Can't save old netsh http urlacl reservation

StackOverflow https://stackoverflow.com/questions/14023147

Question

I was experimenting with the settings on a server, and it gave this information from netsh http show urlacl:

Reserved URL            : http://+:47001/wsman/
    User: NT SERVICE\WinRM
        Listen: Yes
        Delegate: No
    User: NT SERVICE\Wecsvc
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;(redacted)((A;;GX;;;(redacted))

So clearly two user accounts registered for the same URL, right? But since deleting that reservation (I replaced it with NT AUTHORITY\NETWORK SERVICE which was recommended somewhere but not needed anymore as I fixed the real cause), I haven't been able to revert it back to these settings because netsh only appears to let you create a single user per reservation.

Is there some special syntax? Another way to set this thing up? I've read "do it as a group", but this doesn't look like it was originally a group right? And every other server is set like this... so there must be some way. What am I missing?

Thanks

Was it helpful?

Solution

Sorry, I figured it out.

The solution is that you can specify multiple groups using the SDDL (which I didn't know what it was, but it is short-hand for some authority settings plus a SID).

So I did a netsh http add urlacl url=http://+:47001/wsman/ sddl="D:(A;;GX;;;[redacted])(A;;GX;;;[redacted])"

And it finally restored the settings to what they were before. I should note you have to get that above syntax exactly right in order for it to accept it. Also there are some PowerShell commands you can use to translate a user account (like the ones above) to a SID if you need them.

OTHER TIPS

As it might help someone else, I'd just like to add that in the above netsh command, you just need to replace [redacted] with the SID of the user you'd like to add. So for one user:

netsh http add urlacl url=http://+:47001/wsman/ sddl="D:(A;;GX;;;<SID>)"

and for two users...

netsh http add urlacl url=http://+:47001/wsman/ sddl="D:(A;;GX;;;<SID1>)(A;;GX;;;<SID2>)"

etc...

These commands will grant GenericExecute access to the user accounts specified by the SIDs.

To Add/Remove URL using command first run cmd as Administrator

To Add a URL : netsh http add urlacl url=http://192.168.1.143:9608/ user=everyone replace 190.168.1.143 with your local ip address and replace 9608 to by your local port.

To remove already exist URL: netsh http delete urlacl url=http://192.168.1.1.143:9608

The final step is to configure Windows Firewall to permit external traffic on port: netsh advfirewall firewall add rule name="IISExpressXamarin" dir=in protocol=tcp localport=9608 profile=private remoteip=localsubnet action=allow

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top