Register Url for none Admin Service User

 

To use HTTP.SYS for none administrator users, these must have the right this to do. The rights must be granted with the httpcfg tool (Support Tools for XP/2003). The tool must have two parameters for adding an urlacl

 

The Parameter –u specified the listen URI. It can be http or an https Scheme the “+” for the hostname means all IP addresses.

 

The Parameter –a specified in DACL (Part of SDDL) the rights of a specified URI

 

DACL

The DACL starts with a “D:” and then in parenthesis 6 tokens which defines one ACL.

 

D:(t1;t2;t3;t4;t5;t6)(t1;t2;t3;t4;t5;t6)(t1;t2;t3;t4;t5;t6)...

 

t1: ACE Type (A=Alowed/D=Denied)

t2: ACE Flags (can be empty)

t3: Permissions (GA=All;GW=Write;GX=Execute, is necessary to starts an listener)

t4: Object Type (can be empty)

t5: Inherited Object Type (can be empty)

t6: Trustee (contains a SID of an user or group or well-known SIDs (e.g. WD=Everyone)

 

Syntax SDDL

 

 

Examples:

 

Create Right to open listener for Everyone:

httpcfg set urlacl –u http://+:7777/ -a “D:(A;;GX;;;WD)”

 

Create Right to open listener for specified User:

httpcfg set urlacl –u http://+:7777/ -a “D:(A;;GX;;;S-3-5-21-1654004503-842923446-725354543-102)”

 

Show all urlacs on a system.

httpcfg query urlacl

 

Delete an urlacl on an system

httpcfg delete urlacl –u http://+7777/

 

There exists a GUI Tool which can be used to create urlacl and ssl rules for HTTP.SYS.

 


Posted Aug 02 2006, 09:36 AM by Rolf Nebhuth
developers.de is a .Net Community Blog powered by daenet GmbH.