I was doing some Windows Communication Foundation development today and finally grew tried of receiving AddressAccessDeniedException when running my service host as a non-Administrator.

When you hit this exception, Visual Studio 2005 is kind enough to point you to Configuring HTTP and HTTPS on MSDN. If you read close enough, you'll find the nugget that includes the updated syntax when using Windows Vista buried as two lines:

If you are running on Windows Vista, you can use the Netsh.exe tool instead. The following shows an example of using this command.

netsh http add urlacl url=http://+:80/MyUri user=DOMAIN\user

The much improved netsh.exe on Vista incorporates the features previously found in httpcfg.exe. Furthermore, where httpcfg.exe really sucked, netsh really shines. Consider that httpcfg.exe required you to be familiar not only with the obtuse SDDL string format, but you also had to uncover the SID for the account to which you wanted to grant permissions:

httpcfg add urlacl url=http://+:80/MyUri /a D:(A;;GX;;;S-1-5-21-1144070942-1563683482-3278297161-1114)

Not the most friendly command line in the world. Dominick Baier has a nice utility, HttpCfgAcl.zip, that will spit out the necessary SDDL with the included SID. But true joy is found with netsh in Windows Vista. The same URL ACL entered above with httpcfg.exe is expressed much more cleanly via netsh.exe as:

netsh http add urlacl url=http://+:80/MyUri user=Kevin

No more messy SDDL. No having to translate account names to SIDs. Just a nice clean syntax netsh.exe syntax.

This just barely scratches the surface of what you can accomplish with netsh. Also check out Scott's article on using netsh as a better ipconfig.