RMS Client Enrollment

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Client computers can enroll with the RMS publishing service to receive an RMS client licensor certificate, which allows authors to publish rights-protected content when their computers are not connected to the corporate network. In this case, the client computer, rather than the publishing service, signs and issues the publishing licenses that contain the usage rights information for rights-protected content that is published from that computer.

The RMS publishing service issues client licensor certificates.

Client enrollment includes the following steps:

1. The client computer sends the user's rights account certificate in an enrollment request to the publishing service that is running on the root cluster, or on a licensing-only cluster.

2. The server validates that client enrollment is allowed, based on the network administrator settings, and that the rights account certificate is not on an exclusion list that is in the configuration database. For more information about how to create exclusion lists, see "Managing Exclusion Policy" in "RMS: Operations" in this documentation collection.

3. The publishing service creates a key pair for the client computer. It creates a client licensor certificate and places the public key in the certificate. It encrypts the private key with the rights account certificate public key, and then places it in the certificate.

4. The publishing service issues a client licensor certificate to the client computer.