netwrix · brandonwest-netwrix · May 29, 2026 · Jun 1, 2026 · Jun 1, 2026 · Jun 1, 2026
diff --git a/.gitignore b/.gitignore
@@ -15,6 +15,8 @@
 build
 claude_logs
 packages
+package.json
+package-lock.json
 
 # Copied KB content (generated by scripts/copy-kb-to-versions.js)
 docs/*/kb/**

@@ -0,0 +1,10 @@
+{
+  "label": "FSAA: Applet Settings",
+  "position": 30,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "appletsettings"
+  }
+}
@@ -6,7 +6,7 @@ sidebar_position: 30
 
 # FSAA: Applet Settings
 
-The Applet Settings page configures how the File System Access Audit (FSAA) applet is launched and how it behaves during a scan. It is a wizard page for the categories of:
+The Applet Settings page configures how the File System Access Audit (FSAA) applet launches and how it behaves during a scan. This wizard page applies to these scan categories:
 
 - File System Access/Permission Auditing Scan
 - File System Activity Scan
@@ -129,7 +129,7 @@ In the Certificate Exchange Options section, configure the following options:
 - Port – Select the checkbox to specify the port number for certificate exchange. The Default port
   number is 8767.
 
-- Enable SPN mapping – Provide a custom Service Principal Name (SPN) per applet host when the automatically generated SPN isn't valid (for example, when the applet host sits behind a proxy). See the [FSAA: SPN Mapping](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/spnmapping.md) topic for additional information.
+- Enable SPN mapping – Provide a custom Service Principal Name (SPN) per applet host when the automatically generated SPN isn't valid (for example, when the applet host sits behind a proxy). See the [FSAA: SPN Mapping](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/spnmapping.md) topic for additional information.
 
 See the
 [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md)

@@ -1,7 +1,7 @@
 ---
 title: "Configuring Custom SPN Mapping for Applet Hosts"
 description: "FSAA: SPN Mapping"
-sidebar_position: 31
+sidebar_position: 20
 ---
 
 # Configuring Custom SPN Mapping for Applet Hosts

@@ -11,7 +11,7 @@ use the `FSAACertificateManager.exe` tool. The `FSAACertificateManager.exe` tool
 `StealthAUDIT\PrivateAssemblies\FILESYSTEMACCESS\Applet` directory. All commands in the tool are
 case-sensitive.
 
-Follow the steps to use the tool to create and store the required certificates.
+## Create and store the required certificates
 
 :::note
 In these steps, some commands need to be run on the Enterprise Auditor console and some on
@@ -22,16 +22,16 @@ the Proxy host. In the provided example commands:
 - All files that are generated by the Certificate Manager or copied to the Enterprise Auditor
   console are placed in the
   `%SAInstallDir%\PrivateAssemblies\FILESYSTEMACCESS\Applet\My Certificates` directory. This folder
-  is created by the tool if it does not already exist.
+  is created by the tool if it doesn't already exist.
 - When operating on the proxy host, files are placed into the root of the **FSAA** folder
 
 :::tip
 Remember, all commands in the `FSAACertificateManager.exe` tool are case-sensitive.
 :::
 
 
-**Step 1 –** Create a Certificate Authority (CA). The CA is a self signed certificate that will be
-used to sign the client and server certificates. On the Enterprise Auditor console, run the
+**Step 1 –** Create a Certificate Authority (CA). The CA is a self-signed certificate that signs
+the client and server certificates. On the Enterprise Auditor console, run the
 following command:
 
 ```
@@ -97,7 +97,7 @@ Successfully added FSAA_Client_Auth to Client
 the following command:
 
 :::note
-This conversion to a CER file is necessary so that the private key of the CA is not
+This conversion to a CER file is necessary so that the private key of the CA isn't
 shared.
 :::
 
@@ -113,11 +113,11 @@ Successfully wrote CER certificate to .\My Certificates\MyFSAACA.cer
 ```
 
 **Step 6 –** Copy `FSAACertficateManager.exe` and the CA CER file (`.\My Certificates\MyFSAACA.cer`)
-to the proxy host that will be running `FSAAAppletServer.exe`. These files must be copied to the
-same directory.
+to the proxy host that will be running `FSAAAppletServer.exe`. Place both files in the same
+directory.
 
 :::note
-These copied files will be deleted from the destination directory later in Step 12.
+You will delete these copied files from the destination directory later in Step 12.
 :::
 
 
@@ -186,13 +186,13 @@ Successfully added FSAA_Server_Auth to Server
 
 **Step 11 –** Repeat Steps 6-10 for each proxy host.
 
-**Step 12 –** Delete all the PFX, CER, and Key files that were generated or copied in the above
+**Step 12 –** Delete all the PFX, CER, and Key files that were generated or copied in the earlier
 steps from the output locations.
 
