Front Office Server 3.0

Kofax Front Office Server 3.0 Administrator s Guide 10300863-000

2007-2010 Kofax, Inc., 15211Laguna Canyon Road, Irvine, California 92618, U.S.A. All rights reserved. Use is subject to license terms. Third-party software is copyrighted and licensed from Kofax s suppliers. For information on third-party software included in this product, see KFSTHIRDPARTYLICENSEREADME.txt. This product is protected by U.S. Patent No. 6,370,277. THIS SOFTWARE CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF KOFAX, INC. USE, DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF KOFAX, INC. Kofax, the Kofax logo, VirtualReScan, the VRS VirtualReScan logo, and VRS are trademarks or registered trademarks of Kofax, Inc. in the U.S. and other countries. All other trademarks are the trademarks or registered trademarks of their respective owners. U.S. Government Rights Commercial software. Government users are subject to the Kofax, Inc. standard license agreement and applicable provisions of the FAR and its supplements. You agree that you do not intend to and will not, directly or indirectly, export or transmit the Software or related documentation and technical data to any country to which such export or transmission is restricted by any applicable U.S. regulation or statute, without the prior written consent, if required, of the Bureau of Export Administration of the U.S. Department of Commerce, or such other governmental entity as may have jurisdiction over such export or transmission. You represent and warrant that you are not located in, under the control of, or a national or resident of any such country. DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Contents Preface...5 About the Configuration Folder Location in this Guide...5 Related Documentation...5 Kofax Front Office Server Installation Guide...6 Multifunction Peripheral (MFP) Administrator Guides...6 Help for Kofax Front Office Server Applications...6 Developer Resources...6 Release Notes...7 Training...7 Technical Assistance for your Kofax Product...7 Overview...7 Integration with Kofax Capture...7 User Authentication...7 Licensing...8 Shared Folder in Kofax Capture Server Files Location...8 Validation...8 Volume Licensing...9 Starting the Kofax Front Office Server Applications...9 Starting the Administration Console...9 Starting the Web Client...10 Identifying the URLs for Kofax Front Office Server Applications...11 Stopping and Restarting Kofax Front Office Server...12 Changing Host Names...12 Security Options...12 LDAP Signing Requirement...12 Enabling Security with SSL...12 About Single Sign On...13 Examples of Possible Configurations...15 Single Server Installation (Department or Enterprise)...15 Enterprise Cluster with Proxy Server...16 Enterprise Cluster with NLB...17 Managing Free Drive Space...18 Blocking Requests when Drive Space is Limited...19 Backing Up and Restoring...19 Departmental Configurations...19 Enterprise Configurations...20 Kofax, Inc. 3

Contents Setting Options for the Web Client...21 Defining the Page Size for the Web Client List of Documents...21 Setting Up to Scan Directly from the Web Client...21 Setting Up to Scan with a Certified Scanner...22 Setting Up to Use a Kofax Document Scan Server...29 Configuring Retries...30 Configuring Retries for Failed Scan Jobs...30 Configuring Database Retries...31 Configuring Retries to Storage Destinations...31 Changing the Default VRS Settings...32 Changing SQL Server Database Authentication...33 Information Updates to Kofax Capture...33 Batch Names...35 Custom Batch Names...35 Tracking Document Activity...36 Managing Document Tracking Data...36 Customizing a Connector, Data Validation, and Field Lookup...37 Customizing Data Validation and Field Lookup...37 Customizing with a Kofax Capture Validation Script...38 Customizing with a Validation Class for Kofax Front Office Server (Deprecated)...40 Setting Up Kofax Capture...41 Setting Up User Accounts...41 Setting Up Batch Classes, Document Classes, and Form Types...41 Adding Fax Number and Email Address Lookup Fields...42 Database Table Lookup...43 Active Directory or LDAP Lookup...44 Contacts List Lookup...44 Changing the Kofax Capture Server Files Location...45 Troubleshooting Failed Batches...46 Identifying and Correcting Release Errors...46 Using the Kofax Front Office Server Utilities...47 Switching Between Supported Databases...47 Managing Document Tracking Data...48 Reviewing the Log Files...48 Index...49 4 Kofax, Inc.

Preface This guide is intended to be used by the administrator who will configure and maintain the Kofax Front Office Server installation. This guide assumes that you have a thorough understanding of application servers, Internet technologies and Web servers, your network configuration, and Kofax Capture. About the Configuration Folder Location in this Guide There are several shared configuration files you can edit to change product behavior. During Kofax Front Office Server installation, the location of the Kofax Capture server installation is identified, and a subfolder structure \KFS\Config is created to hold the configuration files for Kofax Front Office Server. By default, the full path is: Windows Server 2003 For standalone installations: C:\Documents and Settings\All Users\Application Data\Kofax\Capture\KFS\Config For Enterprise installations: C:\Documents and Settings\All Users\Application Data\Kofax\CaptureSV\KFS\Config Windows Server 2008 For standalone installations: C:\ProgramData\Kofax\Capture\KFS\Config For Enterprise installations: C:\ProgramData\Kofax\CaptureSV\KFS\Config In the rest of this guide, references will use just the folder names \KFS and \KFS\Config without the additional path details. Related Documentation In addition to this guide, Kofax Front Office Server includes the following documentation. Except for the Help and release notes, you can select to view any of the documentation by opening guides.html in the product files or in \Documentation\KFSguides.html after installation. For instructions on using Kofax Capture, refer to the Kofax Capture guides and Help. Kofax, Inc. 5

