Step 3: Configuring AD RMS Extranet Client

Applies To: Windows Server 2008, Windows Server 2008 R2

To configure the AD RMS extranet client computer (ADRMS-EXCLNT), you must install Windows Vista, configure TCP/IP properties, create an entry in the local HOSTS file, import the ADRMS-SRV server authentication certificate, and then install an AD RMS enabled application. In this example, Microsoft Office Word 2007 is installed on ADRMS-EXCLNT.

To install Windows Vista

  1. Start your computer using the Windows Vista product CD.

  2. Follow the instructions that appear on your screen, and when prompted for a computer name, type ADRMS-EXCLNT.

Next, configure TCP/IP properties so that ADRMS-EXCLNT has a static IP address of

To configure TCP/IP properties

  1. Click Start, click Control Panel, click Network and Internet, double-click Network and Sharing Center, click Manage Network Connections in the left pane, right-click Local Area Connection, and then click Properties.

  2. On the Networking tab, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

  3. Select the Use the following IP address option. In IP address, type, in Subnet mask, type

  4. Click OK, and then click Close to close the Local Area Connection Properties dialog box.

  5. Close the other open windows and return to the desktop.

In this guide, a test environment without an external DNS server is used. In order for the extranet cluster URLs to resolve to its appropriate IP address, you must create a manual entry in the HOSTS file that points to ISA-SRV.


In a production environment, this step is not required because the extranet client computer's Internet Service Provider will handle the DNS resolution.

To create an entry in the HOSTS file for AD RMS extranet cluster URL

  1. Log on to ADRMS-EXCLNT as a member of the local Administrators group.

  2. Click Start, point to All Programs, click Accessories, and then click Notepad.

  3. Within Notepad, click File, and then click Open.

  4. Navigate to C:\windows\System32\drivers\etc\HOSTS, and then click Open.


To show the HOSTS file, when you get to the etc folder you must select All Files (above the Open button).

  1. On a new line at the bottom of the file, type

  2. Save and close the HOSTS file.

Next, import the ADRMS-SRV server authentication certificate into the Trusted Root Certification store on ADRMS-EXCNT. This is only required when using self-signed certificates. In a production environment, the certificate should be trusted by a certification authority.

To import the server authentication certificate to the ADRMS-EXCLNT computer

  1. Log on to ADRMS-EXCLNT with a user account that is a member of the local Administrators group.

  2. Click Start, point to All Programs, and then click Internet Explorer.

  3. In the Address bar, type, and then press ENTER.

  4. On the Certificate Error: Navigation Blocked Web page, click Continue to this website (not recommended).

  5. In the User name box, type CPANDL\srailson. In the Password box, type the password for Stuart Railson, and then click OK.

  6. In the Address Bar, click Certificate Error, and then click View Certificates.

  7. On the Certificate Information page, click Install Certificate.

  8. On the Welcome to the Certificate Import Wizard page, click Next.

  9. Select the Place all certificates in the following store option, click Browse, click Trusted Root Certification Authorities, and then click OK.

  10. Click Next, and then click Finish.

  11. Click Yes, accepting the security warning. This only happens because self-signed certificates are used.

  12. Click OK, confirming that the certificate import was successful.

  13. Click OK to close the Certificate Information window.

  14. Close Internet Explorer.

Finally, install Microsoft Office Word 2007 Enterprise.

To install Microsoft Office Word 2007 Enterprise

  1. Double-click setup.exe from the Microsoft Office 2007 Enterprise product CD.

  2. Click Customize as the installation type, set the installation type to Not Available for all applications except Microsoft Office Word 2007 Enterprise, and then click Install Now. This might take several minutes to complete.


Only the Ultimate, Professional Plus, and Enterprise editions of Microsoft Office 2007 allow you to create rights-protected content. All editions will allow you to consume rights-protected content.