AD RMS Client Configuration
This section and subsection is applicable for Windows 7 SP1 and Microsoft Outlook 2010 SP3.
Step 1 - Install Hotfix KB2627273
NOTE: This step only need to do once per client machine and it's required for Windows 7 SP1 client to enable Cryptographic Mode 2
1. Download the hotfix from http://support.microsoft.com/kb/2627273. Note the x86 or x64 installer.
2. After downloading, install the hotfix. An administrator right access account is needed for installation.
3. After the installation, restart the client machine.
Step 2 - Local Intranet Site in Internet Explorer (IE)
NOTE: This step must be configured at user logon profile. Repeat this step for different user logon profile. This step is required for SSO.
1. Log on to Client machine.
2. Click Start, click All Programs and select Internet Explorer.
3. Once Internet Explorer opens, in the top right corner, select Tools and click Internet Options from the drop-down. This will bring up the Internet Options window.
4. From the Internet Options screen, click the Security tab, and select Local Intranet from the Select a zone to view or change security settings box.
5. Click the Sites button. This will bring up a Local Intranet window.
6. In the Advanced setting, Add this website to the zone: type https://rms.external.com and click Add.
7. Click Close and OK.
8. From the Internet Options screen, click OK.
9. Close Internet Explorer.
10. Get this added in your IE GPO.
Step 3 - Enable AD RMS Right Policy Template Management (Automated) in Task Scheduler
NOTE: This step only need to do once per client machine.
1. Open the cmd by "Run as Administrator".
2. Enter taskschd.msc to launch the Task Scheduler.
3. Expand Task Scheduler Library > Microsoft > Windows > Active Directory Rights Management Services Client.
4. Enable the "AD RMS Rights Policy Template Management (Automated)".
5. Ensure both Task Status in Ready mode and select either one of the task and choose RUN.
Step 4 – Configure IRM Policy Path for Microsoft Outlook 2010
NOTE: This step must be configured at user logon profile. Repeat this step for different user logon profile.
1. Log on to Client machine.
2. Click Start, type regedit.exe in the Start Search box, and then press ENTER.
3. Expand the following registry key:
4. For Office 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM
5. Right-click DRM, click New, and then click “Expandable String Value”.
6. In the Value name box, type AdminTemplatePath, and then press ENTER.
7. Double-click the AdminTemplatePath registry and type %LocalAppData%\Microsoft\DRM\Template in the Value data box, and then click OK.
NOTE: If you have windows 7 64 bit and Office 32 bit then it is recommended to add the following register key as well.
1. Open Regedit and go to below location.
2. HKCU\Software\WoW6432Node\Microsoft\Office\X.0\Common\DRM\
3. Right-click DRM, click New, and then click Expandable String Value.
4. In the Value name box, type AdminTemplatePath, and then press ENTER.
5. Double-click the AdminTemplatePath registry value and type %LocalAppData%\Microsoft\DRM\Templates in the Value data box, and then click OK.
7. Close Registry Editor.
Step 5 – Change Frequency Update(Optional)
NOTE: This step must be configured at user logon profile. Repeat this step for different user logon profile.
The automated scheduled task will not query the AD RMS template distribution pipeline each time that this scheduled task runs. Instead, it checks updateFrequency DWORD value registry entry. This registry entry specifies the time interval after which the client should update its rights policy templates. By default the registry key is not present on the client computer. In this scenario, the client checks for new, deleted, or modified rights policy templates every 30 days.
2. HKEY_CURRENT_USER\Software\Microsoft\MSDRM\TemplateManagement
3. Create a 32 bit REG_DWORD named UpdateFrequency, enter 1 in the value. Value: Number of day between downloads
Step 6 – Delete Last Update(Optional)
NOTE: This step must be configured at user logon profile. Repeat this step for different user logon profile.
1. Open Regedit and go to the below location
2. HKEY_CURRENT_USER\Software\Microsoft\MSDRM\TemplateManagement
3. Delete lastUpdatedTime
4. Close the regedit and restart the client.
No comments:
Post a Comment