Message Queue Security
[This documentation is for preview only, and is subject to change in later releases. Blank topics are included as placeholders.]
Microsoft Windows Message Queuing takes advantage of the various built-in security features of the Windows 2000 operating system. Specifically, Message Queuing uses access control, authentication, encryption, and auditing for security:
Access control is used to restrict user access to Message Queuing objects, and is implemented by assigning security descriptors to objects. Message Queuing objects include computer (MSMQ), queue, routing link, and Message Queuing Settings objects. A security descriptor lists the users and groups that are granted or denied access to an object, and the specific permissions assigned to those users and groups.
Authentication is implemented using public key certificates, the Kerberos V5 security protocol, and Windows NTLM (for compatibility with Message Queuing 1.0 running on Windows NT 4.0). Public key certificates are used for message authentication, which verifies the sender of a message (the client) to a Message Queuing server. Kerberos V5 and NTLM are used for server authentication, which verifies a Message Queuing server to a client.
Encryption is implemented using both public key (asymmetric) and secret key (symmetric) algorithms. Encryption is used by Message Queuing applications to encrypt messages sent between Message Queuing computers.
Auditing is used to record which users attempt to access Message Queuing objects in Active Directory. The security descriptor for an object specifies the various access events to be audited for the object.
By managing security properties for objects, you can set permissions, assign ownership, and monitor user access. For more information on the specifics of security in Message Queuing, see "Security Message Queuing" in the Windows 2000 or Windows NT Message Queuing documentation, or search MSDN Online for articles on configuring security in your MessageQueue components.