Automated propagation through default job in Vista SP1

Updated: June 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2

The AD RMS client in Windows Vista SP1 requests rights policy templates from the AD RMS cluster by using a scheduled task, which is configured to query the template distribution pipeline on the AD RMS cluster and then gather the templates from that path. This job can be set as automated for internal use or executed manually for use from machines with sporadic connectivity to the AD RMS cluster.

A scheduled task is configured by default in Windows Vista to run up to one hour after a user logs on to the computer and every morning at 3:00 A.M. This scheduled task is disabled by default but you can enable and change the default configuration by using the Task Scheduler control panel or via Group Policy. After the scheduled task is enabled you must configure a registry entry so that Microsoft Office 2007 can locate the directory in which the rights policy templates are stored.

The automated scheduled task works only on computers that are joined to your organization’s domain. There is also a manual scheduled task that should be used for users with a domain account who are using a client computer that is not joined to your organization’s domain. The manual task will only download the templates immediately after being started and when the user logs in. In order for the manual scheduled task to work in such clients, you must configure the Enterprise Publishing client registry override found in the following registry entry: HKEY_LOCAL_MACHINE\Software\Microsof\MSDRM\ServiceLocation\EnterprisePublishing

To enable the automated scheduled task in a Windows Vista AD RMSclient:

  1. Log on to an AD RMS client with an account that has administrative rights to the client.

  2. Click Start, and then click Control Panel.

  3. Double-click Administrative Tools, and then double-click Task Scheduler.

  4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  5. Expand Task Scheduler Library, expand Microsoft, expand Windows, and then click Active Directory Rights Management Services Client.

  6. Right-click AD RMS Rights Policy Template Management (Automated), and then click Enable.

  7. Close Task Scheduler.

  8. Log on to an AD RMS client with a standard user account, wait for about an hour, and check the following directory: %LocalAppData%\Microsoft\DRM\Templates where %LocalAppData% equals C:\Users\logonID\AppData\Local. Once the rights policy templates are copied to the client, you are ready to use the templates.

You can configure the template download path by using the following registry entry:

  1. Click Start, type regedit.exe in the Start Search box, and then press ENTER.

  2. Expand the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM (if any of the subkeys do not exist, create them).

  3. Right-click DRM, click New, and then click Expandable String Value.

  4. In the Value name box, type AdminTemplatePath, and then press ENTER.

  5. Double-click the AdminTemplatePath registry value and type %LocalAppData%\Microsoft\DRM\Templates in the Value data box, and then click OK.

  6. Close Registry Editor.

The automated scheduled task can also be enabled from the command prompt or though Systems Management Server or Group Policy by using the following command:

schtasks /Change /TN “\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)” /ENABLE.

The automated scheduled task will not query the AD RMS template distribution pipeline each time that this scheduled task runs. Instead, it checks the updateFrequency DWORD value registry entry. This registry entry specifies the time interval (in days) after which the client should update its rights policy templates. By default the registry key is not present on the client computer. In this scenario, the client checks for new, deleted, or modified rights policy templates every 30 days. To configure an interval other than 30 days, create a registry entry at the following location: HKEY_CURRENT_USER\Software\Microsoft\MSDRM\TemplateManagement. In this registry key, you can also configure the updateIfLastUpdatedBeforeTime value, which forces the client computer to update its rights policy templates.