limws: Install and Configure AD RMS Cluster

In this post, i'm going to show you the rights policy template configuration.

Configure Policy Template File Location

You may configure a template file location to store all the copies template from the configuration database. These templates are mirrored copy.

1. Logon to RMS01, enter the following cmdlet into Windows PowerShell to create a RMSTemplates folder into D drive.
New-Item D:\RMSTemplates -ItemType Directory

2. Enter the following cmdlet in Windows PowerShell to enable the share access for the RMSTemplates folder and assign the access right for AD RMS Service Group.
New-SmbShare -Name RMSTEMPLATES -Path D:\RMSTemplates -FullAccess "AD RMS Service Group"

3. Navigate to Rights Policy Template in Active Directory Rights Management Services. Click Change distributed rights policy templates file location

4. Set the file location to \\rms01.internal.local\rmstemplates which is the folder created in step 1 above

5. The template file location has been defined

Create AD RMS Policy
1. Logon to RMS01 or RMS02, launch Active Directory Rights Management Services and navigate to Rights Policy Templates. Click Create distributed rights policy template

2. Click Add

3. Enter the name and description of new template

4. Next

5. Grant the users and rights. You may grant the users by group.

Full Control – If granted, this right allows a user to exercise all rights in the license, whether or not the rights are specifically granted to that user.
View – If this right is granted, the AD RMS client allows protected content to be decrypted. Typically, when this right is granted, the application will allow the user to view protected content.
Edit - If this right is granted, the AD RMS client allows protected content to be decrypted and then re-encrypted by using the same content key. Typically, when this right is granted, the application will allow the user to change protected content and then save it to the same file. This right is effectively identical to the Save right.
Save - If this right is granted, the AD RMS client allows protected content to be decrypted and then re-encrypted by using the same content key. Typically, when this right is granted, the application will allow the user to change protected content and then save it to the same file. This right is effectively identical to the Edit right.
Export (Save As) - If this right is granted, the AD RMS client allows protected content to be decrypted and then optionally re-encrypted by using the same content key. Typically, when this right is granted, the application will allow the user to use the “Save As” feature to save protected content to a new file. Depending on the application, the content might be saved without protection.
Print - Typically, when this right is granted, the application will allow the user to print protected content.
Forward - Typically, when this right is granted, the application will allow an e-mail recipient to forward a protected message.
Reply - Typically, when this right is granted, the application will allow an e-mail recipient to reply to a protected message and include a copy of the original message.
Reply All - Typically, when this right is granted, the application will allow an e-mail recipient to reply to all recipients of a protected message and include a copy of the original message.
Extract - Typically, when this right is granted, the application will allow the user to copy and paste information from protected content.
Allow Macros - Typically, when this right is granted, the application will allow the user to run macros in the document or use an editor to modify macros in the document.
View Rights - If this right is granted, the AD RMS client allows a user to create a new publishing license from the existing license, but the content key is not preserved.
Edit Rights - If this right is granted, the AD RMS client allows a user to edit the user rights that are assigned by the license while keeping the same content key.