Step 4: Verifying AD RMS Functionality using ADRMS-CLNT

Applies To: Windows Server 2008, Windows Server 2008 R2

To verify the functionality of the AD RMS deployment, you will log on to ADRMS-CLNT as Nicole Holliday and then restrict permissions on a Microsoft Word 2007 document so that Stuart Railson is only able to read the document but unable to change, print, or copy. You will then copy this document to a removable device (for example, a USB flash drive) and log on to a client computer that is not part of the organizational network, such as a home computer. In this example, ADRMS-EXCLNT serves as the home computer. After the file is copied to the USB flash drive, Stuart Railson logs on to the extranet client computer (ADRMS-EXCLNT) and verifies that he is able to open the rights-protected document from the USB flash drive.


A USB flash drive is not required in this scenario. Any means of getting the document to the extranet client computer will work, such as attaching the document to an e-mail message and sending it to Stuart. In that example, Stuart would then open the document contained in the e-mail message on the extranet client computer.

Use the following steps to restrict permissions on a Microsoft Word document:

To restrict permissions on a Microsoft Word document

  1. Log on to ADRMS-CLNT as Nicole Holliday (cpandl\nhollida).

  2. Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Office Word 2007.

  3. Type **This is a test of AD RMS Extranet functionality.**into the blank document page, click the Microsoft Office Button, point to Prepare, point to Restrict Permission, and then click Restricted Access.

  4. Select the Restrict permission to this document check box.

  5. In the Read box, type ****, and then click OK to close the Permission dialog box.

  6. Click the Microsoft Office Button, click Save As, and then save the file as ADRMS-TST.

  7. Copy ADRMS-TST.docx to a USB flash drive.

  8. Log off as Nicole Holliday.

Finally, open the document, ADRMS-TST.docx, on ADRMS-EXCLNT from the USB flash drive.

To view a protected document

  1. Log on to ADRMS-EXCLNT with the local user account that you want to use for consuming the rights-protected document.


Once this document has been consumed, any other user who logs on to the computer with the same user account will also be able to consume the document.

  1. Insert the USB flash drive, and then double-click the ADRMS-TST.docx file.

  2. In the User name box, type cpandl\srailson. In the Password box, type the password for Stuart Railson, and then click OK.

    The following message appears: "Permission to this document is currently restricted. Microsoft Office must connect to\_wmcs/licensin to verify your credentials and download your permissions."

  3. Click OK.

    The following message appears: "You are attempting to send information to an Internet site ( that is not in your Local, Intranet, or Trusted zones. This could pose a security risk. Do you want to send the information anyway?"

  4. Click Yes.

    The following message appears: "Verifying your credentials for opening content with restricted permissions…".

  5. When the document opens, click the Microsoft Office Button. Notice that the Print option is not available.

  6. Click View Permission in the message bar. You can see that (Stuart Railson) has been restricted to so that he can only read the document.

  7. Click OK to close the My Permissions dialog box, and then close Microsoft Word.

You have successfully deployed and demonstrated the functionality of AD RMS in an extranet, using the simple scenario of applying restricted permissions to a Microsoft Word 2007 document. You can also use this deployment to explore some of the additional capabilities of AD RMS through additional configuration and testing.