Reference
Review reference information for the product.
- Configuring Wizard topics
  Learn about configuring wizard topics.
  - License Server
  - Server Components
    Select the components you want to configure. The components available to you depend on the license.
  - Instance Name
    Specify the name of the instance you want to configure.
  - Database Connection
    Enter the SQL Server name, port number, select the authentication mode and the name of the database you are connecting to. If you select SQL Authentication, enter the username and password before you click Test Connection to verify that you can connect to the SQL Server. The configuration wizard does not proceed until the connection is successful. When AppScan® Enterprise Server creates the database in SQL Server, it automatically configures the collation for it.
  - Database encryption changes
    AppScan® Enterprise no longer uses proprietary encryption mechanisms to prevent unauthorized transfers of its database because there are other third-party mechanisms that are designed to specifically perform physical layer encryption with less impact on performance. This type of encryption is usually applied at the database server level; for example, SQL Server Enterprise Edition has a built-in encryption TDE mechanism (Transparent Data Encryption). TDE encrypts the data residing in the database or in backups on physical media. SQL Server Standard Edition uses Windows™ Encrypting File System.
  - Service Account
    Specify the service account that will be used by the services.
  - Server Certificate
    For security reasons, HTTPS is enabled for Enterprise Console. Choose a certificate from the list of certificates that are installed in IIS. Taking these actions will help you deploy a secure AppScan® Enterprise in your environment.
  - Restore AppScan Server settings
    Upon upgrade, you can choose to restore previous AppScan Server customized settings on the Liberty Server. This screen appears once upon upgrade; if you run the configuration wizard later, this screen won't appear.
  - Server Keystore
    If you choose to use a keystore that contains a trusted certificate chain for this host, complete the available fields.
  - Authentication Mechanism
    Select an Authentication Mechanism to use to log into the Enterprise Console. If you choose Windows, you must be part of a domain.
  - Product Administrator
    This user is licensed separately; if you want to reassign the Product Administrator license, you must rerun the configuration wizard.
  - Server Group Changes
    A server group is a group of items that can be tested as a unit; the same security tests will be applied to all the servers in the group. A server group can be any combination of domains and IP addresses. You must create one or more server groups to define what can be tested. Once a server group is created, you then assign it to a Job Administrator. That person then creates jobs that perform security tests on a specific group of servers. As of version 9.0, Server Groups are no longer defined by URL. Any existing URL definitions are removed from existing Server Groups and listed in the WFCfigWiz.log.
  - Server Configuration
    Configure the host name and port of the Liberty server for AppScan Enterprise Server to use. If you are using Windows authentication, prefix the host name with your domain name.
- Folder Explorer topics
  Learn about folder explorer topics.
- Triage with reports
  Reports are automatically generated after a job has run. They provide a way of managing issues so that you can helps you manage issues that are important to your organization and do so in a way that is supported both by the Enterprise Console's workflow and the workflows of other processes within your organization.
- Configuration Manager
- AppScan resources
  A GitHub collection of integrations, helper scripts, utilities, useful examples, libraries, and other resources related to HCL AppScan.

Service Account

Specify the service account that will be used by the services.

During the configuration of the components you install, you must enter service account information. This service account allows the agents to access the database server. Individual users do not require any form of database permissions. The service accounts used for the agents and the database should have passwords that do not expire. If, however, the passwords must change at regular intervals, you can rerun the Configuration wizard on all the AppScan® Enterprise Server and Dynamic Analysis Scanner computers and enter the new password.

The Local System User account and the Service Account can be a single account, with the same user name and password.

The service account is granted db_owner rights to the database and must have permissions that allow it to create a database and tables, add users, run stored procedures, and grant rights. If your organization prevents the service account to be granted db_owner rights, then the account must be granted a minimum of ddladmin, datawriter and datareader rights for configuring and running AppScan Enterprise.

With a SQL Server database, you can use a single service account or multiple service accounts, depending on how you decide to install.

File and folder permissions

The service account must have the following permissions on Drive:\\YourInstallFolder\HCL\product name\ and all of its subfolders:

Read and Execute
Write
Delete
Delete files and subfolders
Create files and subfolders

Note: These permissions enable the service account to write to the log files. They also enable the scan agents to write temp files, without which the scans would not function. The Configuration wizard creates these permissions for you - do not change them.

Local security policies

The service account must have permission to log on locally on the target machine so that it can impersonate the user's logon credentials. It also must have permission to log on as a service.

Registry permissions

The service account must have the following permissions:

Read and Execute
Write
Delete