Configuration Manager Permissions

Distribution Point Package Share IIS Permissions

Please see this link which addresses a recent IIS permission issue which can result in access denied errors when a client attempts to download a boot image.

Allowing Access to the Configuration Manager SQL Database

2PXE uses SQL as the fastest way to retrieve boot actions for a system. Add the service account (default the machine account of the Distribution Point) to the ConfigMgr_DViewAccess local group on the Configuration Manager Site Server. Members in this group have the required access for using distributed views against the Configuration Manager database. The account only requires read rights and can be further locked down if necessary.

Security without Configuration Manager

If you are not using Configuration Manager then the only security related issue is to ensure that the boot URL returned from the PowerShell command is accessible with anonymous security or by using an ACL and the iPXE Network Access Account.