Set Permissions for Message Queuing Files
Applies To: Windows Server 2008
You can use this procedure to set permissions for Message Queuing files. Set permissions for Message Queuing files to regulate access to the files.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To set permissions for Message Queuing files
On the desktop, right-click Computer, and then click Explore.
Locate and right-click the folder used to store the message files, log files, and transaction log files (usually \Windows\System32\msmq\storage), and then click Properties.
On the Security tab of the <folder name> Properties dialog box, click Edit.
In Group or user names select any group or user, including the Administrators group, that you do not want to access the Message Queuing storage files directly, and click Remove. Repeat this step as needed.
Click OK to close the Permissions for*<folder name>* dialog box.
Click OK to close the <folder name> Properties dialog box.
To locate the folder used to store message files, log files, and transaction log files
Click Start, point to Run, type compmgmt.msc, and press ENTER to display the Computer Management MMC console.
In the console tree, right-click Message Queuing.
- Computer Management/Services and Applications/Message Queuing
Click the Storage tab of the Message Queuing Properties dialog box to see the folder or folders used to store message files, log files, and transaction log files.
- By default, Message Queuing stores all message files, log files, and transaction log files in the %windir%\System32\msmq\storage folder on the computer where Message Queuing is installed.
%windir% is a placeholder for the location of the Windows directory. To determine the value associated with the %windir% environment variable type echo%windir% at a command prompt and press ENTER.
You can set both file-level and folder-level permissions only on NTFS-formatted drives. You cannot set folder-level permissions on FAT-formatted drives. (The Security tab is not available for folders on FAT-formatted drives.)
By default, only members of the Administrators group of the local computer have permissions for the folder used to store message files, log files, and transaction log files. For best security practice, it is not recommended that you widen these default permissions, or you may open Message Queuing for access by unauthorized persons.