1

I am trying to automate the creation of MSMQ queues using powershell

I have no problems creating the queue, I just cannot appear to be able to set the permissions correctly

I have been following what is documented here Setting permissions on a MSMQ queue in a script

and here https://learn.microsoft.com/en-us/powershell/module/msmq/set-msmqqueueacl?view=win10-ps

This is my command to create the queue 

New-MsmqQueue -Name "ThisIsTestName" -QueueType Private

but when I try to set the permissions, using this command

Get-MsmqQueue -Name "ThisIsATestName" -QueueType Private | Set-MsmqQueueAcl -UserName "Everyone" -Allow Peek,Receive,Send,Delete,GetProperties,GetPermissions

I am getting this error 

Set-MsmqQueueACL : Cannot convert 'System.Object[]' to the type 'System.Nullable`1[Microsoft.Msmq.PowerShell.Commands.MessageQueueAccessRights]' required by parameter 'Allow'.
Specified method is not supported.
At line:1 char:105
+ ... veryone" -Allow Peek,Receive,Send,Delete,GetProperties,GetPermissions
+                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (:) [Set-MsmqQueueACL], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Microsoft.Msmq.PowerShell.Commands.SetMSMQQueueACLComm

So I tried removing all the allow, and just using FullAccess.

This did not give me an error, but it did not set the permissions

looking further, I came across this post:

Set-MsmqQueueACL - Allow - can't use list as per docs?

So I updated to the following

$allows = [Microsoft.Msmq.PowerShell.Commands.MessageQueueAccessRights]::Peek -bor
 [Microsoft.Msmq.PowerShell.Commands.MessageQueueAccessRights]::Receive -bor
 [Microsoft.Msmq.PowerShell.Commands.MessageQueueAccessRights]::Send -bor
 [Microsoft.Msmq.PowerShell.Commands.MessageQueueAccessRights]::Delete -bor
 [Microsoft.Msmq.PowerShell.Commands.MessageQueueAccessRights]::GetPermissions -bor
 [Microsoft.Msmq.PowerShell.Commands.MessageQueueAccessRights]::GetProperties
 Get-MsmqQueue -Name "ThisIsATestName" -QueueType Private | Set-MsmqQueueAcl -UserName "Everyone" -Allow $allows

But I am still getting the same error

I know I have made a stupid mistake somewhere but I cannot see what I have done wrong

Attempting to do this on a windows 10 machine

Darren Guy
  • 1,123
  • 2
  • 13
  • 39

2 Answers2

0

Try :

$var = "PeekMessage,ReceiveMessage,DeleteMessage"
Get-MsmqQueue -Name "testqueue3" -QueueType Private | Set-MsmqQueueAcl -UserName "Everyone" -Allow $var

OR

Get-MsmqQueue -Name "testqueue3" -QueueType Private | Set-MsmqQueueAcl -UserName "Everyone" -Allow FullControl
rAJ
  • 1,295
  • 5
  • 31
  • 66
0

Well, IAW the MS docs, your command is correct, with one exception, the way the target to receive the permissions is defined. Maybe try using 'Domain Users'

Description

The Set-MsmqQueueACL cmdlet modifies the access rights of queues. This cmdlet returns the updated MsmqQueueAcl object. The cmdlet modifies private, public, journal, system journal, system dead-letter, and system transactional dead-letter queues.

Example 1: Modify the ACLs of queues specified by name PowerShell

Get-MsmqQueue -Name "Order*" -QueueType Private | Set-MsmqQueueAcl -UserName "CONTOSO\DavidChew" -Allow Delete,Peek,Receive,Send -Deny TakeOwnership

This command gets all the private queues that have names that start with the string Order by using the Get-MsmqQueue cmdlet. The command passes the results to the current cmdlet by using the pipeline operator. The current cmdlet modifies the ACL of the queues.

It also, might be the cmdlets expects a real username as per the MS Docs example. So, then you end up needing a ForEach to get them all. I don't have MSMQ in place so, cannot physically validate.

postanote
  • 15,138
  • 2
  • 14
  • 25