How To Determine If MSMQ 2.0 Servers Are Configured to Use Weakened Security for Active Directory (255547)
The information in this article applies to:
- Microsoft Message Queuing 2.0
This article was previously published under Q255547 SUMMARY
Message Queuing servers that are running on Microsoft Windows 2000 domain controllers can operate using weakened security for Active Directory. If used, weakened security is enabled during installation of the first Message Queuing server on a Windows 2000 domain controller in the forest. This setting is then replicated to all other domain controllers in every domain in the forest. You should enable weakened security if any of the following operating configurations apply to your organization:
- An MSMQ mixed-mode domain environment where users running MSMQ version 1.0 (on Microsoft Windows NT 4.0, Microsoft Windows 95, or Microsoft Windows 98) access Message Queuing servers running on Windows 2000 domain controllers. This configuration also applies if such users are logged on with Windows 2000 domain accounts.
- An MSMQ mixed-mode domain environment where users running Message Queuing (on Windows 2000) in a Windows NT 4.0 domain access MSMQ 1.0 controller servers.
- An MSMQ Windows 2000 domain where users running Message Queuing (on Windows 2000) are logged on with Windows NT 4.0 domain accounts, or in a Windows 2000 domain where users are running computers that support only the IPX protocol.
- An environment where users are logged on with a Local User account (regardless of the operating system).
If weakened security is enabled, such computers are able to query domain controllers, and view object properties in Active Directory. If disabled, such computers are not, by default, able to query Active Directory. Specifically, when weakened security is enabled, the "Everyone" group is allowed Read permission for queue properties and queue security.
REFERENCES
Help for MSMQ in the Windows 2000 Online Help
Modification Type: | Minor | Last Reviewed: | 7/1/2004 |
---|
Keywords: | kbhowto KB255547 |
---|
|