Care of HTTP.SYS, a kernel level HTTP protocol stack introduced in Windows XP/Server 2003, applications running with non-administrator credentials must have permission to accept incoming HTTP requests. The netsh command you quote above is asking Windows
to grant the specific user (ie TFS Deployer's service account) permission to listen for requests to the specified url (ie the url that TFS Deployer will listen on to receive notification that a build quality has been changed).
The url is completely arbitrary but sometime ago someone chose port 8881 and it has become a popular convention for TFS Deployer. The URL you choose simply must meet two requirements:
- The DNS name or IP address must be resolvable from the TFS server
- The port must not be blocked by local-machine or network firewalls between the TFS Server and the TFS Deployer machine
The chosen url is then specified in the TFS Deployer configuration file as the value for the BaseAddress setting and appropriate permissions are configured via netsh, typically replacing the host component of the url with a plus symbol*.
When TFS Deployer starts it begins listening at the BaseAddress url then it connects to the TFS server and basically says "Hi, I'd like to know about any changes to the build qualities, please let me know at this address ..." and passes the BaseAddress url
So, if 10.121.48.120 is the IP address of your TFS Deployer machine and port 8881 isn't blocked by any firewalls, and the TFS server can ping that IP then it is correct. Personally though, I prefer to use DNS name instead of IP addresses but it depends on