DS7.5 (Unsupported) How to enable Anonymous Access for capturing images to a Site Server
Last Updated January 10, 2014
There are a number of scenarios where access for capturing an image on a site server may be restricted due to rights problems. There are even some rights issues that may cause the DSPS site components to not install correctly (known issue on Windows 7 site servers for instance, in the GA release).
This article discusses how to "force" these issues to the sidelines and allow capturing images via anonymous access. These will work on any supported DSPS site server.
NIOTE: To make these changes constitutes a relatively significantly security risk because we're opening anonymous access to the altris folder and in IIS. Therefore, it is not recommended or supported by Symantec.
The following steps assume you have a fully functioning Package Server already configured.
Add the Altiris App ID and IUSR account to the Altiris Agent folder in the file system (generally undre Progam Files) with full rights to the folder tree. This is needed for creating the images, and for running the installer under Windows 7.
In IIS, if there is not already an Altiris\PS\Deployment, then re-run the DSPS component installation to create this sub folder under PS.
Modify DCom settings:
Under Control Panel | Administrative Tools, go into Component Services.
Expand to Computers | My Computer | DCom Config
Scroll down to UTIL Class and go to the Properties for this class.
Modify the 3 items under Security to use "Custom" and add both IUSR and the App ID account to have full permissions on all 3.
In IIS, modify several security settings:
(may not be required) Highlight the Altiris/PS/Deployment application and select Basic Settings at the right. Under Connect As, add the App ID with password.
Again highlight the Altiris/PS/Deployment application, and select Authentication. Enable Anonymous access.
If you run the following (on the site server in a browser window), you'll find out if security is now passing through correctly (you should NOT be prompted for credentials):
Browsing to the Package Delivery folder under the Altiris Agent will show a new folder with the name of the GUID in this request if this works (you can try over and over by changing the last digits of the GUID). If security is not open yet, you'll get an "Invalid XML" response in the browser window and a slew of instructions on how to fix it. That message is, again, false. If it works, you'll get about 1-3 lines of valid XML and you'll see the new folder.
Finally, try to capture an image. It should now work. Again, this is NOT a supported scenario!
Imported Document ID: HOWTO95016
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe