locked
httpreserve for groups RRS feed

  • General discussion

  • I recently ran into a requirement to open http reservations on Vista for a group instead of just one user.  Either I am missing something or httpreserve doesn't work for groups or with SIDs.  Group reservations are useful in computer-lab settings.  Anyway, I thought I would share the netsh-based solution.  Apologies if this is a repeat, but a forum search didn't turn this info up...

     

    If you want to reserve a port for a group (domain or local), use the following commands in a command window that has been opened as administrator:

     

    Code Block
    netsh http add urlacl url=http://+:31079/ sddl=D:(A;;GX;;;insert SID here)

     

     

    In place of insert SID here, you can use any valid domain or local SID (a list of well known SIDs can be found here: http://support.microsoft.com/kb/243330) or you can use any one of a series of abbreviations, like NS for 'Network Service' or LS for 'Local Service' or BU for BUILTIN\Users or AU for Authenticated Users.

     

    So, for instance, if you want to open port 50000 for all locally defined users plus Network Service, you would use:

     

    Code Block
    netsh http add urlacl url=http://+:50000/ sddl=D:(A;;GX;;;BU)(A;;GX;;;NS)

     

     

    If you want to open up a port for domain users, the SID is S-1-5-domain-501 where you need to insert your domain SID in place of domain.

     

    You can list reservations (including those made with httpreserve) with

     

    netsh http show urlacl

     

    and you can delete reservations (including those made with httpreserve) with

     

    netsh http delete urlacl url=http://+:31079/

     

    Hope you find this useful.  For me, it was useful in opening up a shared computer to many different users of MSRS without requiring individual reservations.

     

    --Martin

     

    Thursday, November 22, 2007 8:50 AM

All replies

  • Thanks, Martin. I have added a link to our wiki [1]. Btw, the wiki is open to the community so feel free to add notes like this.

     

    Henrik

     

    [1] http://msdn2.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=msrs.hints

     

     

    Sunday, November 25, 2007 9:54 PM
  • I recently ran into a requirement to open http reservations on Vista for a group instead of just one user.  Either I am missing something or httpreserve doesn't work for groups video or with SIDs.  Group reservations are useful in computer-lab settings.  Anyway, I thought I would share the netsh-based solution.  Apologies if this is a repeat, but a forum search didn't turn this info up...

     

    If you want to reserve a port for a group (domain or local), use the following commands in a command window that has been opened as administrator:

     

    Code Block
    netsh http add urlacl url=http://+:31079/ sddl=D:(A;;GX;;;insert SID here)

     

     

     

    In place of insert SID here, you can use any valid domain or local SID (a list of well known SIDs can be found here: http://support.microsoft.com/kb/243330 ) or you can use any one of a series of abbreviations, like NS for 'Network Service' or LS for 'Local Service' or BU for BUILTIN\Users or AU for Authenticated Users.

     

    So, for instance, if you want to open port 50000 for all locally defined users plus Network Service, you would use:

     

    Code Block
    netsh http add urlacl url=http://+:50000/ sddl=D:(A;;GX;;;BU)(A;;GX;;;NS)

     

     

     

    If you want to open up a port for domain users, the SID is S-1-5-domain-501 where you need to insert your domain SID in place of domain.

     

    You can list reservations (including those made with httpreserve) with

     

    netsh http show urlacl

     

    and you can delete reservations (including those made with httpreserve) with

     

    netsh http delete urlacl url=http://+:31079/

     

    Hope you find this useful.  For me, it was useful in opening up a shared computer to many different users of MSRS without requiring individual reservations.

     

    --Martin

     


    I'm new to this, but I think maybe it is also useful in other ways.
    Sunday, July 4, 2010 2:37 AM