Public and private queues

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Public and private queues

Private queues

Private queues are queues that are not published in Active Directory and are displayed only on the local computer that contains them. Private queues have the following features:

  • Message Queuing registers private queues locally by storing a description of the queue in the LQS (local queue storage) directory on the local computer. In MSMQ 2.0, and Message Queuing 3.0, the default location is %windir%\system32\msmq\storage\lqs. Note that a description of each public queue created on the local computer is also stored locally in a separate file in the LQS folder.

  • Private queues are registered on the local computer, not in the directory service, and typically cannot be located by other Message Queuing applications.

  • Private queues are accessible only by Message Queuing applications that know the full path name, the direct format name, or the private format name of the queue, as follows:

    • **Path name:**ComputerName\private$\QueueName.

    • Path name on local computer: \private$\QueueName.

    • Direct format name:: DIRECT=ComputerAddress\PRIVATE$\PrivateQueueName.

    • Private format name: PRIVATE=ComputerGUID\QueueNumber.

    For more information on path names and format names, see Queue names.

  • Private queues have the advantage of no directory service overhead, making them quicker to create, no latency in accessing them, and no replication overhead.

  • Private queues are not dependent on the directory service, and thus can be created and deleted when the directory service is not working. This is useful for offline operation.

  • One way that private queues can be exposed to other applications is by setting a message property. To distribute the location of a private queue, an application can send a format name of the private queue as the response queue property of a message.

  • In a workgroup environment, only private queues are available.

  • For a Message Queuing application on the local computer to access a private queue, the application only needs to know the path name of the queue. For a Message Queuing application on a remote computer, the application requires a direct or private format name to access such a queue. To read messages from the queue, the remote Message Queuing application requires the Receive Message permission for that queue. By default, everyone has permissions to send messages to public and private queues.

Public queues

In a domain environment, public queues are queues that are published in Active Directory and hence are replicated throughout your Windows Server 2003 family forest. Note that only the properties for these queues are replicated, not the actual queues themselves or their contents. Any computer within your forest can potentially access information regarding public queues provided the user has sufficient permissions to access the applicable queue objects. Generally speaking, any user in the forest with access to Active Directory and the Send To permission for a given public queue can send messages to it.

In an Active Directory environment, defining public queues ensures that queues are registered in the directory service, and that their registration is backed up. They are persistent and available to other applications.

Creating local public queues

By default, in Active Directory, the Create Child Object permission that is required to create local public queues is granted to:

  • The Domain Administrator account

  • The domain user account of the local administrator that installed Message Queuing

  • Local System and Network Service accounts

To permit all other users to create local public queues by default, Message Queuing uses Message Queuing service elevation of privilege. The effect of this is that if the user account does not have Active Directory permissions for this action, the user account privilege is elevated and the local public queue is created using Message Queuing service's Local System account. This is the default Message Queuing setting. If you want to disable this behavior, and restrict the creation of local public queues, set the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\EnableCreateQueueThroughService. To disable the key, set the DWORD value to 0. After setting the registry, restart the Message Queuing service for the changes to take effect.

Caution

  • Incorrectly editing the registry may severely damage your system. It is recommended that you back up any valuable data on the computer before making changes to the registry.

Default security access for public queues gives everyone permission to send messages to a public queue. Specific permissions must be granted for read access.

The advantage of public destination queues is that they are registered in the directory service, where they can be located by other Message Queuing applications. Public queues are persistent, and their registration information can be backed up on the enterprise, making them good for long-term use.