---
myst:
html_meta:
"description lang=en": "Run Kasm Windows Service on an RDP endpoint to enable enhanced Workspaces features."
"keywords": "Kasm, Windows, Service, Upload, Download, Screenshot"
"property=og:locale": "en_US"
---
```{title} Windows Service
```
# Kasm Windows Service
Kasm Windows Service is a Windows service that provides additional capabilities to users that are connected to the desktop through Kasm Workspaces:
- Upload files to the remote desktop
- Download files from the remote desktop
- See a preview screenshot of the desktop in the Kasm Workspaces dashboard
## System Requirements
| Supported Operating Systems |
|-----------------------------|
| Windows 10 (x86_64) |
| Windows 11 (x86_64) |
| Windows 2019 (x86_64) |
| Windows 2022 (x86_64) |
In order to run, the service application requires a valid config file to be located at ``C:\Program Files\Kasm\config.yaml``.
In case the file is missing or contains invalid settings the service will keep retrying until it succeeds. All the log messages produced during the service startup can be viewed in Windows event log.
The service installer will create an ``Upload`` and ``Download`` folder in the installation directory ``C:\Program Files\Kasm``.
## Installation
The Kasm Windows Service can be installed using one of the installers below which places all the necessary files in `C:\Program Files\Kasm`. You should use the latest version that supports the version of Kasm Workspaces you have installed
| Installer Version | Installer Link | Kasm Workspaces Compatibility |
|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------|
| 1.0.e2600c4b | [kasm_windows_service_installer_x86_64_1.0.616b3bea.exe](https://kasm-static-content.s3.amazonaws.com/kasm_windows_service_installer_x86_64_1.0.616b3bea.exe) | 1.12.0 |
| 0.9 | [kasm_windows_service_installer_x86_64_02beec.exe](https://kasm-static-content.s3.amazonaws.com/kasm_windows_service_installer_x86_64_02beec.exe) | 1.12.0 |
| 0.8 | [kasm_windows_service_installer_x86_64_5a2950.exe](https://kasm-static-content.s3.amazonaws.com/kasm_windows_service_installer_x86_64_5a2950.exe) | 1.12.0 |
```{note}
The documentation on this page is for the latest version of the installer listed in the table above and may not be accurate for older versions.
```
The Kasm Windows Service uses HTTPS/SSL to communicate with the rest of the Kasm Workspace services, the required key.pem and cert.pem can be generated with the below command:
```bash
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes
```
In order to instruct the installer to copy an existing config file and certificates before
starting the service the following options can be used:
```{important}
All options paths must be relative to where kasm_service_installer.exe is started from.
```
```{note}
The Kasm Windows Service listens on port 4902. The installer will open this port in the windows firewall, make sure to open this port in any other firewalls for instance on a cloud provider.
```
```bash
kasm_service_installer.exe /config=config.yaml /jwt=jwt.pem /key=key.pem /cert=cert.pem
```
In order to run the installer in silent mode, without any GUI, the `/S` option can be used:
```bash
kasm_service_installer.exe /S /config=config.yaml /jwt=jwt.pem /key=key.pem /cert=cert.pem
```
When running the installer on a machine with an existing Kasm Windows Service an upgrade will be performed.
The existing configuration file, as well as the certificates and any files in the upload and download folders will be preserved.
## Uninstallation
```{warning}
All files under `C:\Program Files\Kasm` will be deleted during uninstallation, this includes anything in the ``Upload`` and ``Download`` folders. Please back up any files that you wish to keep.
```
If the Kasm Windows Service needs to be uninstalled it can be removed by going to `Add or remove programs` / `Apps & features` on the Windows server and selecting the ``Kasm - KasmAgent `` and then selecting ``Uninstall``.
There will be a dialog box asking you to confirm you wish to remove the Kasm Windows Service, click ``OK`` to continue.
## Configuration
Below is an example config with the appropriate settings for Kasm Windows Service annotated.
```{important}
All paths should be absolute and without slashes at the end. Backslashes should be escaped with a backslash. The referenced PEM formatted certificate files must not have Windows carriage returns.
```
```bash
# server HTTP(s) configuration
ssl: true
port: 4902
server_private_key: "C:\\Program Files\\Kasm\\certs\\key.pem"
server_public_key: "C:\\Program Files\\Kasm\\certs\\cert.pem"
# path to JWT's RSA certificate for token verification
jwt_public_key: "C:\\Program Files\\Kasm\\certs\\jwt.pem"
# path to upload/download folders
upload_dir: "C:\\Program Files\\Kasm\\Upload"
download_dir: "C:\\Program Files\\Kasm\\Download"
# (optional) path to the log file
log_file: "C:\\Program Files\\Kasm\\log.txt"
# Settings for multiple user machines
multi_user: false
user_sso: false
```
**Settings**
| Name | Description |
|----------------------|-------------------------------------------------------------------------------------------------------------------|
| ssl | Enables SSL for the services. Kasm Workspaces only supports communications with this service over SSL. |
| port | The port to run the services on. Kasm Workspaces uses port `4902` for this service by default. |
| server_private_key | The private key used for the SSL service. |
| server_public_key | The public key used for the SSL service. |
| jwt_public_key | Kasm Workspaces signs a JWT token and attaches it to requests sent to this service. See next section for details. |
| upload_dir | Directory to place files uploaded by users. |
| download_dir | Directory to allow users to download files from. |
| log_file | Optionally writes logs to this file. Logs can also be viewed in Windows Event Viewer. |
| multi_user | Boolean indicating the Windows instance the service is installed on will support multiple users |
| user_sso | Boolean indicating that users |
### Uploads and Downloads on Multi-user Systems
For a Windows instance that will service multiple users, by default the Kasm Windows Service will use the same path for uploads and downloads for all users. This means all users of a system will have access to the files uploaded to the upload folder and files placed in the download folder by any other user.
To avoid this scenario when having multiple users for each Windows system, set up [single sign-on](windows_single_sign_on), then set the ``multi_user`` and ``user_sso`` fields in the config file to ``true``. With this configuration the Kasm Windows Service will use each user's profile's downloads folder for both uploads and downloads from Kasm.
### Authentication of Service
All requests to the application must contain a JWT token parameter that will be verified against the provided JWT key.
The JWT key (also referred to as the **API Cert**) is generated upon Kasm Workspaces installation and can be retrieved from Kasm `Settings` panel section.
```{figure} /images/windows_service/api_key.png
:align: center
:width: 90%
```
## Logging
By default, all log messages are written to Windows event log (under `Applications->KasmService`)
but can be also redirected to a file by specifying the `log_file` parameter in `config.yaml`.