Configuring the Minimum Rights to Run Laserfiche Forms

This document details the minimum rights that you can grant to a Windows service user to run Laserfiche Forms. By granting these rights, the service user can access the resources required to run the following applications:

Granting Access to the Laserfiche Forms Routing Service

Start by granting the Windows service user access to the Routing Service. You can do this by reserving the Routing Service URL.

To reserve the URL, perform the following steps:

  1. Launch a command prompt as an administrator.
  2. Run the following commands:
    • netsh http add urlacl url=http://+:8169/ user=Domain\user listen=yes delegate=yes
    • netsh http add urlacl url=http://+:8733/Design_Time_Addresses/AutoTriggerServiceLib/Service1/ user=Domain\user listen=yes delegate=yes
    • netsh http add urlacl url=http://+:8737/ user=Domain\user listen=yes delegate=yes
    • netsh http add urlacl url=http://+:8739/ user=Domain\user listen=yes delegate=yes
    • netsh http add urlacl url=http://+:8173/ user=Domain\user listen=yes delegate=yes
    • netsh http add urlacl url=http://+:8175/ user=Domain\user listen=yes delegate=yes
    • netsh http add urlacl url=http://+:8171/ user=Domain\user listen=yes delegate=yes

Granting Full Control over the Laserfiche Forms Folders

For all versions of Laserfiche Forms, you must grant the Windows service user full control of the C:\Program Files\Laserfiche\Laserfiche Forms folder. For Laserfiche Forms 10.1 or later, you must also grant full control of the C:\ProgramData\Laserfiche Forms folder, and for Laserfiche Forms 11 or later you must also grant full control of the C:\ProgramData\Laserfiche\Forms folder.

To grant full control of a folder, perform the following steps:

  1. Right-click the folder.
  2. Select Properties.
  3. Go to the Security tab.
  4. In the Name list box, change the Windows service user’s permissions to grant the user full control of the folder.

Granting Access to the Laserfiche Notification Hub Service

You must grant the Windows service user access to the Laserfiche Notification Hub Service by reserving the Notification Hub Service URL.

To grant access, perform the following steps:

  1. Open the Forms Configuration site and select the Notification Service page. Note the state of the Use TLS connection option.
  2. Launch a command prompt as an administrator.
  3. Run the following command:
    • If Use TLS connection was checked, run netsh http add urlacl url=https://*:8181/ user=Domain\user listen=yes delegate=yes
    • If Use TLS connection was not checked, run netsh http add urlacl url=http://*:8181/ user=Domain\user listen=yes delegate=yes