Setting MSMQ permissions for a private queue created by a different user

A

5

23

The person who was previously using my PC at work set up a private MSMQ that I need to access. They have since left the bank but the permissions remain and I can't access the queue or give myself edit permission to remove the restriction.

I am an admin on this machine now so I'm assuming there's some way for me to change things..Been searching high and low but most of what I find is related to doing things through scripts.

Any help appreciated,

thanks

Antilogy answered 5/1, 2011 at 12:2 Comment(0)

A

22

Right click on Your Queue -> Properties -> Security -> Goto Advanced and modify permission for groups.

Acetylate answered 5/1, 2011 at 12:12 Comment(2)

I couldn't Apply anything so I didn't think to go to Advanced settings! Turns out I just had to grab ownership of the queue, thanks! – Antilogy 5/1, 2011 at 12:18

Whenever I tried to apply any of the changes I'd made it would say I didn't have permission to make the changes, that's all. Changing the ownership over to me solved the issue. – Antilogy 5/1, 2011 at 13:29

W

43

And for a manual process if all else fails:

Stop the MSMQ Service (Services -> Message Queuing)
Open the C:\WINDOWS\system32\msmq\storage\lqs folder
Find the config file in this folder that describes a queue that has "good" security permissions. You will need to open each file in turn with a text editor to determine which queue it relates to.
Once you have the correct file open, locate the line in the file that begins Security=....
Copy the whole line to your clipboard (watch out for Word Wrap, this line will be quite long)
Find the config file in this folder that describes your problem queue
Open this file in a text editor.
Overwrite the Security=... line in this file with the contents of your clipboard
Save the modified file
Start the MSMQ service; new permissions will be picked up.

Cheers

John Breakwell

Waldowaldon answered 5/1, 2011 at 12:21 Comment(5)

I saw this solution elsewhere, but my ...\lqs folder just has a bunch of files with long digit names and digit/letter extensions and I didn't want to start messing with things I didn't understand. Perhaps something on my PC is configured differently so I can't use this method? – Antilogy 5/1, 2011 at 13:27

The file names are the way they are for quick lookups by MSMQ. You just need to find the text file that contains the name of the queue you want. (See support.microsoft.com/kb/174307) – Waldowaldon 28/1, 2011 at 3:0

If you have not any queue that has "good" security permissions, then just create a new queue with required security permissions. And follow @JohnBreakwell Breakwell's steps with this new queue. Note: Do not forget delete that your new dummy queue when you finish. :) – Combative 5/8, 2014 at 9:48

Hello, John from 2011! I am from more than eight years into the future, and would just like you to know that at this point, you are stille helping people! Thank you so much! – Sherrell 28/1, 2019 at 9:13

I was I wasn't upvoting this answer 10 years after it was first provided. – Carpi 13/1, 2021 at 22:14

A

22

Right click on Your Queue -> Properties -> Security -> Goto Advanced and modify permission for groups.

Acetylate answered 5/1, 2011 at 12:12 Comment(2)

I couldn't Apply anything so I didn't think to go to Advanced settings! Turns out I just had to grab ownership of the queue, thanks! – Antilogy 5/1, 2011 at 12:18

Whenever I tried to apply any of the changes I'd made it would say I didn't have permission to make the changes, that's all. Changing the ownership over to me solved the issue. – Antilogy 5/1, 2011 at 13:29

A

9

First, change the ownership of the queue to the Administrators group; then assign yourself the permissions you need.

Aurea answered 20/1, 2015 at 20:17 Comment(4)

I don't get why this answer is getting downvoted. Based on the op's comments to the accepted answer, this is basically what he did to resolve his problem. – Hagar 25/1, 2017 at 23:8

@Hagar It is four years late, and does add nothing over the existing answers from four years ago. – Jere 27/1, 2017 at 7:57

I don't get how it's "late" considering the steps listed are still completely relevant. And it does add something over the answers, in that it specifies changing the ownership. Neither of the other answers mentioned that. The accepted answer won't work in most cases if you're not the owner (and in fact, as mentioned by the OP in a comment, he did have to change ownership first to get that answer to work), and this could be simpler than the manual method provided by John Breakwell, for people that are able to change ownership. – Hagar 27/1, 2017 at 20:19

My post was a 'last resort' method. – Waldowaldon 5/11, 2017 at 2:18

P

2

The easiest approach to allow modifying permissions from the user which didn't allow do this is to run PowerShell as Administrator and run the command:

Get-MsmqQueue -Name "MyQueue" -QueueType Private | 
  Set-MsmqQueueAcl -UserName "Everyone" -Allow FullControl

This will allow you to edit permissions in the Windows user interface.

Pissed answered 15/11, 2019 at 17:35 Comment(0)

S

0

The previously mentioned solution to use Set-MsmqQueueAcl stopped to work after a recent Microsoft update.

An alternative code could be found here:

https://github.com/gavacho/System.Messaging.MessageQueue.SetOwner/blob/master/System.Messaging.MessageQueue.SetOwner.cs

This alternative way is not trying to write the Acl, but simply takes ownership. It is similar to using advanced security settings the change the owner. Acl can be changed when having ownership.

Studer answered 7/6, 2024 at 9:40 Comment(0)

Recommended topics

Hot tags