Step 3: Verifying AD RMS Functionality

Applies To: Windows Server 2008, Windows Server 2008 R2

The AD RMS client is included in the default installation of Windows Vista and Windows Server 2008. Previous versions of the client are available for download for some earlier versions of the Windows operating system. For more information, see the Windows Server 2003 Rights Management Services page on the Microsoft Windows Server TechCenter (https://go.microsoft.com/fwlink/?LinkId=68637).

Before you can consume rights-protected content, you must add the AD RMS cluster URL and the AD RMS licensing-only cluster URL to the Local Intranet security zone for all users who will be consuming rights-protected content.

To add AD RMS cluster to Local Intranet security zone

1. Log on to ADRMS-CLNT as Nicole Holliday (cpandl\NHOLLIDA).

2. Click Start, click All Programs, and then click Internet Explorer.

3. Click Tools, and then click Internet Options.

4. Click the Security tab, click Local intranet, and then click Sites.

5. Click Advanced.

6. In the Add this website to the zone box, type https://adrms-srv.cpandl.com, and then click Add.

7. In the Add this website to the zone box, type https://cpandl-adrmslic.cpandl.com, and then click Add.

8. Click Close, and then click OK twice.

9. Repeat steps 1–8 for Stuart Railson and Limor Henig.

To verify the functionality of the AD RMS deployment, you log on as Nicole Holliday and then restrict permissions on a Microsoft Word 2007 document so that members of the CP&L Engineering group are able to read the document but unable to change, print, or copy. You then log on as Stuart Railson, verifying that the proper permission to read the document has been granted, and nothing else. Then, you log on as Limor Henig. Since Limor is not a member of the Engineering group, he should not be able to consume the rights-protected file.

To restrict permissions on a Microsoft Word document

1. Log on to ADRMS-CLNT as Nicole Holliday (cpandl\NHOLLIDA).

2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.

3. Type CP&L engineering employees can read this document, but they cannot change, print, or copy it on the blank document page.

4. Click the Microsoft Office Button, click Prepare, click Restrict Permission, and then click Restricted Access.

5. Click the Restrict permission to this document check box.

6. In the Read box, type engineering@cpandl.com, and then click OK to close the Permission dialog box.

7. Click the Microsoft Office Button, click Save As, and then save the file as \\ADRMS-DB\Public\ADRMS-TST.docx.

8. Log off as Nicole Holliday.

Next, log on as Stuart Railson and open the document, ADRMS-TST.docx.

To view a rights-protected document

1. Log on to ADRMS-CLNT as Stuart Railson (cpandl\SRAILSON).

2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.

3. Click the Microsoft Office Button, and then click Open.

4. In the File name box, type \\ADRMS-DB \Public\ADRMS-TST.docx, and then click Open.

   The following message appears: "Permission to this document is currently restricted. Microsoft Office must connect to https://cpandl-licadrms.cpandl.com:443/\_wmcs/licensing to verify your credentials and download your permission."

5. Click OK.

   The following message appears: "Verifying your credentials for opening content with restricted permissions…".

6. When the document opens, click the Microsoft Office Button. Notice that the Print option is not available.

7. Close Microsoft Word.

8. Log off as Stuart Railson.

Finally, log on as Limor Henig and verify that he is not able to consume the rights-protected file.

To attempt to view a rights-protected document

1. Log on to ADRMS-CLNT as Limor Henig (cpandl\LHENIG).

2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.

3. Click the Microsoft Office Button, and then click Open.

4. In the File name box, type \\ADRMS-DB\Public\ADRMS-TST.docx, and then click Open.

   The following message appears: "Permission to this document is currently restricted. Microsoft Office must connect to https://cpandl-licadrms.cpandl.com:443/\_wmcs/licensing to verify your credentials and download your permission."

5. Click OK.

6. The following message appears: "You do not have credentials that allow you to open this document. You can request updated permission from nhollida@cpandl.com. Do you want to request updated permission?"

7. Click No, and then close Microsoft Word.

You have successfully deployed and demonstrated the functionality of an AD RMS licensing-only cluster, using the simple scenario of applying restricted permissions to a Microsoft Word 2007 document.