ExclusionPolicy object

  • Article

The ExclusionPolicy object manages AD RMS server exclusion policies. Exclusion policies deny new certificate and license requests made by compromised principals. They do not, however, revoke the principal. Administrators can use this object to exclude applications, legacy operating systems, user accounts, and legacy lockbox versions. You can retrieve this object by calling the ExclusionPolicy property on the Enterprise object.

Members

The ExclusionPolicy object has these types of members:

Properties

The ExclusionPolicy object has these properties.

Property Description
[Applications](exclusionpolicy-applications-property.md)
 Retrieves a collection of excluded applications.
[DisableLegacyWindowsVersions](exclusionpolicy-disablelegacywindowsversions-property.md)
 Specifies or returns a Boolean value that indicates whether computers running legacy operating systems are excluded. AD RMS support begins with Windows 2000.
[!Important]
This property may be altered or unavailable in subsequent versions of the operating system. See the [DisableLegacyWindowsVersions](exclusionpolicy-disablelegacywindowsversions-property.md) property page for further information about which operating systems support this property.

[Lockbox](exclusionpolicy-lockbox-property.md)
 Retrieves the minimum lockbox version that must be installed before a use license can be granted.
[UserAccounts](exclusionpolicy-useraccounts-property.md)
 Retrieves a collection of excluded user accounts.

Examples

DIM admin_role
DIM config_manager
DIM exclusionPolicy
DIM excludedAppColl
DIM lockbox
DIM excludedUserColl

  ' Create a Configuration Manager.
  CALL WScript.Echo( "Create ConfigurationManager object...")
  SET config_manager = CreateObject _
    ("Microsoft.RightsManagementServices.Admin.ConfigurationManager")      
  CheckError()

  CALL WScript.Echo( "Initialize...")
  admin_role=config_manager.Initialize(false,"localhost",80,"","","")
  CheckError()
    
   ' Retrieve the ExclusionPolicy object.
  SET exclusionPolicy = config_manager.Enterprise.ExclusionPolicy
  CheckError()

  ' Retrieve the collection of excluded applications.
  Set excludedAppColl = exclusionPolicy.Applications
  CheckError()

  ' Retrieve the ExcludedLockbox object.
  SET lockbox = exclusionPolicy.Lockbox
  CheckError()

  ' Retrieve the ExcludedUSerAccountCollection object.
  SET excludedUserColl = exclusionPolicy.UserAccounts
  CheckError()

' *******************************************************************
' Error checking function.

FUNCTION CheckError()
  CheckError = Err.number
  IF Err.number <> 0 THEN
    CALL WScript.Echo( vbTab & "*****Error Number: " _
                       & Err.number _
                       & " Desc:" _
                       & Err.Description _
                       & "*****")
    WScript.StdErr.Write(Err.Description)
    WScript.Quit( Err.number )
  END IF
END FUNCTION

Requirements
Minimum supported client
 None supported
Minimum supported server
 Windows Server 2008
Assembly
Microsoft.RightsManagementServices.Admin.dll

See also

Active Directory Rights Management Services Scripting API Reference