How to Deploy the RMS Client
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you are using Microsoft Windows XP or Microsoft Windows 2000, the Rights Management Services (RMS) client must be installed before you can use any RMS features, such as Information Rights Management in Microsoft® Office System 2003 and the Rights Management Add-on for Internet Explorer. The RMS client is built into Windows Vista® and Windows® 7.
Many organizations choose to control the deployment of the client software in their organization. Either Systems Management Server (SMS) or Group Policy can be used to deploy the RMS with Service Pack 2 (SP2) client.
Before you begin your deployment, see http://go.microsoft.com/fwlink/?LinkId=67736 to download the RMS client.
The RMS client has been integrated into Windows Vista. Therefore, a separate installation is no longer required.
Extracting the Installation Files
After you download the WindowsRightsManagementServicesSP2-KB917275-Client-ENU.exe file, you must extract the Microsoft® Windows® Installer files from the executable package.
You can use the following command at a command prompt to do this:
WindowsRightsManagementServicesSP2-KB917275-Client-ENU.exe /x <path>
where <path> is the target directory in which you want to place the extracted files.
Running this command extracts the following files to the target directory you specified:
This is a wrapper file that is used by the executable file to install the other files included. It is not used when installing the RMS with SP2 client by using SMS or Group Policy.
This is the installation file for the RMS with SP2 client. This installation uninstalls any previous version of the RMS client on a computer. This program should be installed on client computers first.
This is the installation file that identifies the new RMS with SP2 client to RMS-enabled applications (such as Microsoft Office Professional 2003 or 2007 Microsoft Office System) that are dependent on the previous version of the RMS client so that the RMS with SP2 client can be used instead. This program should be installed on client computers after the MSDrmClient.msi has been successfully installed.
Whichever installation method you choose to implement, ensure that both Windows Installer files are successfully installed. If an error occurs that prevents installation of MSDrmClient.msi, do not install RMClientBackCompat.msi.
Deploy RMS Client by Using an Unattended Installation
Extracting the files to install the Windows Installer files is optional. You can also deploy the RMS client by using an unattended installation method. You can use the following command at a command prompt to do this:
WindowsRightsManagementServicesSP2-KB917275-Client-ENU.exe -override 1 /I MsDrmClient.msi REBOOT=ReallySuppress /q -override 2 /I RmClientBackCompat.msi REBOOT=ReallySuppress /q
This command starts the unattended installation of the RMS client.
Because this is an unattended installation, the installer does not inform you when it is complete. Unattended installations are usually run in a batch or script file.
Deploy RMS Client Using SMS
To deploy the RMS client by using SMS
Open the SMS Administrator console.
Expand the site database you want to use.
In the left pane, right-click Packages, choose New, and then click Package From Definition.
Create packages from the MSDRMClient.msi and the RMClientBackCompat.msi files. The packages should have the following properties:
For Command line, type the following:
msiexec.exe /q ALLUSERS=2 /m MSIDGHOG /i "<file_name>.msi"
MSIDGHOG is a random value. Replace <file_name> with the name of the Windows Installer file that this package will be installing.
For Run, select the Hidden option.
For After running, select the No action required option.
For Category, select the Administrative Software option.
For Estimated disk space, type 445 KB.
For Maximum allowed run time, select Unknown.
Select the This program can run on any platform check box.
For Program can run, select the Whether or not a user is logged on option.
For Run mode, select the Run with administrative rights option.
For Drive mode, select the Runs with UNC name option.
Clear the Run another program first check box.
Clear the Suppress program notification check box under When the program is assigned to a computer.
Clear the Disable this program on computers where it is advertised check box.
Set the Access Accounts and Distribution Points as appropriate for your organization.
Create an advertisement to the appropriate collection. It is recommended that you use the Per-system unattended program in an SMS deployment.
Schedule this advertisement according to the needs of your organization.
Deploy RMS Client by using Group Policy
You can use the Software Installation and Maintenance feature of Group Policy to deploy the RMS client on target computers.
Group Policy is the recommended method for actively managing the deployment of the RMS clients for small- to medium-sized organizations or ones who are not already using a corporate update management solution such as Systems Management Server 2003.
When you use Group Policy to distribute a program, you can assign the program to computers. The program is installed when the computer starts and is available to all users who log on to the computer. For more information about Group Policy, see Designing a Group Policy Infrastructure (http://go.microsoft.com/fwlink/?linkid=24328). This procedure assumes you are using the Group Policy Management Console (GPMC). To download GPMC, see Group Policy Management Console with Service Pack 1 (http://go.microsoft.com/fwlink/?linkid=21813).
The following procedure provides a quick guide for administrators unfamiliar with Group Policy–based distribution of software. You can modify these steps as necessary to meet the needs of your organization.
To deploy the RMS client by using Group Policy
On a domain controller, open the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in.
Create a new organizational unit (OU) or select an existing OU.
If you created a new OU, add the computers on which you want to install the RMS Client.
Right-click the OU, and then choose Properties.
Select the Group Policy tab.
Click New to create a new Group Policy object (GPO).
Click Edit to edit the new GPO.
In the console tree, expand Computer Configuration, Software Settings, and then select Software installation.
Right-click in the details pane, click New, and then click Package.
Provide a path to the MSDRMclient.msi file on a network shared folder that the client computers can access.
Click OK to assign the package.
Repeat steps 5 through 10 to create a GPO that installs the RMClientBackCompat.msi file.
You cannot use Group Policy to distribute the RMClientBackCompat.msi file if the domain controller is running Windows Server 2008 or Windows Server 2008 R2.
These steps are provided only as guidance for users that are not experienced in using Group Policy. If you are an experienced Group Policy administrator, you can follow your own operational procedures to distribute the MSDrmClient.msi package. In addition, these steps are for a domain controller running Windows Server 2003 — the process and terminology might be different on a Windows 2000 domain.
Upgrading from a Previous Version
It is possible to use an unattended installation method within a script that will detect whether the RMS with SP2 client is installed. If the client is not installed, the script either upgrades the existing client or installs the RMS with SP2 client. The script is as follows:
Set objShell = Wscript.CreateObject("Wscript.Shell") Set objWindowsInstaller = Wscript.CreateObject("WindowsInstaller.Installer") Set colProducts = objWindowsInstaller.Products For Each product In colProducts strProductName = objWindowsInstaller.ProductInfo (product, "ProductName") if strProductName = "Windows Rights Management Client with Service Pack 2" then strInstallFlag = "False" Exit For else strInstallFlag = "True" end if Next if strInstallFlag = "True" then objShell.run "WindowsRightsManagementServicesSP2-KB917275-Client-ENU.exe -override 1 /I MsDrmClient.msi REBOOT=ReallySuppress /q -override 2 /I RmClientBackCompat.msi REBOOT=ReallySuppress /q " else wscript.echo "No installation required" end if
This script does not work with Windows Vista because the RMS client is built into the operating system.