http://developers.de/blogs/rolf_nebhuth/archive/2006/08/02/902.aspx
To use HTTP.SYS for none administrator users, these must have the right this to do.(非管理员用户没有权利访问) The rights must be granted with the httpcfg tool (Support Tools for XP/2003). The tool must have two parameters for adding an urlacl
The Parameter –u specified the listen URI. It can be http or an https Scheme the “+” for the hostname means all IP addresses.
The Parameter –a specified in DACL (Part of SDDL) the rights of a specified URI
DACL
The DACL starts with a “D:” and then in parenthesis 6 tokens which defines one ACL.
D:(t1;t2;t3;t4;t5;t6)(t1;t2;t3;t4;t5;t6)(t1;t2;t3;t4;t5;t6)...
t1: ACE Type (A=Alowed/D=Denied)
t2: ACE Flags (can be empty)
t3: Permissions (GA=All;GW=Write;GX=Execute, is necessary to starts an listener)
t4: Object Type (can be empty)
t5: Inherited Object Type (can be empty)
t6: Trustee (contains a SID of an user or group or well-known SIDs (e.g. WD=Everyone)
Examples:
Create Right to open listener for Everyone:
httpcfg set urlacl –u http://+:7777/ -a “D:(A;;GX;;;WD)”
Create Right to open listener for specified User:
httpcfg set urlacl –u http://+:7777/ -a “D:(A;;GX;;;S-3-5-21-1654004503-842923446-725354543-102)”
Show all urlacs on a system.
httpcfg query urlacl
Delete an urlacl on an system
httpcfg delete urlacl –u http://+7777/
There exists a GUI Tool which can be used to create urlacl and ssl rules for HTTP.SYS.