Figure 1. Guides Page Kofax Front Office Server Installation Guide Refer to the installation guide for instructions on planning and installing Kofax Front Office Server. The guide is located in the root of the product files, and is installed with the software in the \Documentation folder. Multifunction Peripheral (MFP) Administrator Guides These guides show how to make Kofax Front Office Server features available on MFP front panels. The MFP administrator guides are in the \setup\guides folder in the product files. They are also installed with the software in the \Documentation\Guides folder. Help for Kofax Front Office Server Applications Kofax Front Office Server Web Client (referred to as the Web Client) and Kofax Front Office Server Administration Console (referred to as the Administration Console) have Help that describes how to use the application. Each Help system has a table of contents, index, and full-text search to assist you in finding information. To view the Help from the application, click the Help button. The Help appears in a separate browser window. You can also view the Help when you are at the server by selecting Start Programs Kofax Front Office Server Documentation and then the Help system you want to view. Developer Resources The developer resources include documentation, code samples, API references, and other aids that developers can use to customize or add functionality to the Kofax Front Office Server product. 6 Kofax, Inc.

Release Notes Late-breaking product information is available from the release notes. Read the release notes carefully, because they contain information that may not be included in other Kofax Front Office Server documentation. Training Kofax offers both classroom and computer-based training that will help you make the most of your Kofax Front Office Server solution. Visit the Kofax Web site at www.kofax.com for complete details about the available training options and schedules. Technical Assistance for your Kofax Product Support for your Kofax product is provided by your primary application support provider, which is specified as part of the maintenance agreement associated with your purchase. Please contact your Kofax application support provider for technical assistance. For more information about your product, visit the Kofax Support pages at www.kofax.com for: Product information and release news Access to the Kofax Knowledgebase Access to the online Case Management System (for eligible customers) Downloadable product documentation Before contacting your Kofax application support provider, please gather the following information where applicable: Product name, version, and serial number Log files Product license Exact error message(s) Reproduction scenario Overview Kofax Front Office Server, an add in for Kofax Capture, enables documents from a variety of sources, including multifunction peripherals (MFPs), to be delivered directly to Kofax Capture, or to the Web Client application for additional processing before release to Kofax Capture. Integration with Kofax Capture Kofax Front Office Server integrates with Kofax Capture and takes advantage of the following features. User Authentication Kofax Front Office Server uses the Kofax Capture user profile and group membership authentication on MFP devices and in both the Web Client and the Administration Console applications. You can configure Kofax Front Office Server so that once users have logged on to the computer where they launch the browser, users will not have to log on to either the Web Client or the Administration Console (this is also called single sign on). Kofax, Inc. 7

Note Access to the Administration Console is restricted to Kofax Capture users who have rights to the Kofax Capture Administration module. All Kofax Capture users can be assigned permission to access the Web Client without special Kofax Capture rights. Licensing Kofax Front Office Server integrates with the Kofax Capture centralized license management scheme. System Licenses Kofax Front Office Server System license to run Kofax Front Office Server standard installations using the Microsoft SQL Server Express database. Kofax Front Office Server Enterprise System license to run Kofax Front Office Server Enterprise installations using a SQL Server or Oracle database. Station Licenses Kofax Front Office Server Device Limits the number of devices that can be added to the Administration Console. When no more device licenses are available, no more devices can be added. You can either remove devices, or purchase additional licenses. Kofax Front Office Server Web Client Limits the number of concurrent open sessions of the Web Client. When no more station licenses are available, users cannot log on. You can either have current users log off, or purchase additional licenses. Volume Licensing and MFPs Volume licensing for the following Kofax Capture licenses is not affected (page count is not decremented) for any documents that are scanned at an MFP and come through Kofax Front Office Server: Scan/Import page count Kofax PDF Image+Text page count Any documents that did not originate at an MFP (for example, scanned or uploaded into the Web Client and then released) also decrement page count. Shared Folder in Kofax Capture Server Files Location The Kofax Front Office Server installation detects the location of the Kofax Capture server files, and creates a \KFS subfolder where users inboxes, scanjob images, and configuration files (among other items) are stored. Warning If the location of the Kofax Capture server files is ever changed after Kofax Front Office Server installation, you must follow the instructions in Validation Kofax Capture batch class information is used to validate batches released from MFPs or the Web Client. 8 Kofax, Inc.

