Step 3: Verifying AD RMS Functionality

Updated: February 6, 2008

Applies To: Windows Server 2008, Windows Server 2008 R2

The AD RMS client is included in the default installation of Windows Vista and Windows Server 2008. Previous versions of the client are available for download for some earlier versions of the Windows operating systems. For more information, see the Windows Server 2003 Rights Management Services page in the Microsoft Windows Server TechCenter (

Before you can publish or consume rights-protected content on Windows Vista, you must add the AD RMS cluster URLs for each forest to the Internet Explorer Local Intranet security zone on the AD RMS client computers. This is required to ensure that your credentials are automatically passed from Microsoft Office Word to the AD RMS Web services.

  1. Log on to ADRMS-CLNT as Nicole Holliday (CPANDL\nhollida).

  2. Click Start, click Control Panel, click Network and Internet, and then click Internet Options.

  3. Click the Security tab, and then click Local Intranet.

  4. Click Sites, and then click Advanced.

  5. In the Add this website to the zone box, do the following:

    1. Type, and then click Add.

    2. Type, and then click Add.

  6. Repeat steps on ADRMS-CLNT2 for Terrence Philip (treyresearch\tphilip).

To verify the functionality of the AD RMS deployment, you log on as Nicole Holliday, create a Microsoft Word 2007 document, and then restrict permissions on it so that Terrence Philip is able to read the document but is unable to change, print, or copy it. You then log on as Terence Philip, verifying that Terence Philip can read the document but do nothing else with it.

  1. Log on to ADRMS-CLNT as Nicole Holliday (CPANDL\nhollida).

  2. Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Office Word 2007.

  3. Type Only Terence Philip can read this document, but cannot change, print, or copy it. Click Microsoft Office Button, point to Prepare, point to Restrict Permission, and then click Restricted Access.

  4. Select the Restrict permission to this document check box.

  5. In the Read text box, type, and then click OK to close the Permission dialog box.

  6. Click the Microsoft Office Button, click Save As, and then save the file as \\adrms-db\public\ADRMS-TST.docx.

  7. Log off as Nicole Holliday.

Finally, log on as Terence Philip on ADRMS-CLNT2 in the TREYRESEARCH.NET domain and attempt to open the document, ADRMS-TST.docx.

  1. Log on to ADRMS-CLNT2 as Terence Philip (TREYRESEARCH\tphilip).

  2. Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Office Word 2007.

  3. Click the Microsoft Office Button, click Open, and then type \\adrms-db\public\ADRMS-TST.docx. If you are prompted for credentials, use those of CPANDL\Administrator to allow Terence Philip to access the document in its location in the cpandl forest.

    The following message appears: "Permission to this document is currently restricted. Microsoft Office must connect to to verify your credentials and download your permissions."

  4. Click OK.

    The following message appears: "Verifying your credentials for opening content with restricted permissions".

  5. When the document opens, click Microsoft Office Button. Notice that the Print option is not available.

  6. Click View Permission in the message bar. You should see that Terence Philip has been restricted to being able only to read the document.

  7. Click OK to close the My Permissions dialog box, and then close Microsoft Word.

  8. Log off as Terence Philip.

You have successfully deployed and demonstrated the functionality of using AD RMS across forests, using the simple scenario of applying restricted permissions to a Microsoft Word 2007 document. You can also use this deployment to explore some of the additional capabilities of AD RMS through additional configuration and testing.

Community Additions