Editing a Rights Policy Template
Updated: October 22, 2009
Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1
There are two methods available for modifying an existing rights policy template. One method enables you to change all the settings of a rights policy template with a single command. The other method allows you to change individual settings without affecting other settings of the rights policy template.
Modifying all settings with a single command
By using the Set-Item cmdlet, you can modify all the settings of a rights policy template with a single command. The Set-Item cmdlet uses the same parameters as the New-Item cmdlet that you can use to create a rights policy template.
Important
When you use this method to modify an existing rights policy template, any optional parameters that you do not specify on the command line will revert to their default settings.
Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.
To modify all the settings of a rights policy template
At the Windows PowerShell command prompt, type:
Get-ChildItem -Path<drive>:\RightsPolicyTemplatewhere <drive> is the name of the Windows PowerShell drive. Note the ID of the rights policy template that you want to modify.
At the Windows PowerShell command prompt, type:
Set-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>-LocaleName<locale_names>-DisplayName<display_names>-Description<descriptions> [-UserGroup<user_list> [-Right<standard_rights>] [-CustomRight<custom_rights>]] [-RightsRequestUrl<url>] [-ContentExpiredOnDateInDaysOrNever<expiration>] [-UserLicenseRenewalInDays<days>] [-ArchivedTemplate] [-EnableViewInTrustedBrowser] [-EnableOnetimeLicense] [-ExtendedAppName<pair_names>-ExtendedAppValue<pair_values>] [-RevocationLocation<list_url>-RevocationRefreshPerDays<days>-RevocationPublicKeyFilePath<path>]where <drive> is the name of the Windows PowerShell drive, and <template_ID> is the ID of the rights policy template you found in the previous step. For information about the parameters and values for this cmdlet, see Creating a New Rights Policy Template.
Tip
Rather than typing out the entire rights policy template ID on the command line, you can type the first few characters and then press the TAB key. Windows PowerShell will then complete the ID for you.
Modifying individual settings
You can modify a rights policy template by traversing the portion of the AD RMS administration namespace in Windows PowerShell that represents rights policy templates and creating, removing, and setting properties of objects in that namespace. The following procedures describe how to work with objects in the subcontainers of the \RightsPolicyTemplate container. For more information about specific settings, see Creating a New Rights Policy Template.
To modify identification information settings of a rights policy template
At the Windows PowerShell command prompt, type:
Get-ChildItem -Path<drive>:\RightsPolicyTemplatewhere <drive> is the name of the Windows PowerShell drive. Note the ID of the rights policy template that you want to modify.
Do one of the following:
To add a language to the rights policy template, at the Windows PowerShell command prompt, type:
New-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\IdentificationInfo -Name<locale>-DisplayName<display_name>-Description<description>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <locale> is the locale code (such as en-US), <display_name> is the language-specific name of the template to display to the user, and <description> is the language-specific description of the rights policy template.
To modify an existing language in a rights policy template, at the Windows PowerShell command prompt, type:
Set-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\IdentificationInfo\<locale>-DisplayName<display_name>-Description<description>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <locale> is the locale code (such as en-US), <display_name> is the language-specific name of the template to display to the user, and <description> is the language-specific description of the rights policy template.
To delete an existing language in a rights policy template, at the Windows PowerShell command prompt, type:
Remove-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\IdentificationInfo\<locale>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, and <locale> is the locale code (such as en-US) of the language you want to remove.
To modify user rights settings of a rights policy template
At the Windows PowerShell command prompt, type:
Get-ChildItem -Path<drive>:\RightsPolicyTemplatewhere <drive> is the name of the Windows PowerShell drive. Note the ID of the rights policy template that you want to modify.
Do one of the following:
To modify the custom rights list of a rights policy template, at the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\RightsPolicyTemplate\<template_ID>\UserRight -Name CustomRightDefinitionList -Value<custom_right>[,<custom_right>…]where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, and <custom_right> is the name of one of the custom rights you want to be able to assign to users in this rights policy template.
To add a user or group to a rights policy template, at the Windows PowerShell command prompt, type:
New-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\UserRight -Name<e-mail_address> [-FullControl] [-View] [-Edit] [-Save] [-Export] [-Print] [-Forward] [-Reply] [-ReplyAll] [-Extract] [-AllowMacros] [-ViewRightsData] [-EditRightsData] [-CustomRight<custom_right>,<custom_right>…]where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <e-mail_address> is the e-mail address of the user or group being added, and <custom_right> is the name of one of the custom rights in the custom rights list of the rights policy template.
Use the parameters to assign one or more rights to the user or group being added. If you specify the -FullControl parameter, you cannot assign any other rights.
