Trusted Publishing Domains

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

By default, servers in RMS clusters do not issue use licenses against publishing licenses that are issued by an RMS server that are in a different cluster. There are situations, however, when the same server or cluster cannot issue both publishing and use licenses for a piece of rights-protected content. This can occur, for example, when a particular RMS cluster is retired and another takes its place, such as when two companies merge. In this situation, an RMS cluster needs to have the ability to issue use licenses against publishing licenses that were created by a different RMS cluster.

You can configure one RMS cluster to trust the publishing licenses that are issued by a different RMS cluster and issue use licenses against them by implementing a trusted publishing domain. To do this, import the server licensor certificate and private key from the other cluster, and then add it to the list of trusted publishing domains. The private keys that are imported are used only for decrypting signed publishing licenses, and not for signing new licenses.

For more information about trusted user domains and step-by-step instructions, see "Adding and Removing Trusted Publishing Domains" and "Establish Trust Policies" in "RMS: Operations" in this documentation collection.