May 22, 2006

Windows Rights Management Tips

Windows Rights Management Tips

I have done a couple of RMS implementations recently and wanted to share my thoughts and some tips.

I can definitely see the pros for using RMS for ANY organization. Whether it is for confidential e-mail to customers or clients over the Internet using Microsoft Passports or in your domain for HR issues. The setup is straight forward and you do not need a lot of resources. You may not use it all the time, but it is a must have asset/tool for every Windows 2003 domain.

Here are the Microsoft links for RMS:

http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

http://www.microsoft.com/windowsserver2003/evaluation/news/bulletins/rm.mspx

RMS GPO setup for auto install of RMS client

Here is a generic procedure I have on how to create a GPO for RMS SP1.  You can use it as a guide to compare to.

1.              Create a new organizational units (OU) named RMSSP1.

2.              Right-click the RMSSP1 OU and choose Properties.

3.              Select the Group Policy tab.

4.              Click New to create a new Group Policy object (GPO).

5.              Click Edit to edit the new GPO.

6.              In the console tree, expand Computer Configuration, Software Settings and then select Software installation.

7.              Right-click on Software Installation and select Properties.

8.              On the General tab, select "Assign" for New Packages and "Uninstall the applications when they fall out of the scope of management."  Then click OK.

9.              Right-click on Software Installation and select New, Package...

10.          Provide a path to the MSDRMclient.msi file on a network shared folder that the client computers can access.

11.          Click OK to assign the package.

12.          Repeat steps 10 through 12 to create a Package that installs the RMClientBackCompat.msi file.

RMS when reading e-mail offline

What happens when you are on a plane reading your e-mail offline? You cannot view the RMS e-mail sent to you from you boss?

Here is the solution. If you use Outlook 2003 in cached mode, you can set the Outlook client to automatically license all RMS-protected emails during sync. This way you can ensure that all protected emails in your Inbox have corresponding use licenses downloaded and hence can be viewed.

Outlook in cached mode should do the above automatically. If not, here is the Registry key you will need.

Hive:     HKEY_CURRENT_USER

Key:     Software\Microsoft\Office\11.0\Outlook

Type:    REG_DWORD

Entry:   UserData

Value:   0x00000001

If this is not set, or the entry doesn’t exist, create it.

I would be interested if anyone has any more tips or comments.

Travis Davies

Sr Network Architect

Visionpace IT

www.visionpaceit.com

tdavies@visionpaceit.com

Posted by Travis Davies on May 22, 2006 | Permalink | Comments (0)