Step 2: Verifying AD RMS Functionality

Applies To: Windows Server 2008, Windows Server 2008 R2

Once the content is decrypted, the user should then save the content without AD RMS protection. To use the decommissioning service, the user must have been previously enrolled within the AD RMS infrastructure. A user without an activated AD RMS client cannot use the decommissioning service to gain access to rights-protected content.

If the decommissioning service is working correctly, any user in the domain, using a computer with the AD RMS-enabled application configured to use the decommissioning service, can open any file that was rights-protected by the AD RMS cluster being decommissioned, remove the rights protection, and save the file. To verify this, you log on as Limor Henig, open the ADRMS-TST.docx file that was created with rights protection in the Windows Server Active Directory Rights Management Services Step-by-Step Guide, remove the rights protection, and save the file.

To save a document without rights protection

  1. Log on to ADRMS-CLNT as Limor Henig (cpandl\lhenig).

  2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.

  3. Click the Microsoft Office Button, click Open, and then type \\ADRMS-DB\PUBLIC \ADRMS-TST.docx.

  4. When the document opens, click the Change Permissions button and clear the Restrict permissions to this document check box, and then click OK.

  5. Save the file as you normally would anything other document.

You have successfully enabled the AD RMS decommissioning service, removed rights-protection from a document, and then saved it without rights-protection. Once you have ensured that all rights-protected content is decrypted and saved without rights-protection, you can unregister the SCP by using the Active Directory Rights Management Services console, uninstall AD RMS, and reprovision these servers for other services.