Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

How can we improve Configuration Manager?

← Ideas

Remove dependency on default document in IIS configuration

A common security vulnerability exists in the default IIS configuration when SCCM is installed. Having the default documents (eg iisstart.htm) can aide a malicious actor in discovery https://www.rapid7.com/db/vulnerabilities/http-iis-default-install-page

IF the default document is removed, Workgroup clients are unable to communicate with SCCM. The default document should not be a dependency on SCCM, or on workgroup clients ability to connect.

Symptoms: Clients not joined to the domain can not connect to an SCCM server
Client Location log shows http 403 errors
Error sending HEAD request. HTTP code 403, status 'Forbidden' ClientLocation
Text=CCMEBADHTTPSTATUS_CODE ClientLocation

Workaround:
Adding a default document to the IIS site is a workaround, but potential security risk

7 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Jay shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Pavel Yurenev commented  ·   ·  Flag as inappropriate

    Note that here IIS is configured, and a user (or admin) should be aware of it.
    So Rapid7 motivation doesn't qualify here.

Ideas: Site deployment and infrastructure

Categories

Feedback and Knowledge Base

(thinking…)