ADRMS templates publishing for non administrative domain users
-
Tuesday, February 08, 2011 7:05 AM
I have successfully implemented ADRMS in our domain. We are having few issues while publishing template for non administrative domain users. I want to make sure that our requirement is feasible for these products.
We are using Windows 7 64bit Enterprise edition as client machines and UAC (user access control) is enable from group policy.
created a script for following tasks:1) AD RMS Rights Policy Template Management (Automated) (enable ADRMS client).
2) Creating Templates folder (C:\Users\domainUser\AppData\Local\Microsoft\DRM) inside each user profile .
3) Registry entry for each system on in following location. HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM
Problem : I am able achieve this using my script through group policy but it does not work for non administrative users.I can’t give admin rights to all users.
I don’t want to disable UAC permanently due to security reason.
Is there any solution for my problem? Any help will be highly appreciated.Following is my script. Please let me know if can run this script from admin right or any other alternative to solve my problem.
Script for disable UAC
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /fScript for enabling”Active Directory Rights Management Services Client”
schtasks /Change /TN "\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" /ENABLE
Script for creating DRM and Templates folder:
IF EXIST "%UserProfile%\AppData\Local\Microsoft\DRM" goto existDRM
cd\
cd %UserProfile%\AppData\Local\Microsoft
md DRM
:existDRM
IF EXIST "%UserProfile%\AppData\Local\Microsoft\DRM\Templates" goto ExistTL
cd\
cd %UserProfile%\AppData\Local\Microsoft\DRM
md Templates
:ExistTLScript for registry entry:
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM" /f
REG ADD "HKCU\Software\Microsoft\Office\12.0\Common\DRM" /v "AdminTemplatePath" /t REG_EXPAND_SZ /d "%UserProfile%\AppData\Local\Microsoft\DRM\Templates" /fScript for enabling UAC
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /fAny help will be highly appreciated
Answers
-
Tuesday, February 08, 2011 7:20 AM
Hello,
Thank you for your post! I would suggest posting your question in one of the (Security TechCenter > Security Forums > Rights Management Services ) forum located here: (http://social.technet.microsoft.com/Forums/en/rms/threads).
Hope that would be helpful.
Have a great day!
Thanks & regards,
Shivendra Pratap Singh Tier 2 Application Support Server and Tools Online Operations Team- Proposed As Answer by Shivendra Pratap Singh Tuesday, February 08, 2011 7:20 AM
- Marked As Answer by Ed Price - MSFTMicrosoft Employee, Moderator Friday, April 13, 2012 4:18 AM
.png){kind=spacer}
