When working with MSMQ (Microsoft Message Queuing) on Windows Vista Business SP2 x64, you might encounter a peculiar scenario where administrative privileges don't guarantee full configuration access. The error message clearly states:
The properties of cannot be set.
Error: Access is denied.This occurs despite using an account in the local Administrators group, suggesting deeper permission layers in MSMQ's security model.
MSMQ implements additional security checks beyond standard Windows permissions. The service maintains its own ACLs (Access Control Lists) for queue operations. In Vista specifically, User Account Control (UAC) introduces another layer of complexity.
The key components involved are:
- MSMQ Service Control Manager
- Queue-specific security descriptors
- Windows Vista UAC virtualization
Method 1: Elevated Command Prompt
1. Right-click Command Prompt
2. Select "Run as administrator"
3. Execute:
COMPMGMT.MSC
4. Navigate to:
Services and Applications > Message QueuingMethod 2: Direct Registry Modification
For advanced users needing to set storage limits programmatically:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters]
"JournalQuota"=dword:00002000
"QueueQuota"=dword:00005000Save as .reg file and merge with administrative privileges.
After making changes, verify MSMQ configuration with:
Get-WmiObject -Class Win32_MSMQQueueInfo -Namespace "root\MSMQ" |
Format-Table -Property QueueName, Quota, JournalQuotaWatch for these specific Vista-related issues:
- UAC virtualization redirecting registry writes
- Incomplete MSMQ component installation
- Group Policy restrictions on MSMQ configuration
For production environments, consider using the MSMQ COM API for reliable configuration:
Dim qinfo As MSMQ.MSMQQueueInfo
Set qinfo = New MSMQ.MSMQQueueInfo
qinfo.PathName = ".\private$\testqueue"
qinfo.JournalQuota = 8192 ' 8MB
qinfo.Quota = 20480 ' 20MB
qinfo.Update()You're part of the local Administrators group, you can tweak registry settings, manage services, and perform other administrative tasks - but suddenly hit a brick wall when trying to modify MSMQ storage limits. This specific permission issue tends to surface when dealing with Message Queuing configuration on Windows Vista Business SP2 x64 systems.
MSMQ has its own internal permission structure that sometimes bypasses regular admin rights. The queue properties dialog actually interfaces with multiple security layers:
1. Windows Security Subsystem
2. MSMQ Service ACLs
3. Queue-specific permissions
4. Registry permissions for configuration storageBefore we dive into the real solution, let's examine approaches that typically don't work but get suggested frequently:
- Simple "Run as Administrator" on Computer Management
- Adding your account to Distributed COM Users group
- Modifying folder permissions on %windir%\System32\msmq
After debugging numerous cases, I've found this sequence consistently resolves the issue:
1. Stop MSMQ service:
net stop msmq
2. Take ownership of registry key:
takeown /f HKLM\SOFTWARE\Microsoft\MSMQ /r
3. Grant full control to Administrators:
icacls HKLM\SOFTWARE\Microsoft\MSMQ /grant Administrators:(F) /t
4. Restart MSMQ service:
net start msmqFor frequent administrators dealing with multiple machines, here's a PowerShell script that handles all steps:
# MSMQ Permission Repair Script
$service = Get-Service -Name MSMQ
if ($service.Status -eq 'Running') {
Stop-Service -Name MSMQ -Force
}
$key = 'HKLM:\SOFTWARE\Microsoft\MSMQ'
$acl = Get-Acl $key
$rule = New-Object System.Security.AccessControl.RegistryAccessRule(
"Administrators",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$acl.SetAccessRule($rule)
Set-Acl -Path $key -AclObject $acl
Start-Service -Name MSMQIn corporate environments with advanced security policies, you might need additional steps:
- Check Group Policy for MSMQ restrictions
- Verify no explicit deny permissions exist
- Inspect security logs (Event ID 560/567)
To avoid recurrence, implement these measures:
- Document all MSMQ permission changes
- Create a dedicated MSMQ Administrators group
- Regularly audit MSMQ-related permissions