Excluding Lockbox Versions

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can ensure that clients use a minimum version of the RMS client software by using the lockbox version that was associated with the client to exclude the previous versions of the RMS client software. When you enable this feature, you specify the latest minimum lockbox version that was signed by the Microsoft Activation Service. You then enable lockbox exclusion on the administration Web site of each cluster on which you want it to take effect. All certification and licensing requests are checked to make sure that the lockbox meets the minimum version criteria.

If you have enabled exclusion based on lockbox version, clients that are using a version of the lockbox software that is earlier than the specified version cannot acquire rights account certificates or use licenses because their requests will be denied. These clients must install a new version of the RMS client software to acquire a new lockbox that uses the current version of the software.

The RMS client for Service PackĀ 2 (SP2) uses a lockbox version greater than or equal to By setting lockbox exclusion to that minimum version, you will force the RMS clients in your organization to upgrade to the RMS client for SP2 to consume rights-protected content.

If a user who has an excluded lockbox was previously issued licenses for content, the user can still consume that content without acquiring a new lockbox.


If you decide to use lockbox exclusion to force clients in your organization to upgrade to the RMS client with SP2, you should be aware of the variety of clients that use your system and plan for different methods of client upgrades as necessary. For example, if a client is not part of your enterprise domain, such as a user who is using a trusted browser to read e-mail through a Web mail client from home or a trusted partner whose organization is not deploying RMS with SP2 on the same timeline as your organization, the client could be put into a continuous loop of rejection, re-certification of their version 1.0 client, and subsequent rejection.