To Add a Rights Policy Template

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To perform this procedure, you must be logged on locally to the administration Web site with a domain user account that is a member of the Administrators group. As a security best practice, consider using Run as to perform this procedure.

Adding a Rights Policy Template

To Add a Rights Policy Template

  1. Log on to server as a member of the local Administrators group.

  2. Click Start, point to All Programs, point to Windows RMS, and then click Windows RMS Administration to open the Global Administration page.

  3. Next to the Web site on which you want to add a rights policy template, click Administer RMS on this Web site.

  4. In the Administration links area, click Rights policy templates.

  5. In Language, click to select which language you want the template to use.

  6. Click Add a rights policy template.

  7. In the Template identification area, specify a name, description, and rights request URL for the template.

  8. In the Users and groups area, in Add users or groups, type the valid e-mail address of a user or group to add, and then click Add. Repeat to add additional users or groups as necessary.

  9. In Current users or groups, select the e-mail address of a user or group to which to assign rights.

  10. Select the check boxes of all rights to grant to the selected user or group. Repeat to grant rights to the remaining users and groups.

  11. In the Expiration policy area, select one of the three expiration options, and then specify an expiration date or time, as appropriate. If appropriate, select Use licenses for content must be renewed every, and specify the number of days between renewals.

  12. In the Extended policy area, select one or more of the four options. If you select Enforce application-specific data, specify a name and value for the data to be enforced, and then click Add.

  13. To implement revocation, in the Revocation policy area, select the Require revocation check box, and then take the following steps:

    1. In URL or UNC, type the URL to where the revocation list file is posted. If you need to support disconnected users or external users, this URL should be accessible from both the internal network and the Internet.

    2. In Revocation list refresh interval, type the number of days that the revocation list remains valid. If a user has a copy of the revocation list that is older than this value, the user must obtain an updated revocation list to consume the content.

    3. In Public key file, type the path and file name, or click Browse to locate the public key file for the revocation list.


    Be careful when implementing revocation. Based on the refresh interval that you specify, you must renew a revocation list periodically or it will automatically expire, preventing users from consuming content that requires that list. To ensure that you do not inadvertently prevent users from consuming content, carefully evaluate the interval you require for refreshing the revocation list. For more information, see "Managing Revocation" earlier in this subject.

  14. Click Submit.

For more information about revocation, see "Managing Revocation" earlier in this subject.

For considerations on specifying revocation options, see "Defining Revocation Policies" earlier in this subject.

For more information about performing this procedure, see "Creating and Modifying Rights Policy Templates" earlier in this subject.