Appendix A: ADMX for deploying AD RMS registry overrides through GPO

Applies To: Windows Server 2008, Windows Server 2008 R2

A sample ADMX file that can be used to create GPOs to configure the AD RMS client on an enterprise deployment is included below. The contents below must be copied and pasted into a text file with the ADMX extension and then used for deployment as described in the appropriate section in this document. Following the sample ADMX file is a corresponding English-language sample ADML resource file.

For additional information see: Managing Group Policy ADMX Files Step-by-Step Guide

Sample ADMX File

<policyDefinitions revision="1.0" schemaVersion="1.0">
  <policyNamespaces>
    <target prefix="fullarmor" namespace="FullArmor.Policies.BAC2B532_F77B_41CA_81E2_857F80D759E3" />
    <using prefix="windows" namespace="Microsoft.Policies.Windows" />
  </policyNamespaces>
  <supersededAdm fileName="" />
  <resources minRequiredRevision="1.0" />
  <categories>
    <category name="AD_RMS" displayName="$(string.AD_RMS)" />
    <category name="MSDRM" displayName="$(string.MSDRM)">
      <parentCategory ref="AD_RMS" />
    </category>
    <category name="Office_IRM_2007_2003" displayName="$(string.Office_IRM_2007_2003)">
      <parentCategory ref="AD_RMS" />
    </category>
    <category name="General" displayName="$(string.General)">
      <parentCategory ref="Office_IRM_2007_2003" />
    </category>
    <category name="Office_2007" displayName="$(string.Office_2007)">
      <parentCategory ref="Office_IRM_2007_2003" />
    </category>
    <category name="Enabling_Services" displayName="$(string.Enabling_Services)">
      <parentCategory ref="Office_IRM_2007_2003" />
    </category>
    <category name="TPD" displayName="$(string.TPD)">
      <parentCategory ref="AD_RMS" />
    </category>
    <category name="XPS_IRM" displayName="$(string.XPS_IRM)">
      <parentCategory ref="AD_RMS" />
    </category>
    <category name="ADFS" displayName="$(string.ADFS)">
      <parentCategory ref="AD_RMS" />
    </category>
    <category name="WM_IRM" displayName="$(string.WM_IRM)">
      <parentCategory ref="AD_RMS" />
    </category>
    <category name="IE_Settings" displayName="$(string.IE_Settings)">
      <parentCategory ref="AD_RMS" />
    </category>
  </categories>
  <policies>
    <policy name="POL_Certification_Pipeline" class="Machine" displayName="$(string.POL_Certification_Pipeline)" presentation="$(presentation.POL_Certification_Pipeline)" key="\Software\Microsoft\MSDRM\ServiceLocation\Activation" valueName="@">
      <parentCategory ref="MSDRM" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <elements>
        <text id="TXT_Certification_Pipeline" key="\Software\Microsoft\MSDRM\ServiceLocation\Activation" valueName="@" />
      </elements>
    </policy>
    <policy name="POL_Licensing_Pipeline" class="Machine" displayName="$(string.POL_Licensing_Pipeline)" presentation="$(presentation.POL_Licensing_Pipeline)" key="\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing" valueName="@">
      <parentCategory ref="MSDRM" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <elements>
        <text id="TXT_Licensing_Pipeline" key="\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing" valueName="@" />
      </elements>
    </policy>
    <policy name="POL_Rights_Policy_Templates_Path_2003" class="User" displayName="$(string.POL_Rights_Policy_Templates_Path_2003)" presentation="$(presentation.POL_Rights_Policy_Templates_Path_2003)" key="\Software\Microsoft\Office\11.0\Common\DRM" valueName="AdminTemplatePath">
      <parentCategory ref="General" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <elements>
        <text id="TXT_Rights_Policy_Templates_Path_2003" key="\Software\Microsoft\Office\11.0\Common\DRM" valueName="AdminTemplatePath" />
      </elements>
    </policy>
    <policy name="POL_Rights_Policy_Templates_Path_2007" class="User" displayName="$(string.POL_Rights_Policy_Templates_Path_2007)" presentation="$(presentation.POL_Rights_Policy_Templates_Path_2007)" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="AdminTemplatePath">
      <parentCategory ref="General" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <elements>
        <text id="TXT_Rights_Policy_Templates_Path_2007" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="AdminTemplatePath" />
      </elements>
    </policy>
    <policy name="POL_Automatic_Expansion_DL" class="User" displayName="$(string.POL_Automatic_Expansion_DL)" key="\Software\Microsoft\Office\12.0\Common\DRM\AutoExpandDLs" valueName="AutoExpandDLsEnable">
      <parentCategory ref="General" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <enabledValue>
        <decimal value="1" />
      </enabledValue>
      <disabledValue>
        <decimal value="0" />
      </disabledValue>
    </policy>
