System Changes

The kenaflow setup performs some changes on the computer it is running on. Here you find information about these changes.

The kenaflow setup creates an unique "instance ID" and adds it to the global configuration file of the kenaflow instance. This ID is used for some system modifications.

Windows Registry

The kenaflow setup creates a key in the Windows registry where the program directory is stored. The registry key can be found here:

HKEY_LOCAL_MACHINE\SOFTWARE\kenaflow\<instance-id>

With this Windows Registry key you can check wether kenaflow is installed - and in which folder it is installed.

Program Folder

kenaflow binary files, its configuration and some other files are installed in a folder on disk that we call "program folder".

The default setup path is:

C:\Program Files\kenaflow

After setup it is required to execute program mode --securing like this:

kenaflow.exe --securing --account <service-account>

A one task this will set list, read and execute permissions for the <service-account> on the program folder.

The program mode --securing can be executed multiple times if the instance has multiple service accounts for execution.

Program Data Folder

_kenaflow needs to store data files during execution to a folder we call "program data folder".

The instance ID is used as part of the sub folder name.

E.g.: C:\ProgramData\kenaflow\instance_74dcd84e-8bb3-44ba-b2b4-402d2e63b667

After setup it is required to execute program mode --securing like this:

kenaflow.exe --securing --account <service-account>

A one task this will set list, read, create, write, delete and execute permissions for the <service-account> on the program folder.

The program mode --securing can be executed multiple times if the instance has multiple service accounts for execution.

http(s) Endpoints

kenaflow is able to receive data from "remote" systems such as SharePoint - or other third party applications. (Please read Remote Event for details.)

Therefore kenaflow offers http(s) endpoints.

These endpoints need to be secured.

After the installer has run you need to execute --securing to do this.

The cmdlet opens the endpoint http://+:<port>/<instance-id> for "All Authenticated Users".

Therefore the following command is executed by the program mode --securing:

netsh http add urlacl url=http://+:<port>/<instance-id> listen=yes user="NT Authority\All Authenticated Users"
  • <port> is configured in the global configuration.

  • <instance-id> is optional. It's usage is configured in the global configuration.

If multiple instances of kenaflow are running on the same machine, then must be used or all instances use a different port.

Discussion