Step 5: Verifying AD RMS Functionality

Updated: January 18, 2008

Applies To: Windows Server 2008, Windows Server 2008 R2

The AD RMS client is included in the default installation of Windows Vista and Windows Server 2008. Previous versions of the client are available for download for some earlier versions of the Windows operating systems. For more information, see the Windows Server 2003 Rights Management Services page in the Microsoft Windows Server TechCenter (

Before you can publish or consume rights-protected content on Windows Vista, you must add the AD RMS cluster URL, the ADFS-RESOURCE URL, and the ADFS-ACCOUNT URL to the Internet Explorer Local Intranet security zone of the ADRMS-CLNT2 computer. This is required to ensure that your credentials are automatically passed from Microsoft Office Word to the AD RMS Web services.

  1. Log on to ADRMS-CLNT2 as Terence Philip (TREYRESEARCH\tphilip).

  2. Click Start, click Control Panel, click Network and Internet, and then click Internet Options.

  3. Click the Security tab, and then click Local Intranet.

  4. Click Sites, and then click Advanced.

  5. In the Add this website to the zone box, do the following:

    1. Type, and then click Add.

    2. Type, and then click Add.

    3. Type, and then click Add.

To verify the functionality of the AD RMS deployment, you log on as Nicole Holliday, create a Microsoft Word 2007 document, and then restrict permissions on it so that Terrence Philip is able to read the document but is unable to change, print, or copy it. You then log on as Terence Philip, verifying that Terence Philip can read the document but do nothing else with it.

  1. Log on to ADRMS-CLNT as Nicole Holliday (CPANDL\nhollida).

  2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.

  3. Type Only Terence Philip can read this document, but cannot change, print, or copy it. Click Microsoft Office Button, point to Prepare, point to Restrict Permission, and then click Restricted Access.

  4. Click the Restrict permission to this document check box.

  5. In the Read text box, type TPHILIP@TREYRESEARCH.NET, and then click OK to close the Permission dialog box.

  6. Click the Microsoft Office Button, click Save As, and then save the file as \\adrms-db\public\ADRMS-TST.docx

  7. Log off as Nicole Holliday.

Finally, log on as Terence Philip on ADRMS-CLNT2 in the TREYRESEARCH.NET domain and attempt to open the document, ADRMS-TST.docx.

  1. Log on to ADRMS-CLNT2 as Terence Philip (TREYRESEARCH\tphilip).

  2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.

  3. Click the Microsoft Office Button, click Open, and then type \\ADRMS-DB\PUBLIC \ADRMS-TST.docx. If you are prompted for credentials, use CPANDL\Administrator.

    The following message appears: "Permission to this document is currently restricted. Microsoft Office must connect to to verify your credentials and download your permissions."

  4. Click OK.

    The following message appears: "Verifying your credentials for opening content with restricted permissions".

  5. When the document opens, click Microsoft Office Button. Notice that the Print option is not available.

  6. Click View Permission in the message bar. You should see that Terence Philip has been restricted to being able only to read the document.

  7. Click OK to close the My Permissions dialog box, and then close Microsoft Word.

You have successfully deployed and demonstrated the functionality of using identity federation with AD RMS, using the simple scenario of applying restricted permissions to a Microsoft Word 2007 document. You can also use this deployment to explore some of the additional capabilities of AD RMS through additional configuration and testing.

Community Additions