question

mdautomation avatar image
0 Votes"
mdautomation asked saldana-msft edited

Authentication during boot image download from RemoteInstall folder

Hi,

I am unable to find a good doc where it explains how a computer downloads boot image in WinPE phase from RemoteInstall folder.
Which account does it use to access RemoteInstall folder?

I see Authenticated Users have been given Read access to RemoteInstall folder. Is it really needed?


mem-cm-generalmem-cm-osd
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Jason-MSFT avatar image
1 Vote"
Jason-MSFT answered Jason-MSFT commented

During PXE, this is handled by the overall PXE process and this is specifically handled using TFTP for which there is no authentication supported. As far as ACLs on the RemoteInstall folder, I can't say I know the details but changing the default would be conisdered unsupported although I image that local System is required is as this is the account used to run the WDS service.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mdautomation avatar image mdautomation ·

Thanks @Jason-MSFT for your reply.
I am unable to understand how a share can be accessed using TFTP without authentication. Is there any document around this?

0 Votes 0 ·
Jason-MSFT avatar image Jason-MSFT mdautomation ·

It's not a share or at least the share isn't used in this context. The WDS service accesses the content on behalf of the requestor and sends it via TFTP to that requestor which is why the account used to run the WDS service is used.

0 Votes 0 ·