Volume Licensing Volume licensing for Kofax Capture is not affected (page count is not decremented) by the scanning or releasing of documents with Kofax Front-Office Server for the following licenses: Scan/Import Page Count Kofax PDF Image + Text Page Count Volume licensing is still affected by activity from any custom Web services client. Starting the Kofax Front Office Server Applications Before starting either of the applications, complete the installation and make sure that Kofax Front Office Server has started. Starting the Administration Console You can start the Administration Console from the Kofax Capture Administration Module, or from a browser by entering the URL. Before starting the Administration Console, do the following: Make sure that the Web browser is certified by Kofax Front Office Server. Enable the browser to use cookies and JavaScript. Make sure that Kofax Front Office Server has been properly installed and is running. Once you start the Administration Console, you can click the Help button for information about the particular node and tab you are on, and from there you can access the entire Help system or select other nodes. The Introduction to the Administration Console topic is a good place to start, because it outlines the general steps to configure MFPs and describes the tasks you can perform. To start the Administration Console from the Kofax Capture Administration Module 1 Start the Kofax Capture Administration Module. 2 From the Kofax Front Office Server menu, select one of the Administration Console nodes. 3 The Administration Console appears (Figure 2). Figure 2. The Administration Console 4 Expand the nodes on the left to add MFP devices and perform other management tasks. To start the Administration Console from a Browser 1 Be sure your computer can connect to the server where Kofax Front Office Server is installed. Kofax, Inc. 9

2 Start the Administration Console by doing either of the following: Open a certified Web browser and type the URL for Kofax Front Office Server Administration Console. For the URL, refer to Identifying the URLs for Kofax Front Office Server Applications. If you are at the server, select Start Programs Kofax Front Office Server Administration Console. 3 The Administration Console Log On screen appears (Figure 3). If automatic log on (also called single-sign on) does not occur, the Administration Console Log On screen appears. Figure 3. The Administration Console Log On Screen Tip Bookmark the Administration Console Log On screen to make it convenient to start it each time. 4 Type your Kofax Capture user ID and password. Passwords are case-sensitive. 5 After you have logged on successfully, the Administration Console appears (Figure 2). Expand the nodes in the menu on the left to add MFP devices and perform other management tasks. Starting the Web Client Before you can log on to the Web Client, you need the following: The URL of the Web Client. For the URL, refer to Identifying the URLs for Kofax Front Office Server Applications. A user name and password if you are prompted for lon on credentials A Web browser supported by the Web Client. Cookies and JavaScript enabled on the browser. Tip Bookmark the Web Client Log On page to make it convenient to start it each time. To log on to the Web Client 1 In the browser s Address field, type the URL for the Web Client. If automatic log on (also called single-sign on) does not occur, the Web Client Log On screen appears. 10 Kofax, Inc.

Figure 4. The Web Client Log On Screen 2 Type your Kofax Capture user ID and password. Passwords are case-sensitive. 3 Click Log On. The Web Client window appears. Identifying the URLs for Kofax Front Office Server Applications Provide all users of Kofax Front Office Server applications with the URL they need to connect from a Web browser. For Kofax Front Office Server Administration Console, type the URL as follows: If security is not enabled with an SSL certificate: http://server/kfs/kfsadmin If security is enabled with an SSL certificate: https://server:8443/kfs/kfsadmin For Kofax Front Office Server Web Client, type the URL as follows: Where: If security is not enabled with an SSL certificate: http://server/kfs/kfswebclient If security is enabled with an SSL certificate and you are not using WebScan: https://server:8443/kfs/kfswebclient If security is enabled with an SSL certificate and you are using WebScan: https://servername:8443/kfs/kfswebclient server is the IP address or host name of: The computer with a departmental installation of Kofax Front Office Server An NLB cluster or IIS server in an Enterprise installation servername is the host or DNS name of: The computer with a departmental installation of Kofax Front Office Server The proxy server in an Enterprise installation 8443 is the port used by Kofax Front Office Server for transmitting secure data. Kofax, Inc. 11

Note the following: In the URL, KFSAdmin and KFSWebClient may be typed in all uppercase or all lowercase, as in these examples: http://server/kfs/kfsadmin http://server/kfs/kfsadmin http://server/kfs/kfswebclient http://server/kfs/kfswebclient You can omit the Web Client portion of the URL to start, as in this example: http://server/kfs/ Stopping and Restarting Kofax Front Office Server You may need to stop and restart Kofax Front Office Server when changing some of the files in the \KFS\Config folder or for routine maintenance. The process depends on which type of installation and configuration you use, and the instructions are in the Kofax Front Office Server Installation Guide. Changing Host Names The host name of a computer should not be changed after Kofax Front Office Server has been installed. Changing the host name may cause problems connecting to MFPs. You can restore connections by changing the host name back to the one you used when you licensed Kofax Front Office Server. The host name of an MFP also should not be changed after it has been added to Kofax Front Office Server. Because the Administration Console does not recognize that the MFP s host name has changed, it instead recognizes it as a different device. If you add the device with the new host name, the Administration Console will have two records and use two input licenses for the same device. Security Options This section contains infromation about security options available to you. LDAP Signing Requirement For security reasons, Microsoft recommends that you enable LDAP signing. However, user authentication will fail if the LDAP signing requirement is enabled on the domain controller but not on all the workstations, and the following message appears in the log: [security.securityprincipalmanager] A more secure authentication method is required for this server. If you choose to enable LDAP signing, make sure the settings on all workstations match that of the domain controller. Enabling Security with SSL By using a self- or CA-signed SSL certificate for your active directory environment, you enable security when transmitting data to and from Kofax Front Office Server. The use of an SSL certificate encrypts, and thereby protects, the transmission of sensitive data, such as passwords. 12 Kofax, Inc.

Tip If you use the DSA algorithm when creating a self-signed certificate for use with SSL, users will not be able to connect to the HP MFP. To use SSL with the HP, you must create the certificate using the RSA algorithm. We recommend you use the RSA algorithm when generating self-signed certificates. In preparing to enable security with SSL, note the following: Kofax Front Office Server ships with a default self-signed SSL certificate, with the file avalin.keystore which specifies avalin as the host name for the installation. The avalin.keystore file is located in the \Kofax\Front Office Server\Avalin\jboss\server\avalin\conf folder where Kofax Front Office Server is installed. You can replace the file avalin.keystore, using the same file name to ensure a smooth implementation and to avoid having to edit other server and/or network properties. If replacing the file avalin.keystore using the same file name, note the following: Keystore password=avalin Host name=the full name for the server where Kofax Front Office Server is installed. For example: www.mycompany.com or Server01. Key password=avalin Kofax Front Office Server by default uses port 8443 for the secured transmittal of encrypted data. The URL for accessing the Administration Console or the Web Client requires https instead of http. For more information, see Identifying the URLs for Kofax Front Office Server Applications. About Single Sign On Kofax Front Office Server supports single sign on for Kofax Capture linked users. If users log on to a computer using a user account that is linked in Kofax Capture and have the appropriate access rights, users can start the Administration Console or the Web Client without being prompted to log on.when authentication fails, or if the user is not authorized to log on, a log on screen appears to allow users to manually enter credentials. This section assumes you are familiar with Group Policy configuration and using and registering a Service Principal Name (SPN). To use the single sign-on feature, the following conditions have to be met: If using IIS, the IIS authentication method must be set to Enable anonymous access. Clients must use Internet Explorer 7 or 8. Clients and Kofax Front Office Server must be on the same domain. Internet Explorer must have the Enable Integrated Windows Authentication option turned on. If users are using the Fully Qualified Domain Name (FQDN, Internet Explorer must have the Kofax Front Office Server computer added to the Local intranet zone or the Trusted zone. To avoid setting this up for each user individually, your domain administrator can create a Group Policy and add it to the desired organizational units. Kofax, Inc. 13

Important When adding to the Trusted zone, the IE Security Settings option User Authentication Logon must be set to Automatic logon with current user name and password. The user you specify with SPN must be in the Administrators group on the computer registered with DNS. To enable single sign on 1 In the \KFS\Config folder, open kfs.properties in a text editor. 2 Change the EnableSingleSignOn to true as shown: EnableSingleSignOn=true 3 Save and close the file. The change takes effect automatically in less than a minute. In the following section Examples of Possible Configurations, there are some additional configuration tasks listed in the tables to register DNS and SPN. Although it is expected that system administrators will know how to perform those tasks, we include the following instructions. To register DNS entry pointing to some machine to hosting the physical server Note You do this before you register the SPN because you need to use the URL that you will create as part of the SPN command line entry when you register SPN in the next set of steps. Note also that you must create a DNS entry for all configurations, including a standalone (Departmental), that will not use the host name in the URL. 1 On your domain controller, open Administrative Tools DNS. 2 Expand Forward Lookup Zones, select your domain, then right-click and select New Host (A). 3 In the Name field, type a name that will be the first part of the URL (for example, wwwkfs). This will be the URL address. Be sure the name you enter is not already used on the domain. 4 In the IP address field, enter your standalone IP or the IP of your proxy IIS, IBM HTTP for WebSphere, or NLM cluster host. 5 Click Add Host. To register SPN (service Principal Name) under the user account running the KofaxServer service. Note This is to enable Kerberos authentication: you are using a domain account to run the KofaxServer service, and that domain user must be registered. (The Local System account is automatically registered by the server.) 14 Kofax, Inc.

1 On the domain controller machine (where directory service runs), open a Command Prompt and run: Setspn -A <http/dns name> <domain>\<user> For example, in an domain named domain01 for the account Kfs-service-user, you would run: Setspn -A http/wwwcomputer01 Kfs-service-user This registers SPN for Kfs-service-user. 2 Change the log on account for all your KofaxService services to the account you just registered. Examples of Possible Configurations The remainder of this section provides examples and lists any additional configuration needed for different installations, log on accounts to run KofaxServer service, and URLs used to log on to the Web Client (used in the examples) and the Administration Console. Single Server Installation (Department or Enterprise) Figure 5 illustrates a single server installation on a domain (Kofax.com). Both the server (named kfs-svr) and client (names Mike-xp-wks) are on the same domain. A domain account Kfs-serviceuser has been created to be used instead of the built-in Local System account. Clients access the server using either host name or a DNS name. Domain Controller kfs-svr intranet (kofax.com) Mike-xp-wks Figure 5. Single Server Table 1. Client Connects to Server Using the Host Name URL Entered by Mike on Mikexp-wks http://kfs-svr/kfs/ KFSWebClient Log on Account for KofaxServer Service Local System 1 Additional Configuration Required by a Domain Administrator None Kofax, Inc. 15

