Edit a Rights Policy Template
Updated: December 30, 2007
Applies To: Windows Server 2008 R2, Windows Server 2012
To edit an existing rights policy template, use the following procedure.
Membership in the local AD RMS Template Administrators , or equivalent, is the minimum required to complete this procedure.
To edit a rights policy template
Open the Active Directory Rights Management Services console and expand the Active Directory Rights Management Services (AD RMS) cluster.
In the console tree, click Rights Policy Templates .
If you are editing a distributed rights policy template, click Manage Distributed Rights Policy Templates in the Actions pane. If you are editing an archived rights policy template, click Managed Archived Rights Policy Templates in the Actions pane.
In the results pane, click the name of the template to edit.
In the Actions pane, click Properties of the rights policy template.
On the Identification Information tab, modify the information in the Template name , and Template description areas as appropriate. You can add additional languages to Template language as necessary.
On the User Rights tab, do one or more of the following:
To add a user or group, in Users and rights , click Add , type the valid e-mail address of a specific user or group to select Anyone to allow all users to view content, and then click OK .
Select the name in Users and rights . In the Rights for area, select all rights to be granted to the selected user or group.
To modify the rights of an existing user or group, select the name in Users and rights , and then select or clear the rights check boxes, as appropriate.
To remove a user or group, select the name in Users and rights , and then click Remove .
To add a custom right, click Create Custom Right and then type the name of the right supported by your rights-enabled application.
To change the URL that users can request additional rights through in Rights request URL , type the new URL.
On the Expiration Policy tab, edit the information to change when content licenses expire and when they must be renewed, as appropriate.
Click Never Expires to set no expiration date on content that is protected with this rights policy template.
Click Expires on the following date (UTC) to set a specific date and time when the content protected with this rights policy template expires. The date and time are expressed in Coordinated Universal Time (UTC), also known as Greenwich Mean Time.
Click Expires after the following duration to set the content to expire after a set amount of days.
Under Use license expiration , set Expires after the following duration to force the user to request a new use license for all content protected by using this rights policy template.
On the Extended Policy tab, edit the information to change how content licenses are to be implemented, including the persistence of author rights, whether trusted browsers are supported, license persistence within the content, and enforcement of any application-specific data, as appropriate.
Select Enable users to view protected content using a browser add-on if you want content protected by this rights policy template to be accessible by means of a Web browser, such as Internet Explorer with the Rights Management add-on.
Select Require a new use license every time content is consumed if you want users to request a new use license whenever the content protected with this rights policy template is opened. The AD RMS client must be able to connect to the AD RMS cluster each time that this content is consumed. This is not ideal for offline publishing.
To add additional name/value pairs created with AD RMS-enabled applications, select the If you would like to specify additional information for your AD RMS-enabled application box.
On the Revocation policy tab, select whether a revocation list is to be required for content that is created by using this template. If you select Require revocation , complete the following settings, as appropriate:
In Location where the revocation list is published , type the URL where the revocation list file is posted. If you need to support disconnected users or external users, this URL should be accessible from both the corporate network and the Internet.
In Refresh interval for Revocation list , type the number of days that the revocation list remains valid. If a user has a copy of the revocation list that is older than this value, the user must obtain an updated revocation list to consume the content.
In File containing public key corresponding to the signed revocation list , type the path and file name of the public key file for the revocation list.
Be careful when implementing revocation. Based on the refresh interval that you specify, you must renew a revocation list periodically or it will automatically expire, preventing users from consuming content that requires that list. To ensure that you do not inadvertently prevent users from consuming content, carefully evaluate the interval you require for refreshing the revocation list.
- Click OK .
Once a rights policy template is edited on the cluster, the local copies of the template on the client computers must be updated as well.
- You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see http://go.microsoft.com/fwlink/?LinkId=136806.