how to limit Windows RMS to selected clients RRS feed

  • Question

  • Can we prevent AD users from creating RMS protected documents while enable selectively for others based on AD groups? 
    Best Regards, Issam Andoni http://zevainc.com/andoni
    Tuesday, June 21, 2011 9:38 PM


All replies

  • Hello Issam

    Do those selected clients need to have rights (view/modify/extract .. and so on) on protected documents? what Operating systems do those client use?

    kind regards,

    Akira Sekine

    Tuesday, June 21, 2011 11:47 PM
  • Hi Issam,

    If you are looking at restricting RMS services to a select group of users, i.e. only users in a certain group can use RMS to create protected content, then you need to retrict permissions on the Certification and Licensing pipelines via IIS.

    By default these two will have permissions assigned to Authenticated users, you need to replace that with the AD security groups of your choice via IIS console.

    Alternatively you can use the Office 200x admx GPO settings to disable the IRM components for the users you don't want using RMS.

    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent

    Wednesday, June 22, 2011 9:26 AM
  • We want everyone within the domain to be able to get RMS protected files but we want to restrict the capability to create RMS protect document to only selective group of people. For example members of executive group is the only ones that can create protected docs but they can add permissions to read/write/print/ etc to any other groups. Others can only consume RMS protected docs but will not be able to protect documents using RMS

    Hope that clarify our requirements



    Best Regards, Issam Andoni http://zevainc.com/andoni
    Wednesday, June 22, 2011 2:35 PM
  • Thanks for the clarification. Both the above solutions should be workable for your scenario.

    However to simplify the workaround, you will need to enforce the reg setting on HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM


    For all users not part of the Executive group. Assuming you are using Office 2010

    Ref Link: http://technet.microsoft.com/en-us/library/dd772637(WS.10).aspx

    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent

    • Marked as answer by Issam Andoni Wednesday, June 22, 2011 6:31 PM
    Wednesday, June 22, 2011 4:13 PM