Step 12 - Grant AD RMS Service Group Read and Execute Permissions

Applies To: Windows Server 2008, Windows Server 2008 R2

This step explains how to grant the AD RMS Service Group read and execute permissions to the ServerCertification.asmx page. This is required because it allows the AD RMS Bulk Protection Tool to run under the local system account on the FCI server.

To add the Read & Execute permissions for AD RMS Service Group on ServerCertification.asmx

1. Log on to ADRMS.fabrikam.com Server as Administrator

2. Click Start, select Computer, double-click Local Disk (C:), double-click inetpub, double-click wwwroot, double-click _wmcs, double-click certification, right-click ServerCertification.asmx and select Properties. This will bring up the ServerCertification.asmx Properties.

3. On the ServerCertification.asmx properties, select the Security tab, select New, and click Edit. This will bring up the Permissions for ServerCertification.asmx.

4. On the Permissions for ServerCertification.asmx screen, click Add. This will bring up the Select Users, Computers, or Groups screen.

5. On the Select Users, Computers, or Groups screen, under Enter the object names to select, enter ADRMS\AD RMS Service Group and click Check Names. This should resolve with an underline. Click Ok.

6. On the Permissions for ServerCertification.asmx screen, select the newly added AD RMS Service Group and verify it has a check in Read & execute. Click Apply Click Ok. This will close the Permissions for ServerCertification.asmx screen.

7. On the ServerCertification.asmx properties, click Ok. This will close the ServerCertification.asmx properties.

8. Restart the ADRMS.fabrikam.com server.