Running WebInspect as Administrator

Running WebInspect as Windows Administrator is fine for most of our installations. However we have hired a contractor to perform some WebInspect scans and we have a corporate policy against allowing contractors to use Administrator accounts. Is there any documentation that exactly defines what admin privileges WebInspect requires? If so we might be able to setup a restricted admin account to allow the contractor to run WebInspect (or via a runas) but do little else. Thanks in advance.

Tags:

  • Verified Answer

    Unfortunately, we have not gotten any details from our development team other than Local Administrator rights are required to both install and to run WebInspect.  Browsing past KB articles, it appears that there could be issues with Macro Recording, Proxying, UI display, and other issues related to the WebInspect Root Certificate and also for the IE AppSec Plugin.  There are probably additional issues with running as a non-Admin account that have not yet surfaced.

    The Fortify System Requirements document for 4.30 (WebInspect 10.40), states the following:

    (Ref:  )

    Running as Administrator

    HP WebInspect requires administrative privileges for proper operation of all features. Refer to your Windows

    operating system documentation for instructions on changing the privilege level to run WebInspect as an

    administrator.