修改IIS默认配置以允许SCCM后台传输某种扩展名的文件

Configure requestFiltering for IIS on distribution points

The following information applies when you use distribution points that are enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS.
By default, IIS blocks several file extensions and folder locations. If package source files contain extensions that are blocked in IIS, you must configure the requestFiltering section in the applicationHost.config file on a distribution points that is enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS.
For example, you might have source files for a software deployment that include a folder named bin, or that contain a file with the .mdb file extension. By default, IIS request filtering blocks access to these elements. When you use the default IIS configuration on a distribution point, clients that use BITS fail to download this software deployment from the distribution point. In this scenario, the clients indicate that they are waiting for content. To enable the clients to download this content by using BITS, on each applicable distribution point, edit the requestFiltering section of the applicationHost.config file to allow access to the files and folders in the software deployment.


Important
When you enable WebDAV and modify the requestFiltering section of the applicationHost.config file for the Web site, this increases the attack surface of the computer. Enable WebDAV only when required for management points and distribution points that are enabled forAllow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS. If you enable WebDAV on the default Web site, it is enabled for all applications that use the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.
Use the following procedure to modify requestFiltering for Windows Server 2008 and Windows Server 2008 R2.
Open the applicationHost.config file located in the %Windir%\System32\Inetsrv\Config\ directory on distribution points that are enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS.
Search for the <requestFiltering> section.
Determine the file name extensions and folder names that you will have in the packages on that distribution point. For each extension and folder name that you require, perform the following steps: If it is listed as a fileExtension element, set the value for allowed to true.
For example, if your package contains a file with an .mdb extension, change the line true to allowed<add fileExtension=".mdb" allowed="false" /> to <add fileExtension=".mdb" allowed="true" />.
Allow only the file name extensions required for your packages.
If it is listed as a <hiddenSegments> element, delete the entry that matches the file name extension or folder name from the file.
For example, if your package contains a folder with the label of bin, remove the line <add segment=”bin” /> from the file.

Save and close the applicationHost.config file.