Member of Domain Admin Group have acces to RMS protected documents RRS feed

  • General discussion

  • Good day.

     User restricts access to document, but memeber of domain admin group still could opent it. Why it so? How to restrict? This administrative user does not included in Super Users group.

     Is it possible, i even dont know where to look...

    Saturday, March 2, 2013 11:09 AM

All replies

  • My account is a member of Domain Admin group. And i could open document that is RMS protected.

    1. I`ve logged to another PC with test user account test1@domain.loc (Domain User)

    2. Created Word document and protect it, allow to read it to test2@domain.loc

    3. Copy this document to my PC

    4. Logged on it with account which is domain admin member and open that document.

    I `ve tried to clear cache on my PC as described on: http://social.technet.microsoft.com/wiki/contents/articles/7697.ad-rms-troubleshooting-reset-the-client-en-us.aspx

    but it didnot helps me, i still could open the document.

    Saturday, March 2, 2013 11:42 AM
  • any suggestions?
    Monday, March 4, 2013 4:02 AM
  • Do you have the Super User feature enabled and if so is your Domain Admin member of the group?

    Monday, March 4, 2013 10:21 AM
  • Yes I have Super User feature - Enabled adn there added Group "RMS Admins", but my account is not a memeber of this Group...
    Monday, March 4, 2013 10:36 AM
  • Can you confirm if users does not belong to the same group as the other user who opened the doc, if so, you may have a caching issue by default AD RMS cache group membership for 12 hours.



    Monday, March 4, 2013 2:09 PM
  • Good day, thank you for your answer.

    My account was the member of Super User group, but now it is 24 hours past and i am not a member of this group, but still could open the document :(

    Tuesday, March 5, 2013 11:38 AM
  • Can you try and open the document as admin, but from a computer where that admin account never has logged on to? Just to rule out any caching issues.

    Tom Aafloen, IT-security Consultant Onevinn AB

    Tuesday, March 5, 2013 7:20 PM
  • well,if you were member of the Super User group and you did get acces to the doc (although this user was not specificially assigned in the publishing license) the use license can be cached inside the document itself. as a quickest test i suggest you try with a complete new document (to ensure no caching anywhere) and you ensure youre not member of the super users group before opening it.
    Wednesday, March 6, 2013 10:53 PM
  • Thank you for your answer.

    To absolutely new document i dont have access.

    Thanks for the help, topic may be closed.

    Thursday, March 7, 2013 3:16 AM