Table 1. Client Connects to Server Using the Host Name (continued) 1 If you need to use a domain user account, then you must use a DNS name. See the next table for information.. URL Entered by Mike on Mikexp-wks http://kfs-svr.kofax.com/ KFS/KFSWebClient Log on Account for KofaxServer Service Local System 1 Table 2. Client Connects to Server Using a DNS Name Additional Configuration Required by a Domain Administrator Add the FQDN (kfs-svr.kofax.com) to the Intranet zone or Trusted zone in Internet Explorer. This can be done individually on each client browser, or it can be done on the domain controller with Group Policies so that the setting will be applied to all clients in the domain. Note that the DNS and SPN steps in the following configurations are not necessary since they are done automatically for server host names. URL Entered by Mike on Mikexp-wks Log on Account for KofaxServer Service Additional Configuration Required by a Domain Administrator http://www-kfs/kfs/ KFSWebClient http://www-kfs.kofax.com/ KFS/KFSWebClient Kfs-service-user Kfs-service-user On the domain controller, register DNS entry pointing www-kfs.kofax.com to host machine kfs-svr. On the domain controller, register SPN HTTP/ www-kfs-svr.kofax.com under user account Kfs-service-user. Then, configure the computer to use Kfs-service-user as the KofaxService log on account Same two steps above plus: Add the FQDN (kfs-svr.kofax.com) to the Intranet zone or Trusted zone in Internet Explorer. This can be done individually on each client browser, or it can be done on the domain controller with Group Policies so that the setting will be applied to all clients in the domain. Enterprise Cluster with Proxy Server Figure 6 illustrates an Enterprise installation using a proxy. The cluster is configured to include kfs-svr-node1, kfs-svr-node2 and the proxy server kfs-svr-proxy. All servers and clients are on the same domain. Clients access the cluster through the proxy server s designated DNS name. 16 Kofax, Inc.

Domain Controller kfs-svr-node1 kfs-svr-node2 kfs-svr-proxy Intranet (kofax.com) Jack-xp-wks Figure 6. Cluster with Proxy Server. Table 3. Client Connects to Proxy Server Using DNS Name URL Entered by Jack on Jackxp-wks http://www-kfs/kfs/ KFSWebClient http://www-kfs.kofax.com/ KFS/KFSWebClient Log on Account for KofaxServer Service Kfs-service-user Kfs-service-user Additional Configuration Required by a Domain Administrator On the domain controller, register DNS entry pointing www-kfs.kofax.com to host machine kfs-svr-proxy. On the domain controller, register SPN HTTP/ www-kfs.kofax.com under user account Kfsservice-user. Then, configure every Kofax Front Office Server in the cluster to use Kfs-serviceuser as the KofaxService log on account Same two steps above plus: Add the FQDN (kfs-svr-proxy.kofax.com) to the Intranet zone or Trusted zone in Internet Explorer. This can be done individually on each client browser, or it can be done on the domain controller with Group Policies so that the setting will be applied to all clients in the domain. Enterprise Cluster with NLB Figure 7 illustrates an enterprise installation using NLB. The NLB cluster is configured to include kfs-svr-worker1 and kfs-svr-worker2. The cluster name is www-kfs.kofax.com. All servers and clients are on the same domain. Clients access the cluster through the cluster s DNS name. Kofax, Inc. 17

Domain Controller kfs-svr-worker1 kfs-svr-worker2 NLB www-kfs.kofax.com Intranet (kofax.com) Jill-xp-wks Figure 7. Cluster with Microsoft NLB Table 4. Client Connects to Server (NLB Cluster) Using DNS Name URL Entered by Jill on Jill-xpwks http://www-kfs/kfs/ KFSWebClient http://www-kfs.kofax.com/ KFS/KFSWebClient Log on Account for KofaxServer Service Kfs-service-user Kfs-service-user Additional Configuration Required by a Domain Administrator On the domain controller, register DNS entry www-kfs.kofax.com as NLB cluster name pointing to the static IP address assigned to the NLB cluster. On the domain controller, register SPN HTTP/ www-kfs.kofax.com under user Kfs-serviceuser. Then, configure every Kofax Front Office Server in the cluster to use Kfs-service-user as the KofaxService log on account. Same two steps above plus: Add the FQDN (www-kfs.kofax.com) to the Intranet zone or Trusted zone in Internet Explorer. This can be done individually on each client browser, or it can be done on the domain controller with Group Policies so that the setting will be applied to all clients in the domain. Managing Free Drive Space The Kofax Front Office Server database expands in size as it accumulates logs and document tracking records. If destination types go offline for a prolonged period of time, requests are queued on the server, which also consumes hard drive space. If the hard drive runs out of space, Kofax Front Office Server may operate unpredictably. Tip You can monitor the KFS.log file for any drive space errors. 18 Kofax, Inc.

