Just the other day I posted some code wherein an MSMQ queue is created and the Network Service account was granted full control to the queue. Though I didn't mention it, this was necessary because the Windows Service runs under that account and would need access to the queue.
As it turns out the code sample has issues when running on Windows XP. Windows XP doesn't allow the NT AUTHORITY\NETWORK SERVICE account to be associated with the permissions on a message queue (I've not looked into why yet). When the code runs no error is thrown and it happily attempts to grant the permissions. This results in a queue whose permissions are corrupted (not even an administrator can access it) and all users are denied access. The only way I've found to remove such a queue is to uninstall MSMQ and reinstall it. Does anyone know of another solution to that?
Therefore, in my code a put a rudimentary workaround to the problem. I perform a simple check to see if the OS is Windows XP and if so, not set permissions. This works in this case (though I hate to rely on these behaviours) because the default permissions on a queue in XP is Everyone:Full Control, so the service can see the queue just fine.
if ( !isWindowsXP() ) {
const string accountName = @"NT AUTHORITY\NETWORK SERVICE";
Trustee trustee = new Trustee(accountName, null, TrusteeType.User);
MessageQueueAccessRights rights = MessageQueueAccessRights.FullControl;
MessageQueueAccessControlEntry ace = new MessageQueueAccessControlEntry(trustee, rights);
queue.SetPermissions(ace);
}
...
private static bool isWindowsXP() {
OperatingSystem os = Environment.OSVersion;
return ( PlatformID.Win32NT == os.Platform && 5 == os.Version.Major && 0 != os.Version.Minor );
}
Again, very simple and potentially error prone (what about Windows 2000 Pro?), but in my case it suffices.