RMS FAQ: Rights Policy Templates

  • Article

Applies To: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

RMS Templates FAQ

  • Can I enforce a default RMS template on all content created within an organization so an enterprise could ensure a minimum set of rights?

  • Where are the RMS policy templates located?

  • When templates are created, user aliases and distribution lists (DLs) are bound to them. How can an organization with multiple departments provide templates with the same basic rights but grant those rights to different groups depending on the content?

  • Are the rights applied to a document static? If a file is sent and the rights need to be changed later, can this be done given the publishing license is embedded within the file and not on the RMS "policy" server?

Can I enforce a default RMS template on all content created within an organization so an enterprise could ensure a minimum set of rights?

Yes. By using the Rights Management Services SDK, a custom application could be developed that could enforce whatever templates were required. However, the Information Rights Management implementation in Office 2003 and later does not support the enforcement of templates on content.

Where are the RMS policy templates located?

Template location is determined by the RMS-enabled application. For Office 2003 and later, it is stored as a user setting in the registry in the following location:

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\DRM\AdminTemplatePath

-or-

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM\AdminTemplatePath for Microsoft Office 2007.

Note

If this entry points to a local folder on the client, the template files must be copied to the client. If this points to a network shared folder, it will be unavailable when the user is offline.

When templates are created, user aliases and distribution lists (DLs) are bound to them. How can an organization with multiple departments provide templates with the same basic rights but grant those rights to different groups depending on the content?

There are two solutions to this scenario:

  • Create a single template called “Company Confidential” that is licensed to all employees in your business unit, and then use that template in e-mail and address the e-mail to specific people. The benefit is that it requires a single template for each business unit for e-mail and can be restricted to users based on who you send it to. The disadvantage is that anyone outside the group it was originally sent to could still read it.

  • Alternatively, create multiple templates, including one for each distribution list. Although this provides much more precise control, it also means that the IT department must support multiple templates.

Are the rights applied to a document static? If a file is sent and the rights need to be changed later, can this be done given the publishing license is embedded within the file and not on the RMS "policy" server?

Yes, this is possible when an RMS policy template is used: When content is published using an RMS policy template, the definition of the policy remains on the server, and can be changed by an administrator after the content is published. When a user requests a license for the content, the license will grant rights according to the current policy as defined on the server. If rights are changed after a use license has been issued to a user, the user will continue to be granted the rights in effect at the time the use license was issued. To enable you to apply a new rights policy template after the content has been published, enable an expiration policy for your template and then specify the option Use licenses for content must be renewed every: n days. For n, specify the number of days after which a user must request a new use license.