Excluding Applications

  • Article

Updated: October 22, 2009

Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1

You can specify the version of an AD RMS-enabled application that all licensing requests are checked against. Application exclusion stamps every use license with a condition that the license can bind only to the rights-protected content for which it is issued if the application that is requesting the license is not on the excluded list.

This can be useful, for example, when an enterprise deploys an update for an AD RMS-enabled application. System administrators can use their usual mechanism to cause client computers to install the update. They can then set application exclusion policies that are defined by using the version information of the application. This exclusion policy restricts AD RMS from issuing licenses to clients that are running previous versions of the software.

As with other types of exclusion, you must configure application exclusion on each cluster for which you want it to take effect.

When you apply this exclusion policy on your cluster, clients cannot use the excluded application to request and bind new use licenses to rights-protected content. However, clients can continue to use the excluded application to consume previously licensed files.

Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.

To enable application exclusion

  • At the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path <drive>:\ExclusionPolicy\Application -Name IsEnabled -Value $true

To exclude an application

  • At the Windows PowerShell command prompt, type:

    New-Item -Path <drive>:\ExclusionPolicy\Application -Name <application_name> -MinVersion <min_number> -MaxVersion <max_number>

    where <drive> is the name of the Windows PowerShell drive, <application_name> is the name of the application being excluded, <min_number> is the lowest version number of the application to be excluded, and <max_number> is the highest version number of the application to be excluded.

    Both version numbers must be expressed as a series of four numbers separated by three period (.) characters, for example, 11.8.135.0. If the application uses fewer numbers to indicate its version level, append “.0” as many times as necessary to produce four period-separated numbers.

For example, if you have created a Windows PowerShell drive named Z and want to exclude all versions of an application named viewer.exe prior to version 8, at the Windows PowerShell command prompt, type:

New-Item -Path Z:\ExclusionPolicy\Application -Name viewer.exe -MinVersion 0.0.0.0 -MaxVersion 7.9.9.9

To stop excluding an application

  1. At the Windows PowerShell command prompt, type:

    Get-ChildItem -Path <drive>:\ExclusionPolicy\Application

    where <drive> is the name of the Windows PowerShell drive. Note the ID of the application you want to stop excluding.

  2. At the Windows PowerShell command prompt, type:

    Remove-Item -Path <drive>:\ExclusionPolicy\Application\<application_ID>

    where <drive> is the name of the Windows PowerShell drive, and <application_ID> is the ID of the application you found in the previous step.

See Also

Concepts

Using Windows PowerShell to Administer AD RMS
Understanding the AD RMS Administration Provider Namespace
Enabling Exclusion Policies

Other Resources

Understanding AD RMS Exclusion Policies