# DP Package Share IIS Permissions

At the time of this writing, an issue has been identified when attempting to use 2PXE Server on a Configuration Manager distribution point. It appears that a recent Configuration Manager update has modified IIS permissions for a CM distribution point package share which disables anonymous access. This causes an issue when a PXE booting client attempts to access a boot image. 

This can be resolved by modifying the authentication settings for the CM package share IIS app manually:

<figure><img src="https://content.gitbook.com/content/5nkrKH5nKL8LvEgvw7HO/blobs/bvvsBEHw2k4ZbP55mN0a/2PXE-IISAnonPerms.jpg" alt=""><figcaption></figcaption></figure>

Unfortunately, the the setting may be reverted during any future CM update, so it is recommended to create a scheduled task on the 2PXE server to reset the permissions. The following PowerShell command can be ran to set the correct authentication settings:

```
c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS_DP_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS_Anonymous.log -value ('[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"
```

> Note: The above command will log the result to %WINDIR%\Temp\IIS\_Anonymous.log

If creating a scheduled task, the task should be configured on a recurring schedule, and using the following Action details:\
Action: **Start a program**\
Settings:\
Program/script: **C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe**\
Add arguments: **-noprofile -command "&{$webappvalue = (Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS\_DP\_SMSPKG$' -Name Enabled).Value; if (!$webappvalue) {Set-WebConfigurationProperty -Filter /system.webServer/security/authentication/anonymousAuthentication -Location 'Default Web Site/SMS\_DP\_SMSPKG$' -Name Enabled -Value 'True'; Add-Content $ENV:Windir\Temp\IIS\_Anonymous.log -value ('\[{0:yyyy-MM-dd} {0:HH:mm:ss}] {1}' -f (Get-Date), 'Anonymous Authentication is Disabled. Enabling')}}"**

<figure><img src="https://content.gitbook.com/content/5nkrKH5nKL8LvEgvw7HO/blobs/P5UuxAVUuTFywaAm9UZO/2PXE-IISAnonSchedTask.jpg" alt=""><figcaption></figcaption></figure>

<br>