Installer: MSMQ Permissions

I hit a bunch of roadblocks trying to configure MSMQ from an installer, but here’s the code that worked:

Source: http://serializer.blogspot.com/2005/12/msmq-permissions-needs-touch.html

// local system account
Trustee t1 = new Trustee();
t1.Name = “SYSTEM”;
t1.TrusteeType = TrusteeType.User;
t1.SystemName = “.”;
AccessControlEntry ace1 = new AccessControlEntry();
ace1.EntryType = AccessControlEntryType.Allow;
ace1.GenericAccessRights = GenericAccessRights.All;
ace1.StandardAccessRights = StandardAccessRights.All;
ace1.Trustee = t1;
// any other computer
Trustee t2 = new Trustee();
t2.Name = “Everyone”;
t2.TrusteeType = TrusteeType.Group;
t2.SystemName = “.”;
AccessControlEntry ace2 = new AccessControlEntry();
ace2.EntryType = AccessControlEntryType.Allow;
ace2.GenericAccessRights = GenericAccessRights.All;
ace2.StandardAccessRights = StandardAccessRights.All;
ace2.Trustee = t2;
AccessControlList acl = new AccessControlList();
acl.Add(ace1);
acl.Add(ace2);
MSMQInstaller.Permissions = acl;
// This corrects a bug when previous settings are not correctly applied
// Using the SetPermissions after adding the accesscontrollist applies previous settings
// Remember to use Allow below to keep existing settings
MessageQueue m = new MessageQueue(MSMQInstaller.Path);
m.SetPermissions(“SYSTEM”, MessageQueueAccessRights.FullControl, AccessControlEntryType.Allow);

The last line got me spending 6 hours because m.SetPermissions has another overload which takes AccessControlList as a parameter and I was tricked into using that overload and everything goes fine till I actually use my queue where it goes off and says Access Denied. And it got me on a trial spree. I tried the following and wasted that time (in the hindsight):

  1. Manually change the permissions, restart MSMQ and everything works!-
    • I thought Restart MSMQ did the trick so I started coding mockups for the installer to use Restart MSMQ and gathered information on how to restart service – 3 hours!
  2. It worked when I removed Delete entry from MSMQ permissions manually:
    • I thought I should avoid Delete entry for MSMQ permissions, so I configured the StandardAccessRights to not use delete, but to my amazement nothing works when you actually get to it since StandardAccessRights.All – Delete gets me only ReadSecurity and WriteSecurity; But it didn’t set the MessageQueueRights in the first place. – 3 hours!

I’m glad I finally got to getting it working!

Advertisements

About vijayvepa

I'm a software consultant for Software Specialists Inc. currently working at Philips Respironics, Pittsburgh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: