CODEWITHSUNDEEP
powershellmsmq
Gruss
Gruss

Reputation: 121

Remove MSMQ Queue Permissions

I want to remove all of the permissions on an MSMQ queue before we set the new permissions, this will be deployed via Octopus. This is so that we can be sure that no legacy permissions can exist and be sure that the permissions will be the same.

$QueueName = "MyQueue"
$QueuePermissions = Get-MsmqQueue -Name $QueueName | Get-MsmqQueueACL
$QueueUsers = $QueuePermissions.AccountName | Get-Unique
foreach ($User in $QueueUsers)
  if ($User -like 'MyDomain*'){
    #Something like
    $QueueName | Set-MsmqQueueACL -UserName $User -Remove
  }

Unfortunately I need to create a CSV list of permissions for Set-MsmqQueueACL to be removed. How can I get this?

I'm fairly new to PowerShell so anyhelp would be appreciated.

Thanks!

Upvotes: 1

Views: 1204

Answers (2)

Gruss
Gruss

Reputation: 121

I have created a solution that appears to work, as mentioned above I am no PowerShell expert but it may help someone else in the future:

$Queue= "MyQueueName"
#remove old permissions
$QueuePermissions = Get-MsmqQueue -Name $Queue | Get-MsmqQueueACL
$QueueUsers = $QueuePermissions.AccountName | Get-Unique
foreach ($User in $QueueUsers)
{
    Write-Output "Permissions found for user: $User"
    $tst = $QueuePermissions | where {$_.AccountName -eq $User}
    $tst = $tst | Select -ExpandProperty Right
    foreach ($Permission in $tst)    
    {
        Write-Output "Removing permissions: $Permission"
        $thisQueue | Set-MsmqQueueAcl -UserName $User -Remove $Permission | Out-Null
    }
}

Upvotes: 0

Kai Zhao
Kai Zhao

Reputation: 1025

First of all, delete queues and recreate is the more reliable approach.

I assume you have a reason that requires you to not delete them. Here is an approach I think suit you best.

Using MessageQueue.ResetPermissions Method from System.Messing.MessageQueue

Code example for powershell:

$QueueName = ".\private$\MyQueue"
Add-Type -AssemblyName System.Messaging
$Q = [System.Messaging.MessageQueue]($QueueName)
$Q.ResetPermissions()

Note: This method put queue permission back to default where only creator has full access to the queue. My powershell is using an automation account that created these queues thus it would take away fine from this point. However, in my past experience if all the queue permissions are messed, and you don't have an account that have full control of the queue, you might end up have to remove the physical queue file from storage and restart MSMQ service to clean it up. Thus I'd urge you to maintain consistence of the permission so your later operations on the queue can be performed without problem.

Upvotes: 1

Related Questions