There is a McAfee KB67914, titled "Which account must be used to scan Microsoft Windows Server 2008 using Foundstone/Vulnerability Manager?" This KB lists some configurational changes required for targets. I want to know that are these mandatory? Are these always applicable or do we have to first test them out to be sure?
The changes are not mandatory, however not providing the appropriate level of access might not yield complete vulnerability results.
Yes, it's always a good idea to test the changes before you roll them out to other systems.
I hope that helps!