install directory. Add the following node inside the WebAccessConfiguration node and replace %MyAbsolutePath% with the absolute path of the directory you want to use: <WebAccessConfiguration>... <TempDirectory Path="%MyAbsolutePath%" /> </WebAccessConfiguration> Question: My Web Access Start menu links don t work. What s wrong? Answer: The Web Access start menu links only work when the Default Web Site is using port 80. To get the links to work, add the configured port for the Default Web Site (which hosts Web Access) to the URL. For example, if the Default Web Site uses port 81, the URL to access Web Access should be changed to http://machinename:81/laserfiche Running the 32-bit Version of Web Access on a 64-Bit Edition of Windows Web Access includes both a 32-bit and 64-bit installation. If you are running the 32-bit version of Web Access on a 64-bit version of Microsoft Windows, Web Access must run in a 32-bit IIS worker process. By default, the Web Access installation automatically configures IIS to run in 32-bit mode. If you receive a "Service Unavailable" error message when loading Web Access, IIS may not be properly configured. IIS 6 Be aware that you cannot run 32-bit and 64-bit worker processes concurrently on the same IIS 6 server. This means that enabling IIS to run 32-bit applications will disable support for any 64-bit Web applications. 1. Click Start and click Run. 2. Type the following and click OK to configure IIS to create 32-bit worker processes: cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1 3. Click Start and click Run. 4. Type the following to install the necessary ASP.NET 4.0 script maps: 51
%SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\aspnet_re giis.exe i 5. Set ASP.NET 4.0.30319 to Allowed in the Web Service Extensions list in Internet Information Services (IIS) Manager. IIS 7, IIS 8, and IIS 8.5 IIS 7, IIS 8, and IIS 8.5 support running 32-bit and 64-bit worker processes simultaneously. You can configure different application pools to run in 32-bit or 64-bit mode. Set the Web Access application pool for 32-bit mode. 1. Load the Internet Information Services (IIS) Manager. 2. View the Application Pools. 3. Select WebAccessAppPool and click the Advanced Settings in the Actions pane. 4. In the General section, set the Enable 32-bit Applications option to True. Click OK to save your changes. 52
Laserfiche Web Access 9.2 Installation Guide September 2014 Author: Roger Wu, Connie Anderson Technical Editor: Zhiyu Chen, Mike Wu, Brianna Blanchard Editor: Eric Cressey Laserfiche 3545 Long Beach Blvd. Long Beach, CA 90807 U.S.A Phone: +1.562.988.1688 www.laserfiche.com Laserfiche is a trademark of Compulink Management Center, Inc. Various product and service names references herein may be trademarks of Compulink Management Center, Inc. All other products and service names mentioned may be trademarks of their respective owners. Laserfiche makes every effort to ensure the accuracy of these contents at the time of publication. They are for information purposes only and Laserfiche makes no warranties, express or implied, as to the information herein. Copyright 2014 Laserfiche All rights reserved 53