Minimum Permissions Required for Communication for MSCA

The AppViewX Windows Gateway agent communicates with the CAs via the following three communication modes:
  • PowerShell
  • WMI
  • Native API
This section:
  • Provides a summary of the minimum permissions required for AppViewX Windows Gateway communication, aligned to least‑privilege principles
  • Covers prerequisite connectivity and service requirements
  • Details the access needed for each supported communication mode:
    • Native API (applicable for Microsoft Certificate Authority operations)
    • WMI (preferred when PS-Remoting is blocked)
    • PowerShell/WinRM (for Windows Server, IIS, and endpoint operations)
  • Helps you provision an appropriate service account
  • Guides you in validating required ports and services
  • Supports security reviews by clearly mapping permission to its operational purpose
Important:
  • Permissions listed represent the minimum required for successful operation.
  • Where possible, AppViewX supports service accounts aligned to least-privilege principles.
  • Local Administrator rights may still be required for certain Windows and IIS operations.
  • Firewall, endpoint protection, or antivirus software may impact connectivity and should be validated.