RMS Decommissioning Service

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The Decommissioning service is a custom Web service that is installed by RMS Setup. It runs on both the root cluster and licensing-only clusters. When you enable this service, all of the other RMS Web services on the server are disabled.

This service decrypts the content key that is in the publishing license of rights-protected content and provides this key to the client in response to a licensing request. This enables the content to be saved without RMS protection. The decommissioning service logs all client requests that are made to it, and sends them to the logging listener service to be recorded in the logging database.

You can enable the Decommissioning service from the Security settings page of the Administration Web site. After you enable this service, you cannot restore the server cannot to a standard RMS configuration.

After you enable the service, you should set the DACL of the decommission.asmx file to allow access to users who are in your enterprise that have used this server to license their content and add the RMS Service Group to the DACL with read and execute permissions to enable RMS to manage its operation. After all of the content that is published by this server has been unprotected, you should back up the private key information, and then remove RMS from the server.

The default access control list on this service is shown in the following table:

User or Group Default Permission


Full Control