Blocking Requests when Drive Space is Limited When drive space reaches a minimum threshold (the default minimum threshold is 5 GB), Kofax Front Office Server blocks requests until more drive space is made available. You can adjust this amount by editing the system.resource.checker.properties file. It is located in the \conf folder. Modify the following properties in a text editor: enabled limits check.frequency.millis accept.requests.on.disk.check.error When you have finished modifying the file, stop and restart Kofax Front Office Server. Backing Up and Restoring This section provides instructions for backing up and restoring Standard and Enterprise configurations. Departmental Configurations This section provides instructions for gathering backup data and restoring a Departmental configuration. You may want to back up important data before upgrading, and regularly to be able to restore a failed system to a certain state. Make sure that you have your original Kofax Front Office Server installation media (or installation media of the same version) before proceeding. To backup data 1 In the Services console, stop the SQL Server (KFS) service. 2 Create backup copies of the following folders: <Kofax Capture Server folder>\kfs \Avalin, \Resources, and \SQLServer at the root of the Kofax Front Office Server installation 3 Verify that the backup was successful, and store in a safe location. To restore Kofax Front Office Server 1 Remove the non-functional Kofax Front Office Server installation from the computer. This can be done by uninstalling the software or restoring the computer a state before Kofax Front Office Server was installed. Be sure that all Kofax Front Office Server software is removed from the computer. 2 Install the same version of Kofax Front Office Server as you previously backed up, because the installer versions must match. If possible, install to the same path as the original installation. 3 In the Services console, stop the following services: KofaxServer SQL Server (KFS) 4 If you have a 32-bit computer with the Kofax Server Monitor running in the system tray, right-click the icon and select Exit. 5 Delete the following folders: Kofax, Inc. 19

<Kofax Capture Server folder>\kfs \Avalin, \Resources, and \SQLServer at the root of the Kofax Front Office Server installation 6 Replace the deleted folders with the backup data folders. 7 Set the Security permissions of the following folders to grant Full Control to the Windows user that was specified for the Kofax Front Office Server service during installation: <Kofax Capture Server folder>\kfs \Avalin and \Resources at the root of the Kofax Front Office Server installation folder. 8 Set the Security permissions of the \SQLServer at the root of the Kofax Front Office Server installation to grant Full Control to the NETWORK SERVICE user. 9 In the Services console, start the following services: KofaxServer SQL Server (KFS) 10 On 32-bit computers, you can display the Kofax Server Monitor in the system tray by selecting Start Programs Kofax Front Office Server Kofax Server Monitor. Enterprise Configurations This section provides instructions for gathering backup data and restoring an Enterprise configuration. You may want to back up important data before upgrading, and regularly to be able to restore a failed system to a certain state. Make sure that you have your original Kofax Front Office Server installation media (or installation media of the same version) before proceeding. To backup data 1 Create backup copies of the following folders: <Kofax Capture Server folder>\kfs \Avalin and \Resources at the root of the Kofax Front Office Server installation 2 Verify that the backup was successful, and store in a safe location. 3 Backup your SQL Server or Oracle database state. To restore Kofax Front Office Server 1 Remove the non-functional Kofax Front Office Server installation from all computers in the cluster. This can be done by uninstalling the software or restoring the computers a state before Kofax Front Office Server was installed. Be sure that all Kofax Front Office Server software is removed from the computer. 2 Install the same version of Kofax Front Office Server as you previously backed up, because the installer versions must match. If possible, install to the same path as the original installation. 3 In the Services console, stop the KofaxServer service. 4 If you have a 32-bit computer with the Kofax Server Monitor running in the system tray, right-click the icon and select Exit. 5 Delete the following folders: <Kofax Capture Server folder>\kfs \Avalin and \Resources at the root of the Kofax Front Office Server installation 20 Kofax, Inc.

6 Replace the deleted folders with the backup data folders. 7 Set the Security permissions of the following folders to grant Full Control to the Windows user that was specified for the Kofax Front Office Server service during installation: <Kofax Capture Server folder>\kfs \Avalin and Resources at the root of the Kofax Front Office Server installation 8 Restore your backed-up SQL Server or Oracle database state. 9 In the Services console, start the KofaxServer service. 10 On 32-bit computers, you can display the Kofax Server Monitor in the system tray by selecting Start Programs Kofax Front Office Server Kofax Server Monitor. Setting Options for the Web Client This section contains instructions on how to set up some options related to the Web Client. Defining the Page Size for the Web Client List of Documents When you are viewing a list of documents in the Inbox, only a certain number of these documents display at one time, on a page of the list. If the number of documents in the Inbox exceed a defined maximum for a page, you can view additional pages of the list. The Web Client installs with a default page size for the list of documents. If you have a preference, you can change the maximum number of documents to display on a single page of the list. You can set the page to display from 1 to 150 listed documents. To define the page size of the list of documents 1 In the \KFS\Config folder, locate the KFSportal.properties file and open it in a text editor. 2 Edit the following property to specify the desired maximum number documents for a page of the list of documents: paging.page.size For example, to set the maximum number to 25, define the property as follows: paging.page.size=25 3 Save the file. For the change to take effect, users need to log out of and log in to the the Web Client. Setting Up to Scan Directly from the Web Client Users can scan directly to the Inbox by doing one of the following: Scanning with a certified scanner connected to a client workstation You can connect a certified scanner to a client workstation installed with Kofax VRS 4.2, Kofax VRS 4.5, or the manufacturer s TWAIN driver. Then, using a feature (referred to as WebScan) included in Kofax Front Office Server Web Client with the installation of Kofax Front Office Server, you can set up an option that enables you to scan a document directly from the Web Client. To ensure the best image quality, it is recommended that you use WebScan with VRS. Scanning with a Kofax Document Scan Server Kofax, Inc. 21