    <policy name="POL_Online_Enforcement" class="User" displayName="$(string.POL_Online_Enforcement)" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="RequireConnection">
      <parentCategory ref="General" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <enabledValue>
        <decimal value="1" />
      </enabledValue>
      <disabledValue>
        <decimal value="0" />
      </disabledValue>
    </policy>
    <policy name="POL_Encrypt_Metadata" class="User" displayName="$(string.POL_Encrypt_Metadata)" key="\Software\Microsoft\Office\12.0\Common\Security" valueName="DRMEncryptProperty">
      <parentCategory ref="Office_2007" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <enabledValue>
        <decimal value="1" />
      </enabledValue>
      <disabledValue>
        <decimal value="0" />
      </disabledValue>
    </policy>
    <policy name="POL_Read_Only_IRM" class="User" displayName="$(string.POL_Read_Only_IRM)" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="DisableCreation">
      <parentCategory ref="Office_2007" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <enabledValue>
        <decimal value="1" />
      </enabledValue>
      <disabledValue>
        <decimal value="0" />
      </disabledValue>
    </policy>
    <policy name="POL_Disable_Passport" class="User" displayName="$(string.POL_Disable_Passport)" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="DisablePassportCertification">
      <parentCategory ref="Enabling_Services" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <enabledValue>
        <decimal value="1" />
      </enabledValue>
      <disabledValue>
        <decimal value="0" />
      </disabledValue>
    </policy>
    <policy name="POL_Disable_IRM" class="User" displayName="$(string.POL_Disable_Enable_RMA)" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="Disable">
      <parentCategory ref="Enabling_Services" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <enabledValue>
        <decimal value="1" />
      </enabledValue>
      <disabledValue>
        <decimal value="0" />
      </disabledValue>
    </policy>
    <policy name="POL_License_Server_Redirection" class="User" displayName="$(string.POL_License_Server_Redirection)" presentation="$(presentation.POL_License_Server_Redirection)" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="LicenseServerRedirection">
      <parentCategory ref="TPD" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <elements>
        <text id="TXT_License_Server_Redirection" key="\Software\Microsoft\Office\12.0\Common\DRM" valueName="LicenseServerRedirection" />
      </elements>
    </policy>
    <policy name="POL_Templates" class="User" displayName="$(string.POL_Templates)" presentation="$(presentation.POL_Templates)" key="\Software\Microsoft\XPSViewer\Common\DRM" valueName="AdminTemplatePath">
      <parentCategory ref="XPS_IRM" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <elements>
        <text id="TXT_Templates" key="\Software\Microsoft\XPSViewer\Common\DRM" valueName="AdminTemplatePath" />
      </elements>
    </policy>
    <policy name="POL_Registry_Key_Setting_for_FS_A_Clients" class="Machine" displayName="$(string.POL_Registry_Key_Setting_for_FS_A_Clients)" key="\Software\Microsoft\MSDRM\Federation" valueName="FederationHomeRealm">
      <parentCategory ref="ADFS" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
    </policy>
    <policy name="POL_Set_Intranet_Zones_Set_Trusted_Zones" class="Both" displayName="$(string.POL_Set_Intranet_Zones_Set_Trusted_Zones)" presentation="$(presentation.POL_Set_Intranet_Zones_Set_Trusted_Zones)" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" valueName="Zones">
      <parentCategory ref="IE_Settings" />
      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
      <elements>
        <enum id="DDL_Intranet_Trusted_Zones" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" valueName="Zones">
          <item displayName="$(string.ITM_E5C10543_8093_4E21_96F7_C252887D6A3A)">
            <value>
              <decimal value="0" />
            </value>
          </item>
          <item displayName="$(string.ITM_E54C8914_BA83_4D36_8BC5_3C546D795DF2)">
            <value>
              <decimal value="1" />
            </value>
          </item>
          <item displayName="$(string.ITM_14922DB6_9FB7_4176_A30E_374CA2E289F5)">
            <value>
              <decimal value="2" />
            </value>
          </item>
          <item displayName="$(string.ITM_988ADD30_AFF7_4BA4_9A8B_BFA4B10AF731)">
            <value>
              <decimal value="3" />
            </value>
          </item>
          <item displayName="$(string.ITM_5FC1613E_6830_400D_9CF6_E07D281627A4)">
            <value>
              <decimal value="4" />
            </value>
          </item>
        </enum>
      </elements>
    </policy>
  </policies>
</policyDefinitions>

