CODEWITHSUNDEEP
visual-studio-2008windows-servicespermissionsmsmq
Dan Appleyard
Dan Appleyard

Reputation: 7445

Trouble connecting to remote private msmq to read

I am not a windows security expert. I just want to lay that out right away.

I built a Windows Service running on a Windows 7 machine that is trying to receive messages from a private msmq on another machine (within the same domain). This machine is running Windows 2003. I have the Windows Service run as the local system. I am getting "Access to Message Queuing system is denied." as an exception. I don't know what the best solution to this is.

Should I create a specific account for this service to run under and give the necessary permissions to that account under the queue?

Should I change the Service to run under NetworkService, or something like that?

Like I said earlier, I am not a windows security expert, so any advice would be greatly appreciated.

Thanks

Upvotes: 1

Views: 1263

Answers (1)

John Breakwell
John Breakwell

Reputation: 4687

One part of this is problem is generic non-expert windows security. If you want to access a resource, be it a file share or a message queue, you need to have permission. The host for the queue doesn't know about any accounts that are local to the Windows 7 machine. As both machines are in the same domain then it would make sense to run the Windows service under a domain account. You can then set the permissions on the queue accordingly.

The other part of the problem is how to pull messages from a remote queue. This isn't always as simple as you'd like, as discussed here:

Understanding how MSMQ security blocks RPC traffic

Cheers
John Breakwell

Upvotes: 2

Related Questions