You can set up a connection between the Web Client and a Kofax Document Scan Server that is in turn connected to a certified scanner. With this connection set up in the Web Client, you can scan a document directly from the Web Client. Note Effective January 2010, Kofax Document Scan Server is a retired product and is no longer supported. You can continue to use Kofax Document Scan Server with Kofax Front Office Server 3.0, but no further development will occur and any reported defects will not be fixed. For each logged on user, only one of these options can be used at a time. When you have successfully connected to either a certified scanner or Kofax Document Scan Server, buttons for scanning documents are enabled in the Web Client. For a list of certified scanners, go to the Kofax Web site (www.kofax.com). Setting Up to Scan with a Certified Scanner To successfully scan with a certified scanner connected to a client workstation, the following criteria must be met: Internet Explorer 6.0 or 7.0 on the Client Workstation Make sure Internet Explorer 6.0 or 7.0 is available on the client workstation and is used to log on to the Web Client. Microsoft.NET Framework 2.0 on the Client Workstation If the client workstation is using Windows XP, make sure Microsoft.NET Framework 2.0 is installed. If the client workstation is using Windows Vista, Microsoft.NET Framework 2.0 is not required. Note If you have a later version of Microsoft.NET Framework, use the instructions presented later in this section as described for Microsoft.NET Framework 2.0. Scanner Setup on the Client Workstation Connect a certified scanner to the client workstation. Make sure VRS or the manufacturer s TWAIN driver is installed on the client workstation. For more information, see Setting Up the Scanner. Security Policy for Your Enterprise (or the Client Workstation) Make sure the appropriate security policy is set up for your enterprise. For more information, see Setting Up the Appropriate Security Policy for an Enterprise. As an alternative, you can also set up the security policy for an individual client workstation. For instructions, see Setting Up the Appropriate Security Policy on a Client Workstation. However, it is recommended that you set up the security policy for your enterprise. KFS WebScan Permission for the Applicable Users or Groups In the Administration Console, associate the Web Client Permission KFS WebScan with each applicable user or group. This association is required to enable a user to use 22 Kofax, Inc.

WebScan. For more information about assigning Web Client Permissions, see the the Administration Console Help. Optionally, modify the KFS WebScan permission and associate the activity Change Scanner Settings in WebScan that permits changing the scanner settings directly in the Web Client when using WebScan. Scanner Settings in the Web Client Prior to scanning with the scanner connected to your client workstation, access Kofax Front Office Server Web Client, click Set Inbox options. On the Scanner Settings tab, specify one of the following: Kofax Software VRS - TWAIN If you are scanning with VRS for the connected scanner Scanner model If you are scanning with the manufacturer s TWAIN driver, and not VRS, for the connected scanner For more information about scanner settings in the Web Client, see the the Web Client Help. Scanner Profile (Optional) When Scanning with VRS or the TWAIN Driver Optionally, define a scanner profile to be used by the selected scanner when scanning. For more information, see Setting Up a Scanner Profile. Setting Up the Scanner When setting up the desired scanner, use the following summarized procedures after connecting the scanner to your client workstation. To set up the scanner if you will be scanning with VRS 1 Install Kofax VRS on the client workstation. For details, see the user documentation for Kofax VRS. 2 During the installation, select the scanner you will be scanning with. If the appropriate scanner is not available for selection, select I will configure my scanner later. Complete the VRS installation. 3 If the scanner was available during the installation of VRS, skip to Step 4. If the scanner was not available during the installation of VRS, install the scanner driver provided by VRS from another source (such as the Scanner Configuration Utility installed with VRS or the Kofax Web site). If a driver is not available by VRS, install the TWAIN driver supplied by the manufacturer. (For details, see the manufacturer s user documentation.). 4 To complete the setup, configure the scanner in Windows. To set up the scanner if you will not be scanning with VRS 1 Install the manufacturer s TWAIN driver supplied by the manufacturer. For details, see the manufacturer s user documentation. 2 To complete the setup, configure the scanner in Windows. Typically, at this point, the scanner is set up for successful operation. However, see the user documentation for your scanner for any additional setup required or recommended. Kofax, Inc. 23

Setting Up the Appropriate Security Policy for an Enterprise To ensure all users within your enterprise can successfully scan with a connected scanner, the following items need to be completed: Kofax Front Office Server As a Trusted Site Define a group policy in Active Directory to specify the Kofax Front Office Server URL as a trusted site. Code Access Security Policy Create a security policy deployment package and distribute the package across your enterprise. For more information, see Creating and Distributing a Security Policy Deployment Package. Creating and Distributing a Security Policy Deployment Package Use the following summarized instructions to create and distribute the security policy deployment package (as a Microsoft Installer or MSI) to the client workstations in your domain. For more information, see the.net Framework Enterprise Security Policy Administration and Deployment document on the Microsoft Developer s Network (MSDN). The distributed package installs the.net machine-level, run-time security policy for KofaxDesktopScan. To create the security policy deployment package (or MSI) 1 Create a template for your enterprise-wide.net security policy. To do so, on a server or client workstation that is installed with.net Framework 2.0, in a command prompt window, enter the following command: C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol -machine -addgroup All_Code -zone Trusted FullTrust -name KofaxDesktopScan Where: C:\Windows\Microsoft.NET\Framework\v2.0.50727 is the path where Microsoft.NET Framework 2.0 is installed. When prompted, confirm that you want to perform the operation. 2 Create and store the MSI. To do so, run the Microsoft.NET Framework Configuration tool, which is available in the Microsoft.NET Framework 2.0 SDK. Under Tasks, select Code Access Security Policy Create Deployment Package. In the Deployment Package Wizard, under Select the security policy level to deploy, select Machine. Then, browse to a domain-accessible, shared folder in which to store the MSI. Complete the wizard instructions. 24 Kofax, Inc.

Figure 8. Microsoft.NET Framework 2.0 Configuration Tool To distribute the MSI, assign the MSI to a group policy. To do so, on the domain controller, for the appropriate group policy, open the Group Policy Object Editor. Select Computer Configuration Software Settings. Right-click Software Installation. Select New Package. Then, browse to the MSI you created previously. Deploy the software. Figure 9. Group Policy Object Editor To have the group security policy take effect, restart any applicable servers and client workstations. Kofax, Inc. 25

Setting Up the Appropriate Security Policy on a Client Workstation Although it is recommended that you set up the security policy for your enterprise, you can set up the security policy for individual client workstations. To do so, you need to set up Kofax Front Office Server as a trusted site and a code access security policy on each applicable client workstation. To set up Kofax Front Office Server as a trusted site, in Internet Explorer, specify the Kofax Front Office Server URL as a trusted site in Internet Options. For example, on the Tools menu, select Internet Options. Then, on the Security tab, select Trusted sites and click Sites. In the Trusted sites window, enter the URL for Kofax Front Office Server and click Add. For example, enter http://kfs.company.com Where: kfs.company.com is the host name registered with DNS or IP address for Kofax Front Office Server. Note If security is enabled with an SSL certificate, you must specify the trusted site with the host name. Figure 10. Setting Kofax Front Office Server As a Trusted Site To set up the code access security policy (with caspol.exe) 1 On your client workstation, open a Command Prompt window. For example, on the Windows desktop, go to Start All Programs Accessories Command Prompt. 2 Enter the following command: C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol -machine -addgroup All_Code -zone Trusted FullTrust -name KofaxDesktopScan Where: C:\Windows\Microsoft.NET\Framework\v2.0.50727 is the path where Microsoft.NET Framework 2.0 is installed. 26 Kofax, Inc.

When prompted, confirm that you want to perform the operation. Note As an alternative to using caspol.exe (Code Access Security Policy Tool), you can use the Microsoft.NET Framework Configuration tool, if installed on the client workstation. To ensure that the security policy setup takes effect, it is recommended that you close and then open Internet Explorer before using WebScan for the first time. Setting Up a Scanner Profile When you scan from the Web Client using WebScan, scanning is performed with the following: Scan settings (such as resolution or color mode) resident on the scanner, either pre-defined by the manufacturer or user-defined on the scanner as an override to the manufacturer s setting If you are using VRS, image quality (or advanced) settings available in a default profile installed with VRS If you prefer to specify scanner settings for WebScan, you can optionally set up a scanner profile based on whether you are scanning with VRS or the manufacturer s TWAIN driver (not VRS): When scanning with VRS Set up a scanner profile, including advanced image quality settings, using a utility called Twacker. This utility is available with the installation of VRS. For more information, see To set up a scanner profile when scanning with VRS. When scanning with the manufacturer s TWAIN driver (not VRS) Create a scanner profile XML file, based on the scanner profile schema and a sample scanner profile XML installed with Kofax Front Office Server. With a valid scanner profile XML file saved in the appropriate location on the server, the defined scanner settings are used automatically when scanning from Kofax Front Office Server Web Client. For more information, see To set up a scanner profile when scanning with a TWAIN driver (not VRS). A scanner profile XML file needs to be created for each applicable scanner model with which you want to use a scanner profile. To set up a scanner profile when scanning with VRS 1 Make sure VRS is not currently in use on your client workstation. This includes logging off the Web Client if Kofax Software VRS - TWAIN is the selected scanner setting for WebScan. 2 On the client workstation, locate and open the Twack_32.exe file. The file is typically located in the \Windows\Twain_32\Kofax folder. 3 In Twacker, select File Select Source. 4 In the Sources list, select Kofax Software VRS - TWAIN, and click Select. 5 Select File Setup. 6 Specify your scanner settings. The settings you specify are used each time you scan with WebScan. It is not necessary to save the settings as a profile. Kofax, Inc. 27

Figure 11. Scanner Settings in Twacker 7 If you want to specify image quality settings with VRS, click Advanced. In the VirtualReScan Interactive Viewer, specify your image quality settings. Then, save the settings as a new profile. Click OK to return to Twacker. Figure 12. Interactive Viewer The image quality settings that are used when you scan are those saved for the named profile that appears in the drop-down list in the Viewer. For details about specifying image quality settings and profiles in VRS, see the VRS user documentation. 8 Click OK to save your scanner settings and exit Twacker. To set up a scanner profile when scanning with a TWAIN driver (not VRS) 1 Determine the appropriate name to use when you save the scanner profile XML file. The file name must match the scanner name as it appears in the Web Client. 28 Kofax, Inc.