Frequently Asked Questions

PowerShell mode leverages WinRM and PowerShell Remoting to perform configuration, discovery, and deployment actions on Windows servers, IIS, and endpoints. These permissions are required to execute Microsoft-supported PowerShell cmdlets, manage certificate stores, and bind certificates to services such as IIS. Temporary file system access is required to securely stage certificates and related artifacts during push and bind operations.

WMI mode is used for discovery and management of certificates and Windows systems where agentless access is required. WMI and RPC services are necessary to query system state, enumerate certificate stores, and execute certificate operations remotely. Access to the Windows Temp directory is required for staging certificate files during discovery, enrollment, and renewal workflows. In some scenarios, administrative privileges are required due to Windows security boundaries enforced by the operating system.

Native API mode interacts directly with Microsoft Certificate Services using Windows RPC and certificate services APIs. The service account requires read, request, issue, and manage permissions at the CA level to enable end‑to‑end lifecycle actions such as enrollment, renewal, and revocation. Template enroll permissions are required to allow certificate issuance against approved templates. RPC and certutil.exe access are mandatory as these are the underlying Microsoft-supported mechanisms for CA interaction.

AppViewX is designed to operate within enterprise security controls and supports service accounts aligned to least‑privilege principles wherever possible. Where elevated permissions are required, this is driven by Microsoft platform constraints rather than proprietary requirements. All actions performed using these permissions are logged and auditable, supporting security review and compliance requirements.