Granting the AD RMS Service Group Permission to the SSL Certificate

Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1

After enrolling the cluster with the Microsoft Federation Gateway or updating the token decryption certificate, you must grant the AD RMS Services group permission to access the token decryption certificate on all servers in the cluster.

Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.

To grant permission to the AD RMS Services group for the SSL certificate

  • At the Windows PowerShell command prompt, type:

    Update-RmsMfgEnrollment -SetCertificatePermissions

See Also


Using Windows PowerShell to Administer AD RMS
Configuring Microsoft Federation Gateway Support
Installing Microsoft Federation Gateway Support
Updating a Microsoft Federation Gateway Support Certificate

Other Resources

Understanding AD RMS Trust Policies
Understanding the Microsoft Federation Gateway