the packages to download. So I think the most restricive would need to be authenticated users with 'read' and 'list' access. That way you would need to be in an authenticated (domain) session to read the packages. If you have IIS, typically anonymous user would be enabled, but if you have authenticated user combined with Windows Authentication in IIS that should be good enough.

Peter,

This is quite simple

Case 1 you are downloading packages to the client and then execute

Step 1 - Open NS 6.5 Console 
               Go to Configure -> Agents -> Global Settings
               Open the Authentication tab
               Select "Use These Credentials
               Enter a username and password that you want to use (The account does not have to exist)
 

Step 2 - Go to Configure -> Package Servers -> Package Servers Setup
               Open the Settings tab
               Deselect "Allow anonymous access to package codebases"
               Select "Create the Agent Connectivity Credential on Package Servers

Case 2 you are executing packages from the package server

Step 1 - Create your Package to run under a domain account with admin rights
               Programs tab
               Run with right:Specified user
               Enter the Domain username and password of the domain account you want to use.
Step 2 - On your package server open the registry editor
               Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Package Server
               Create a new DWORD named "EnableDACLManagement" with a value of "0"
               Restart the package Server
Step 3 - Reset all security on your "Package Delivery" share and setup your security the way you like.
               Don't forget to allow the account entered in step 1 read access
               Don't forget to allow the Altiris Service Account Full Controll access (Modify should work but i have not tried it)

Regards,
Dennis