 All of the required FSAA certificates have been stored in the FSAA managed certificate stores. The
 FSAA queries need to be configured to use the **Manual** certificate exchange option. This option
 can be found under Applet Settings in the FSAA Data Collector Wizard. See the
-[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md)
+[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md)
 topic for additional information.
 
 For additional information on how to use the `FSAACertificateManager.exe` tool, run the

@@ -33,16 +33,15 @@ topic for additional information.
 **Sensitive Data Discovery Considerations**
 
 The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server,
-which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it
-will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2
+which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, you
+must increase the minimum amount of RAM. Each thread requires a minimum of 2
 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads.
 For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads,
 then an extra 32 GB of RAM are required (8x2x2=32).
 
 :::tip
-Remember, if employing either of the File System Proxy Mode as a Service scan mode options, it is
-also necessary for the Sensitive Data Discovery Add-on to be installed on the server where the proxy
-service is installed.
+Remember, if employing either of the File System Proxy Mode as a Service scan mode options, you must
+also install the Sensitive Data Discovery Add-on on the server where the proxy service is installed.
 :::
 
 
@@ -52,7 +51,7 @@ The FSAA Data Collector is configured through the File System Access Auditor Dat
 The wizard contains the following pages, which change based up on the query category selected:
 
 - [FSAA: Query Selection](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/queryselection.md)
-- [FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md)
+- [FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md)
 - [FSAA: Scan Server Selection](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scanserverselection.md)
 - [FSAA: Scan Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md)
 - [FSAA: Azure Tenant Mapping](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/azuretenantmapping.md)

@@ -6,23 +6,22 @@ sidebar_position: 140
 
 # FSAA: FSAA Update Service Setting
 
-The FSAA Update Service Setting page is where the File System Proxy Service can be automatically
-updated on hosts where the service has already been installed. It requires the File System Proxy
-Service to be v8.0 or later prior to using this feature. It is a wizard page for the category of
-Update Proxy Service.
+Use the FSAA Update Service Setting page to automatically update the File System Proxy Service on
+hosts where the service is already installed. This page requires the File System Proxy Service to be
+v8.0 or later. This wizard page applies to the Update Proxy Service category.
 
 ![FSAA Data Collector Wizard FSAA Update Service Setting page](/images/accessanalyzer/11.6/admin/datacollector/fsaa/updateservice.webp)
 
 Configure the settings for the targeted File System Proxy Service:
 
 - Port number – The default port number is 8766
-- Applet communication timeout: [number] minute(s) – This option determines the length of time (in
+- Applet communication timeout: [number] minutes – This option determines the length of time (in
   minutes) the Enterprise Auditor Console attempts to reach the proxy before giving up. Depending on
   the job configuration, the data collector behaves in one of three ways after the timeout value has
   been exceeded.
-- Scan cancellation timeout: [number] minute(s) – When selected, this option will timeout the applet
-  if there is an attempt to pause the scan and the applet does not respond
+- Scan cancellation timeout: [number] minutes – When selected, this option will timeout the applet
+  if there is an attempt to pause the scan and the applet doesn't respond
 
 See the
-[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md)
+[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md)
 topic for additional information.
@@ -8,10 +8,10 @@ sidebar_position: 10
 
 When File System scans are run in proxy mode as a service, there are two methods available for deploying the service:
 
-* Pre-Installed File System Proxy Service – File System Proxy Service installation package must be installed on the Windows proxy servers prior to executing the scans. This is the recommended method.
+* Pre-Installed File System Proxy Service – File System Proxy Service installation package must be installed on the Windows proxy servers before executing the scans. This is the recommended method.
 * Ad Hoc File System Proxy Service Deployment – File System Proxy Service is installed on the Windows proxy server when the job is executed
 
-The data collection processing is conducted by the proxy server where the service is running and leverages a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server.
+The proxy server where the service runs conducts data collection processing and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server.
 
 
 **File System Proxy Service Credentials**
@@ -26,20 +26,20 @@ Additionally, the credential must have `WRITE` access to the `…\StealthAUDIT\F
 
 **Sensitive Data Discovery Auditing Consideration**
 
-Sensitive Data Discovery Auditing scans require .NET Framework 4.7.2 or later. If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32).
+Sensitive Data Discovery Auditing scans require .NET Framework 4.7.2 or later. If running Sensitive Data Discovery (SDD) scans, you must increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32).
 
 **Secure Proxy Communication Considerations**
 
 For secure proxy communication via https, a credential is supplied during installation to provide
 secure communications between the Access Analyzer server and the proxy server. This credential must
-be a domain account, but no additional permissions are required. It is recommended to use the same
-domain account configured to run the proxy service as a credential in the Connection Profile to be
-used by the File System Solution
+be a domain account, but no additional permissions are required. Use the same domain account
+configured to run the proxy service as the credential in the Connection Profile that the File
+System Solution uses.
 
 **Secure Proxy Communication and Certificate Exchange**
 
 For Proxy Mode as a Service Scans, the certificate exchange mechanism and certificate exchange port
-must be configured via the File System Access Auditing Data Collector Wizard prior to executing a
+must be configured via the File System Access Auditing Data Collector Wizard before executing a
 scan. See the
 [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md)
 topic for additional information.
@@ -54,26 +54,26 @@ rule information.
 - Target Access (Proxy ↔ Targets): Connection Profile Account
 
 :::note
-If the service is deployed by the File System Scan job (as opposed to manually installed), the account used by the connection profile will be used to run the FSAA Proxy Service unless Run service as Local System is checked on the Applet Settings page of the job query. Alternatively, a credential added to the connection profile using either Task (Local) or Task (Domain) can be used to run the service.
+If the service is deployed by the File System Scan job (as opposed to manually installed), the account used by the connection profile will be used to run the FSAA Proxy Service unless Run service as Local System is checked on the Applet Settings page of the job query. Alternatively, you can add a credential to the connection profile using either Task (Local) or Task (Domain) to run the service.
 
-If the target host resides in a different domain than the proxy server and there is no trust relationship between the two domains, a task credential for the proxy domain is required to be stacked with the credential for scanning the target file system.
+If the target host resides in a different domain than the proxy server and there is no trust relationship between the two domains, you must stack a task credential for the proxy domain with the credential for scanning the target file system.
 
 For example: Scanning Configuration: NAA Console [Domain A] → Proxy Server [Domain A] → File Server [Domain B] Connection Profile:
 
 Active Directory Account | Domain B\Credentials
 Task (Domain) | Domain A\Credentials
 :::
 
-## How do I determine if I’m using Proxy Mode with Service scanning?
+## Verify Proxy Mode with Service scanning
 
-The best way to verify if you’re using Proxy Mode with Service scanning is via the FSAA Data Collector Query Settings::
+To verify Proxy Mode with Service scanning, check the FSAA Data Collector Query Settings:
 
 ### Pre-Install File System Proxy Service
-1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: Require applet to be running as a service on target
+1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: Require applet to be running as a service on target
 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List”
 
 **_OR_**
 
 ### Deploy Service on Scan
-1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: Windows Service
+1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: Windows Service
 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List”
@@ -6,9 +6,9 @@ sidebar_position: 10
 
 # Proxy Mode with Applet Permissions
 
-When File System scans are run in proxy mode with applet, it means the File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The data collection processing is initiated by the proxy server where the applet is deployed and leverages a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server.
+When File System scans are run in proxy mode with applet, it means the File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The proxy server where the applet is deployed initiates data collection processing and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server.
 
-Configure the credential(s) with the following rights on the proxy server(s):
+Configure the credentials with the following rights on the proxy servers:
 
 - Group membership in the local Administrators group
 - Granted the Backup files and directories local policy privilege
@@ -24,8 +24,8 @@ the applet.
 
 
 :::warning
-The local policy, “Network access: Do not allow storage of passwords and credentials
-for network authentication” must be disabled in order for the applet to start.
+The local policy, “Network access: Don't allow storage of passwords and credentials
+for network authentication” must be disabled for the applet to start.
 :::
 
 
@@ -40,7 +40,7 @@ information.
 **Secure Proxy Communication Considerations**
 
 For Proxy Mode with Applet scans, the certificate exchange mechanism and certificate exchange port
-must be configured via the File System Access Auditing Data Collector Wizard prior to executing a
+must be configured via the File System Access Auditing Data Collector Wizard before executing a
 scan. See the
 [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md)
 topic for additional information.
@@ -56,8 +56,8 @@ By default, the Applet will run as the connection profile account unless an addi
 
 The account used in the connection profile associated with the File System scan jobs, should have the appropriate permissions required to access the target host. See the [File System Supported Platforms](https://docs.netwrix.com/docs/accessanalyzer/11_6/requirements/filesystem/filesystems/) page for specific requirements per target file system.
 
-## **How do I determine if I’m using Proxy Mode with Applet scanning?**
+## Verify Proxy Mode with Applet scanning
 
-The best way to verify if you’re using Proxy Mode with Applet scanning is via the FSAA Data Collector Query Settings below:
-1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: MSTask Task Scheduler
+To verify Proxy Mode with Applet scanning, check the following FSAA Data Collector Query Settings:
+1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: MSTask Task Scheduler
 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List”