AD RMS - Rights Policy Templates Question (On - Premise) RRS feed

  • Question

  • I have Active Directory Rights Management installed and working in our environment.  We are able to protect documents from Microsoft Office Applications without an issue.  The question came up, as to how to protect multiple documents at once, rather than having to go back through each individual file and enable certain permissions / restrictions.  I was able to use the powershell script with the syntax below to accomplish this:  

    C:\PS>Protect-RMSFile -Folder \\Server1\Documents -InPlace -TemplateId (Insert Template ID here)

    Anyways, the problem I am running into is this:

    I've created several templates, one for the IT Department, and one for the Finance Department, etc.  I've restricted the permissions using these templates, however, if anyone, whether they are a member of the Finance team, or a member of the IT team, they are able to use both templates. 

    For example, a member of the IT team decides to protect a word document with a template, they can choose the "finance only" template without issue, and vice versa.

    There are no references to the IT person, domain admins, RMS admins, etc. in the Finance template, so I would think that when the IT person tries to apply the Finance template, they should get some sort of denied error message. 

    Super users ARE NOT enabled, so I've ruled this out. 

    Is this just something I have to live with?  Did I miss something really simple?  I have not been able to find anything online where it specifies that you can restrict the actual use of a particular template to a set of users, a group, etc, which seems very odd in my opinion.

    Any help is greatly appreciated!!!

    • Edited by KMiller340 Thursday, October 26, 2017 9:37 PM
    Thursday, October 26, 2017 9:34 PM