Sample ADML File

<policyDefinitionResources revision="1.0" schemaVersion="1.0">
  <displayName>
  </displayName>
  <description>
  </description>
  <resources>
    <stringTable>
      <string id="AD_RMS">AD RMS</string>
      <string id="MSDRM">MSDRM</string>
      <string id="Office_IRM_2007_2003">Office IRM (2007/2003)</string>
      <string id="General">General</string>
      <string id="Office_2007">Office 2007</string>
      <string id="Enabling_Services">Enabling Services</string>
      <string id="TPD">TPD</string>
      <string id="XPS_IRM">XPS IRM</string>
      <string id="ADFS">ADFS</string>
      <string id="WM_IRM">WM IRM</string>
      <string id="IE_Settings">IE Settings</string>
      <string id="POL_Certification_Pipeline">Certification Pipeline</string>
      <string id="POL_Licensing_Pipeline">Licensing Pipeline</string>
      <string id="POL_Rights_Policy_Templates_Path_2003">Rights Policy Templates Path 2003</string>
      <string id="POL_Rights_Policy_Templates_Path_2007">Rights Policy Templates Path 2007</string>
      <string id="POL_Automatic_Expansion_DL">Automatic Expansion DL</string>
      <string id="POL_Online_Enforcement">Online Enforcement</string>
      <string id="POL_Encrypt_Metadata">Encrypt Metadata</string>
      <string id="POL_Read_Only_IRM">Read-Only IRM</string>
      <string id="POL_Disable_Passport">Disable Passport</string>
      <string id="POL_Disable_Enable_RMA">Disable IRM</string>
      <string id="POL_License_Server_Redirection">License Server Redirection</string>
      <string id="POL_Templates">Templates</string>
      <string id="POL_Registry_Key_Setting_for_FS_A_Clients">Registry Key Setting for FS-A Clients</string>
      <string id="POL_Set_Intranet_Zones_Set_Trusted_Zones">Set Intranet Zones/Set Trusted Zones</string>
      <string id="ITM_E5C10543_8093_4E21_96F7_C252887D6A3A">My Computer</string>
      <string id="ITM_E54C8914_BA83_4D36_8BC5_3C546D795DF2">Local Intranet Zone</string>
      <string id="ITM_14922DB6_9FB7_4176_A30E_374CA2E289F5">Trusted Sites Zone</string>
      <string id="ITM_988ADD30_AFF7_4BA4_9A8B_BFA4B10AF731">Internet Zone</string>
      <string id="ITM_5FC1613E_6830_400D_9CF6_E07D281627A4">Restricted Sites Zone</string>
    </stringTable>
    <presentationTable>
      <presentation id="POL_Certification_Pipeline">
        <text>Enter the Certification Pipeline URL:</text>
        <textBox refId="TXT_Certification_Pipeline">
          <label>
          </label>
          <defaultValue>https://url.to.rms/_wmcs/Certification</defaultValue>
        </textBox>
      </presentation>
      <presentation id="POL_Rights_Policy_Templates_Path_2003">
        <text>Enter the Rights Policy Templates Path for Office 2003:</text>
        <textBox refId="TXT_Rights_Policy_Templates_Path_2003">
          <label>
          </label>
          <defaultValue>
          </defaultValue>
        </textBox>
      </presentation>
      <presentation id="POL_Rights_Policy_Templates_Path_2007">
        <text>Enter the Rights Policy Templates Path for Office 2007:</text>
        <textBox refId="TXT_Rights_Policy_Templates_Path_2007">
          <label>
          </label>
          <defaultValue>
          </defaultValue>
        </textBox>
      </presentation>
      <presentation id="POL_License_Server_Redirection">
        <text>Enter the License Server Redirection URL:</text>
        <textBox refId="TXT_License_Server_Redirection">
          <label>
          </label>
          <defaultValue>
          </defaultValue>
        </textBox>
      </presentation>
      <presentation id="POL_Templates">
        <text>Enter the Templates path:</text>
        <textBox refId="TXT_Templates">
          <label>
          </label>
          <defaultValue>
          </defaultValue>
        </textBox>
      </presentation>
      <presentation id="POL_Set_Intranet_Zones_Set_Trusted_Zones">
        <text>Select the Intranet/Trusted Zone:</text>
        <dropdownList refId="DDL_Intranet_Trusted_Zones" defaultItem="0">
        </dropdownList>
      </presentation>
      <presentation id="POL_Licensing_Pipeline">
        <text>Enter the Licensing Pipeline URL:</text>
        <textBox refId="TXT_Licensing_Pipeline">
          <label>
          </label>
          <defaultValue>https://url.to.rms/_wmcs/Licensing</defaultValue>
        </textBox>
      </presentation>
    </presentationTable>
  </resources>
</policyDefinitionResources>