Step 1: Creating an AD RMS Rights Policy Template

Applies To: Windows Server 2008, Windows Server 2008 R2

To ease administration of the rights policy templates, AD RMS in Windows Server 2008 introduced a rights policy template creation wizard. To ease distribution of rights policy templates, AD RMS has also introduced a new rights policy template distribution pipeline. This new pipeline allows an AD RMS client to request rights policy templates stored on the AD RMS cluster and store them locally on the client computer. This functionality is available only with AD RMS clients in Windows Vista with Service Pack 1 (SP1) and Windows Server 2008.

For AD RMS clients that are not running on Windows Vista with SP1 or Windows Server 2008, you must manually distribute the rights policy templates from a central location to the client. Some distribution methods include using Systems Management Server, Group Policy, or manually copying the templates to the client computer.

This guide will demonstrate both the new template distribution and a manual distribution method. Manual distribution includes exporting the rights policy templates that are stored in the AD RMS configuration database to a shared folder on your network and then copying the rights policy templates to the client computer. This guide uses the shared folder that was created in the Windows Server Active Directory Rights Management Services Step-by-Step guide.

Note

The AD RMS Service Group must have Write access to the rights policy template shared folder in order for the rights policy template export function to work correctly.

To create a new AD RMS rights policy template

  1. Log on to ADRMS-SRV as cpandl\ADRMSADMIN.

  2. Open the Active Directory Rights Management Services Administration console. Click Start, point to Administrative Tools, and then click Active Directory Rights Management Services.

  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  4. In the Active Directory Rights Management Services Administration console, expand the cluster name.

  5. Right click Rights Policy Templates, and then click Properties.

  6. Select the Enable export check box, type \\adrms-db\public in the Specify templates file location (UNC) box, and then click OK.

  7. In the Actions pane, click Create Distributed Rights Policy Template to start the Create Distributed Rights Policy Template wizard.

  8. Click Add.

  9. In the Language box, choose the appropriate language for the rights policy template.

  10. Type CPANDL.COM CC in the Name box.

  11. Type CPANDL.COM Company Confidential in the Description box, and then click Add.

  12. Click Next.

  13. Click Add, type employees@cpandl.com in The e-mail address of a user or group box, and then click OK.

  14. Select the View check box to grant the EMPLOYEES@CPANDL.COM group Read access to any document created by using this AD RMS rights policy template.

  15. Click Finish.

Note

AD RMS in Windows Server 2008 introduces the concept of distributed and archived rights policy templates. Through the Active Directory Rights Management Services console, you can select rights policy templates to distribute to client computers and archive the rights policy templates that should not be distributed. An archived rights policy template allows the AD RMS server to generate end user licenses for rights-protected content that has a publishing license generated from that template. By default, a rights policy template is distributed. A rights policy template should not be deleted because any content protected by that rights policy template will not be accessible.