DP Package Share IIS Permissions

At the time of this writing, an issue has been identified when attempting to use 2PXE Server on a Configuration Manager distribution point. It appears that a recent Configuration Manager update has modified IIS permissions for a CM distribution point package share which disables anonymous access. This causes an issue when a PXE booting client attempts to access a boot image.

This can be resolved by modifying the authentication settings for the CM package share IIS app manually:

Unfortunately, the the setting may be reverted during any future CM update, so it is recommended to create a scheduled task on the 2PXE server to reset the permissions. The following PowerShell command can be ran to set the correct authentication settings:

c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS_Anonymous.log -value ('[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"

Note: The above command will log the result to %WINDIR%\Temp\IIS_Anonymous.log

If creating a scheduled task, the task should be configured on a recurring schedule, and using the following Action details: Action: Start a program Settings: Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add arguments: -noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS_Anonymous.log -value ('[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"