You can use auditing to record which users access which objects, the type of access attempted, and if that access succeeded or failed. Audited events are recorded in the Windows NT security log, and can be viewed from Windows NT Event Viewer.
To enable auditing, you must set the audit policy for all MSMQ servers (using User Manager for Domains on each server), and then use MSMQ Explorer to specify which actions to audit, for which objects, for which users, and whether to audit successful access, failed access, or both.
You can audit actions for the enterprise, sites, CNs, computers, and queues on an individual or group basis. For each object, you can audit different actions. These are explained later in the following sections:
Note To write messages to the security audit log, the user account that runs the MSMQ service must have the "Generate security audits" right. If the account does not have this right, the MSMQ service writes a warning message in the application log. By default, the MSMQ service runs in the local system account which, by default, has the "Generate security audits" right.