# Permissions

## Configuration Manager Permissions

### Distribution Point Package Share IIS Permissions

Please see [this link](/2pxe-server/troubleshooting/dp-package-share-iis-permissions.md) which addresses a recent IIS permission issue which can result in access denied errors when a client attempts to download a boot image.

### **Allowing Access to the Configuration Manager SQL Database**

2PXE uses SQL as the fastest way to retrieve boot actions for a system. Add the service account (default the machine account of the Distribution Point) to the *ConfigMgr\_DViewAccess* local group on the Configuration Manager Site Server. Members in this group have the required access for using distributed views against the Configuration Manager database. The account only requires read rights and can be further locked down if necessary.

{% hint style="info" %}
Note: Make sure the 2PXE server can reach the Configuration Manager database server by ensuring the necessary firewall ports are open. This is typically port 1433, however, it is configurable per the Microsoft Configuration Manager documentation.
{% endhint %}

{% embed url="<https://files.gitbook.com/v0/b/gitbook-legacy-files/o/assets%2F2pint-doco%2F-LlHsjkqncdI9e2xyU2d%2F-LlIDfw_FAHy67Kf4n0m%2F12.png?alt=media&generation=1564764471578337>" %}

## Security without Configuration Manager

If you are not using Configuration Manager then the only security related issue is to ensure that the boot URL returned from the PowerShell command is accessible with anonymous security or by using an ACL and the iPXE Network Access Account.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.2pintsoftware.com/2pxe-server/planning/permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.