To modify the rights of an existing user or group, at the Windows PowerShell command prompt, type:
Set-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\UserRight\<e-mail_address> [-FullControl] [-View] [-Edit] [-Save] [-Export] [-Print] [-Forward] [-Reply] [-ReplyAll] [-Extract] [-AllowMacros] [-ViewRightsData] [-EditRightsData] [-CustomRight<custom_right>,<custom_right>…]where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <e-mail_address> is the e-mail address of the user or group being modified, and <custom_right> is the name of one of the custom rights in the custom rights list of the rights policy template.
Use the parameters to assign one or more rights to the user or group being modified. If the user or group was previously assigned a right and you do not specify the corresponding parameter, that right is removed. If you specify the -FullControl parameter, you cannot assign any other rights.
To remove a user or group, at the Windows PowerShell command prompt, type:
Remove-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\UserRight\<e-mail_address>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, and <e-mail_address> is the e-mail address of the user or group being removed.
To set the URL that users can request additional rights through, at the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\RightsPolicyTemplate\<template_ID>\UserRight -Name RightsRequestUrl -Value<url>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, and <url> is the URL that users can request additional rights through.
To modify expiration policy settings of a rights policy template
At the Windows PowerShell command prompt, type:
Get-ChildItem -Path<drive>:\RightsPolicyTemplatewhere <drive> is the name of the Windows PowerShell drive. Note the ID of the rights policy template that you want to modify.
Do one of the following:
To set when content protected by the rights policy template expires, at the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\RightsPolicyTemplate\<template_ID>\ExpirationPolicy -Name ContentExpiredOnDateInDaysOrNever -Value{Never|<days>|<date>}where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <days> is a number (such as 31) to specify the number of days to elapse before the content expires, and <date> is a date (such as 01/31/2011) indicating when the content expires at midnight, Coordinated Universal Time (UCT), also known as Greenwich Mean Time. If you specify
Never(the default), the content never expires.To set when the use license expires, at the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\RightsPolicyTemplate\<template_ID>\ExpirationPolicy -Name UseLicenseExpiredInDays -Value<days>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, and <days> is a number that specifies the number of days the use license will remain valid.
To modify extended policy settings of a rights policy template
At the Windows PowerShell command prompt, type:
Get-ChildItem -Path<drive>:\RightsPolicyTemplatewhere <drive> is the name of the Windows PowerShell drive. Note the ID of the rights policy template that you want to modify.
Do one of the following:
To enable users to view protected content using a browser add-on, at the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\RightsPolicyTemplate\<template_ID>\ExtendedPolicy -Name IsViewInTrustedBrowserEnabled -Value $truewhere <drive> is the name of the Windows PowerShell drive, and <template_ID> is the ID of the template you found in the preceding step.
To require a new use license every time content is consumed, at the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\RightsPolicyTemplate\<template_ID>\ExtendedPolicy -Name IsOnetimeLicenseEnabled -Value $truewhere <drive> is the name of the Windows PowerShell drive and <template_ID> is the ID of the template you found in the preceding step.
To add a name/value pair for a specific AD RMS-enabled application, at the Windows PowerShell command prompt, type:
New-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\ExtendedPolicy -Name<pair_name>-Value<pair_value>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <pair_name> is a string specifying the name of the name/value pair, and <pair_value> is the value of the name/value pair.
To modify a name/value pair, at the Windows PowerShell command prompt, type:
Set-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\ExtendedPolicy\<pair_name>-Value<pair_value>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <pair_name> is a string specifying the name of the name/value pair, and <pair_value> is the value of the name/value pair.
To delete a name/value pair, at the Windows PowerShell command prompt, type:
Remove-Item -Path<drive>:\RightsPolicyTemplate\<template_ID>\ExtendedPolicy\<pair_name>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, and <pair_name> is a string specifying the name of the name/value pair.
To modify revocation policy settings of a rights policy template
At the Windows PowerShell command prompt, type:
Get-ChildItem -Path<drive>:\RightsPolicyTemplatewhere <drive> is the name of the Windows PowerShell drive. Note the ID of the rights policy template that you want to modify.
At the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\RightsPolicyTemplate\<template_ID>\RevocationPolicy -Name Location -Value<url>-RefreshPerDays<days>-PublicKeyFilePath<path>where <drive> is the name of the Windows PowerShell drive, <template_ID> is the ID of the template you found in the preceding step, <url> is the location of the revocation list, <days> is a number specifying the number of days that the revocation list remains valid, and <path> specifies the path of the public key file for the revocation list.
See Also
Concepts
Using Windows PowerShell to Administer AD RMS
Understanding the AD RMS Administration Provider Namespace
Configuring Rights Policy Templates
Other Resources
Understanding Rights Policy Templates
Understanding Rights Enforcement