CODEWITHSUNDEEP
powershellmsmq
Eric
Eric

Reputation:

How can I programatically set the owner of a MSMQ queue?

I have a powershell script that creates some private queues for me. However, the queues default to being owned by whoever ran the install script. I'd prefer to have them owned by a group (i.e. - Administrators or some such). Anybody know how to do this?

foreach($strQueue in $strQueues) {
  if (![System.Messaging.MessageQueue]::Exists($strQueue)) {
    $q = [System.Messaging.MessageQueue]::Create($strQueue)
    $q.SetPermissions($queueUser, [System.Messaging.MessageQueueAccessRights]::FullControl, [System.Messaging.AccessControlEntryType]::Set)
    $q.SetPermissions("BUILTIN\Administrators", [System.Messaging.MessageQueueAccessRights]::TakeQueueOwnership, [System.Messaging.AccessControlEntryType]::Set)
    Write-Host "... created $strQueue and set FullControl permissions for $queueUser"
  }
}

Upvotes: 3

Views: 3122

Answers (3)

Shane Callanan
Shane Callanan

Reputation: 2305

I know this is an ancient question and has already been answered but I was struggling with this for far too long today and have to post my solution to spare others the pain.

If you don't have access to the MSMQ by default then you need to run the commands as an impersonated user as @Noon Silk suggested.

This code will let you create and assign permissions to the queues as a different user

$Username = "Eric"
$Password = "MyPassword"

$securePass = ConvertTo-SecureString $Password -AsPlainText -Force
$credential = New-Object Management.Automation.PSCredential($Username, $securePass)

foreach($strQueue in $strQueues) {
  if (![System.Messaging.MessageQueue]::Exists($strQueue)) {
    $script = 
        {
            $q = [System.Messaging.MessageQueue]::Create($strQueue)
            $q.SetPermissions($queueUser, [System.Messaging.MessageQueueAccessRights]::FullControl, [System.Messaging.AccessControlEntryType]::Set)
            $q.SetPermissions("BUILTIN\Administrators", [System.Messaging.MessageQueueAccessRights]::TakeQueueOwnership, [System.Messaging.AccessControlEntryType]::Set)
            Write-Host "... created $strQueue and set FullControl permissions for $queueUser"
        }

    Invoke-Command -Credential $credential -ScriptBlock $script
  }
}

Upvotes: 3

Noon Silk
Noon Silk

Reputation: 55112

You could try impersonating a relevant admin account before creating them ... ?

Upvotes: 1

Igal Serban
Igal Serban

Reputation: 10684

I think that taking ownership can be done only from native code ( with the c api of msmq). So no powershell here. But there is a c+ sample here.

Upvotes: 2

Related Questions