I am trying to programmatically create several Message Queues on a Windows 2003x64/2008R2 Server.
When a Queue is created, Windows automatically applies default permissions to the Queue.
For MSMQ 4, the following users are added by default
When I set the permissions for a queue using MessageQueue.SetPermissions(), the specified AccessControlList is only appended to the default security permissions.
Is there any way the default permissions can be removed or overwritten? In this MSDN Article at the bottom, it states that
You can't, though, customise the defaults as they are hard-coded.
I know that the settings of a queue are persisted in a file, located in C:\Windows\System32\msmq\storage\lqs. In this file there's a Security property that represents the permissions for the queue. Might editing this key be an option? Doing this, however, seems kind of odd to me.
I'm looking for a proper way to specify my own AccessControlList that overwrites the default security permissions of a queue. Either when it's being created, or afterwards.
Any help is appreciated,
Thanks.
If you can't remove or revoke permissions to those default groups you can always try to deny rights to them. Deny takes precedence over allow. This code works:
MessageQueue queue = new MessageQueue(".\\Private$\\QueueName");
queue.SetPermissions("Everyone", MessageQueueAccessRights.ReceiveMessage,
AccessControlEntryType.Deny);
Revoking permissions (AccessControlEntryType.Revoke) should also work though. Maybe there is an error in your code. Works on my machine.
The article says:
You can't, though, customise the defaults as they are hard-coded.
and it means that you can't change what rights are given during queue creation but you can change them afterwards.
Edit: To get "Everyone" independent of OS-language: How to get the IdentityReference for "Everyone" to create MutexAccessRule on localized systems?