Before you add the Active Directory Rights Management Services (AD RMS) server role on a computer running Windows Server 2008 or Windows Server 2008 R2, you must ensure that an appropriate infrastructure is in place, along with other essential elements that are described in this article.

Hardware Requirements

The minimum hardware requirements and recommendations for AD RMS servers are listed in the following table.

Requirement Recommendation
Computer with one Pentium 4 processor running at 3 GHz. An Intel Itanium 2 processor is required for Itanium-based systems. Computer with two Pentium 4 processors running at 3 GHz or faster
512 MB of RAM 2 GB or more
40 GB of free hard disk space 80 GB or more

Software Requirements

The software requirements for running AD RMS are listed in the following table.

Software Requirement
Operating system Any edition of Microsoft Windows Server 2008 or Windows Server 2008 R2 except Web Edition
File system NTFS file system is strongly recommended
Active Directory or Active Directory Domain Services

AD RMS must be installed in an Active Directory domain in which the domain controllers are running Windows Server 2000 with Service Pack 3 (SP3), Windows Server 2003, Windows Server® 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. All users and groups in your organization that use AD RMS to acquire licenses and publish content must have an e-mail address configured in Active Directory. (This does not apply to federated users or users who obtain their RACs through the Windows Live ID service.)

Database server

AD RMS requires a database server, such as Microsoft SQL Server 2005, and stored procedures to perform operations. The AD RMS server role on Windows Server 2008 R2 does not support Microsoft SQL Server 2000.

Required Accounts

A minimum of two domain accounts are required before you attempt to install AD RMS: A service account and an administrator account. The requirements for these accounts are listed in the following table.

Account Requirements
Service The account that the AD RMS service runs under is a standard domain user account with no additional permissions. When AD RMS is installed, this account is added to the domain AD RMS Service group.
Administrator
  • The account used to add the AD RMS server role must be domain user account that is a member of the local Administrators group. When AD RMS is installed, this account is added to the domain AD RMS Enterprise Administrators group.
  • During installation, the account must also belong to the domain Enterprise Administrators group in order to register the AD RMS service connection point (SCP); otherwise, the SCP must be registered after installation is complete.
  • During installation, if a SQL database on a separate server is to be used to store configuration and logging data, the account must have  permissions to create new databases (typically by assigning the account the  System Administrator role on the SQL server.

Application Requirements

The following table summarizes the requirements for various applications that make use of RMS for information rights management (IRM) and other purposes. After the table are sections that provide additional details about each of these applications.

Application Version Requirements RMS Server-side Version RMS Client-side Version
Microsoft Office IRM
  • Microsoft Office 2003 Professional/Enterprise
  • Microsoft Office 2007 Professional Plus/Enterprise/Ultimate
  • Microsoft Office 2010 Professional Plus
  • Windows RMS 1.0 SP2
  • Windows Server 2008 AD RMS
  • Windows Server 2008 R2 RMS
  • Windows XP with  Windows RMS Client  1.0 SP2
  • Windows Vista
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2
Bulk Protection Tool
  • Outlook 2007 or Outlook 2010 (if decrypting PST contents)
  • Windows RMS 1.0 SP2
  • Windows Server 2008 AD RMS
  • Windows Server 2008 R2 RMS
  • Windows XP with Windows RMS Client  1.0 SP2
  • Windows Vista
  • Windows 7
  • Windows Server 2008 R2
Microsoft Office SharePoint Server IRM
  • SharePoint Server 2007
  • SharePoint Server 2010
  • Windows RMS 1.0 SP2
  • Windows Server 2008 AD RMS
  • Windows Server 2008 R2 RMS
  • Windows XP with Windows RMS Client  1.0 SP2
  • Windows Vista
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2
Windows Server 2008 R2 File Classification Infrastructure Windows Server 2008 R2 Enterprise/Data Center
  • Windows Server 2008 AD RMS
  • Windows Server 2008 R2 RMS
  • Windows Vista
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2
Microsoft Exchange
  • Exchange Server 2010

 

  • Windows Server 2008 AD RMS
  • Windows Server 2008 R2 RMS (see details below)
  • Windows Vista
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2
Windows Mobile
  • Windows Mobile 6.1
  • Windows Mobile 6.5
  • Windows RMS 1.0 SP2
  • Windows Server 2008 AD RMS
  • Windows Server 2008 R2 RMS
  • Windows XP with Windows RMS Client  1.0 SP2
  • Windows Vista
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2

Microsoft Office IRM

The following table provides details about the Office suites required to create or consume protected content.

Office Version Create and Consume Consume Only
Office 2003 Professional Standard
Office 2007 Professional Plus, Ultimate, Enterprise All other suites
Office 2010 Professional Plus All other suites
Office for Mac Not available Not available

Bulk Protection Tool

The following table provides details about requirements and capabilities of the Bulk Protection Tool.

Windows Versions PST Integration Requirement Document Types Protected
  • Windows XP with Windows RMS Client  1.0 SP2
  • Windows Vista
  • Windows 7
  • Windows Server 2008 R2
  • Outlook 2007
  • Outlook 2010
  • doc, dot, xla, xls, clt, pps, ppt
  • docm, docx, dotm, xlam, xlsb
  • xlsm, xlsx, xltm, xltx, xps, potm, potx
  • ppsx, ppsm, pptm pptx, thmx

The Bulk Protection Tool is available for download from the Microsoft Download Center.

Microsoft Office SharePoint Server IRM

The following table shows the document types that can be protected by using AD RMS with SharePoint Server.

SharePoint Version Document Types Protected
SharePoint Server 2007 Standard/Enterprise
  • doc, dot, xla, xls, clt, pps, ppt
  • docm, docx, dotm, xlam, xlsb
  • xlsm, xlsx, xltm, xltx, xps, potm, potx
  • ppsx, ppsm, pptm pptx, thmx
SharePoint Server 2010 Standard/Enterprise
  • doc, dot, xla, xls, clt, pps, ppt
  • docm, docx, dotm, xlam, xlsb
  • xlsm, xlsx, xltm, xltx, xps, potm, potx
  • ppsx, ppsm, pptm pptx, thmx

 

See Also