Distributing the RMS Client

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The RMS client is built into the Windows Vista® operating system so that the RMS client is no longer a separate installation. Operating systems prior to Windows Vista require you to install the RMS client software, and then activate it.

The activation process establishes a lockbox and computer certificate for the currently logged-on user. Activation is a local process and does not require a network connection. Once activation is successful, the first request for a use license by an RMS-enabled application obtains a user certificate for the user. The RMS client can be installed on each client computer in the organization by using Group Policy, Windows Update, or an administrative script.


Whichever client distribution method is used, the RMS client uses a port, by default this is either port 80 or port 443, to communicate with the RMS server. You should make sure that the client computer is able to make outbound requests to the RMS root and licensing-only clusters on those ports.

Using Group Policy

If your organization distributes software by using Group Policy, this method can be used to distribute the RMS client using elevated privileges. If the RMS client is distributed this way, the user does not require administrator privileges and can install the RMS client either by using Add or Remove Programs in Control Panel or by opening rights-protected content with an RMS-enabled application.

Using Windows Update

Windows Update provides the simplest way to install RMS client on a computer. This method has the advantage of using a mechanism that is familiar to users, but it requires that the user installing the RMS client have local administrative rights on the computer.

Using Scripted Installation

To have the highest level of control over the process of client installation, you can acquire the software and then validate its integrity at every step of the installation process by running a script. This script can be written and added to a Group Policy Object (GPO) object as a startup script. With this method, the user does not have to be a local administrator on the computer and the RMS client is automatically installed upon reboot.

A sample script is shown below:

Set objShell = Wscript.CreateObject("Wscript.Shell")
objShell.run "WindowsRightsManagementServicesSP2-KB917275-Client-ENU.exe -override 1 /I MsDrmClient.msi REBOOT=ReallySuppress /q -override 2 /I RmClientBackCompat.msi REBOOT=ReallySuppress /q"

For basic information about distributing the RMS client by using Group Policy, see Setting Up SMS or Group Policy to Support Client Deployment later in this subject.

For procedural guidance about RMS client deployment see How to Deploy the RMS Client later in this subject.