Can't save old netsh http urlacl reservation

Question

I was experimenting with the settings on a server, and it gave this information from netsh http show urlacl:

Reserved URL            : http://+:47001/wsman/
    User: NT SERVICE\WinRM
        Listen: Yes
        Delegate: No
    User: NT SERVICE\Wecsvc
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;(redacted)((A;;GX;;;(redacted))

So clearly two user accounts registered for the same URL, right? But since deleting that reservation (I replaced it with NT AUTHORITY\NETWORK SERVICE which was recommended somewhere but not needed anymore as I fixed the real cause), I haven't been able to revert it back to these settings because netsh only appears to let you create a single user per reservation.

Is there some special syntax? Another way to set this thing up? I've read "do it as a group", but this doesn't look like it was originally a group right? And every other server is set like this... so there must be some way. What am I missing?

Thanks

Answer 1

Sorry, I figured it out.

The solution is that you can specify multiple groups using the SDDL (which I didn't know what it was, but it is short-hand for some authority settings plus a SID).

So I did a netsh http add urlacl url=http://+:47001/wsman/ sddl="D:(A;;GX;;;[redacted])(A;;GX;;;[redacted])"

And it finally restored the settings to what they were before. I should note you have to get that above syntax exactly right in order for it to accept it. Also there are some PowerShell commands you can use to translate a user account (like the ones above) to a SID if you need them.