none
Restricting Secure Document Creation

    Question

  • I have not found much information on this so I am throwing it out there.

    Is there a way to lock down the creation of secure documents via ADRMS to specific people or groups of people?  I found a way to disable the ADRMS functions in Office entirely with a registry key change but that means people cannot open secured documents either.

    Any help is appreciated.  Thanks.

    Monday, January 20, 2014 5:33 PM

Answers

  • I ended up answering my own question.

    Key: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM
    DWORD name: DisableCreation
    DWORD value: 1

    Alternatively a "Disable" DWORD turns the function off entirely (including the ability to open).

    Thanks.



    • Marked as answer by MacGeever Tuesday, January 21, 2014 9:08 PM
    • Edited by MacGeever Tuesday, January 21, 2014 9:09 PM
    Tuesday, January 21, 2014 9:08 PM

All replies

  • Maybe you could restrict permissions to the selected accounts/groups on "Publish.asmx" in IIS? Haven't tested it, unsure if that affects other accounts ability to consume information. It shouldn't.

    Tom Aafloen, IT-security Consultant Onevinn AB

    Monday, January 20, 2014 10:21 PM
  • I ended up answering my own question.

    Key: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM
    DWORD name: DisableCreation
    DWORD value: 1

    Alternatively a "Disable" DWORD turns the function off entirely (including the ability to open).

    Thanks.



    • Marked as answer by MacGeever Tuesday, January 21, 2014 9:08 PM
    • Edited by MacGeever Tuesday, January 21, 2014 9:09 PM
    Tuesday, January 21, 2014 9:08 PM
  • Great that you solved it!

    Please note however that users still might be able to create protected information, since that setting only applies to Office 2010. So people using other RMS enlightened apps such as Foxit PDF, RMS Sharing Application or any other version of Office (2003, 2013) might "circumvent" that setting.

    Also local administrators can change it, but I guess that's less likley.


    Tom Aafloen, IT-security Consultant Onevinn AB

    Wednesday, January 22, 2014 7:45 AM