Microsoft Rights Management (RMS) Team Blog

The official team blog of Microsoft's Rights Management product team with news and updates for IT professionals using AD RMS or Azure RMS.

Office 2013, AD RMS Client 2.x and Template distribution

Office 2013, AD RMS Client 2.x and Template distribution

  • Comments 15
  • Likes

Hello folks,

As deployments of Office 2013 and IRM implementation are starting, we are getting a lot of queries about template distribution and all the advancements we have made in AD RMS Client 2.x.  I'll get our expert Gagan to explain more. 

Hello, I am Gagan Gulati and I lead the program management for AD RMS developer platform. 

While deploying IRM functionality with Office 2010 and Office 2007, one of the major work items for IT administrators has been deploying templates on user’s desktop. This functionality was achieved with running WMI scripts and by placing templates at a particular location so that Office (Word, PowerPoint, Excel, Outlook…) could access them. Office 2013 utilizes the new AD RMS Client 2.0 version. AD RMS Client 2.0 is a new, advanced software which abstracts a lot of tough concepts from developers and IT administrators.  One of them is template distribution.  AD RMS Client 2.x (and thus Office 2013) will automatically download templates for protection.  When the user consumes or protects content for the first time, AD RMS Client 2.x bootstraps. During this process, it connects to the appropriate RMS server and downloads all templates that are available for download.  These templates are cached at %LOCALAPPDATA%\Microsoft\MSIPC\Templates.

 AD RMS Client 2.x also updates the template cache on a regular basis from RMS server.  The default Template update interval is 7 calendar days.  That is, every 7 calendar days, the client will refresh the templates from the RMS server.  So if the administrator modified templates on the RMS server (which does not and should not happen very often after the initial testing and trial), the modified templates are brought down to the user desktop between 1 (best case) to 7 days (worst case). Also, note that modifications made to the properties of a template doesn’t require that the template be downloaded again to user’s desktops. The properties will get reflected when users consume the content.

 To meet the common scenarios of trial and testing, and if administrators want to update this cache more often, we provide a variety of levers.

  •  Configure Template refresh frequency:  IT administrators can choose to update the time interval after which template cache gets refreshed.  There’s a registry key for this that is available at the following link. The registry key value is in days. This has been documented here:  http://technet.microsoft.com/en-us/library/jj159267(v=ws.10).aspx.  We are providing you with the snippet below.

To update the frequency (in days) within which Rights Policy Templates occur

The following registry values specify how often Rights Policy Templates will be downloaded by the client. Use the mode-specific value most appropriate depending on whether your AD RMS Client 2.x application runs in client or server mode.

Client Mode:

  • HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\MSIPC
    REG_DWORD: TemplateUpdateFrequency

    Value: An integer value that specifies the number of days between downloads.

Server Mode:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\Server\<SID>
    REG_DWORD: TemplateUpdateFrequency

    Value: An integer value that specifies the number of days between downloads.

 

 

  •  Force AD RMS Client 2.x to download templates immediately: This can be achieved by removing the following registry key:

 HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\MSIPC\<Server Name> \Template

 This will ensure that the next time ask for Publishing, AD RMS Client 2.x will download the new set of templates right away.

 

  •  Unmanaged Templates

If you are in a situation where you need to download the templates yourself (department-wise, user-based templates), then you can use the following documentation: http://technet.microsoft.com/en-us/library/jj159267(v=ws.10).aspx.  I have attached the snippet below as well.

 How can I manage template distribution for the AD RMS Client 2.x?


The AD RMS Client 2.x will automatically download templates for publishing. If you are in charge of workstations in a managed environment, you can manage distribution of templates for your AD RMS server by placing templates in the following location. In this case, the AD RMS Client 2.x will not download any templates from your AD RMS server and will instead use the templates you have placed in this directory. The AD RMS Client 2.x might continue to download templates from other available AD RMS servers.

Client Mode: %localappdata%\Microsoft\MSIPC\UnmanagedTemplates

Server Mode: %allusersprofile%\Microsoft\MSIPC\Server\UnmanagedTemplates\<SID>

When placing templates in these locations, there is no special naming convention that must be strictly followed except that the template should be issued by the AD RMS server and it should be named using the .xml file extension type. For example, Contoso-Confidential.xml or Contoso-ReadOnly.xml would be valid names.

 

 

Note: Given all the improvements made to template distribution with AD RMS Client 2.x and Office 2013, we prefer that you allow AD RMS Client 2.x to perform its job. Applications including Office 2013 utilize the new template distribution functionality and utilize new features like automatic template cache refresh, force template behaviors and others. Therefore, continuing to utilize the older patterns of template distribution would mean that IT administrators have to continue the burden of updating user desktops every time changes get made to templates on RMS server.

 I hope this blog post helped your understanding on the Template distribution topic.  Please utilize the comments section to ask questions and clarify your doubts.  

Comments
  • 1. I mean to say that as an ADRMS administrator i have created a template for view only. Users have applied the templates. Can it possible for a user to change the applied permission. If he has to do that then what we have to do in ADRMS Templates.

    2. What is the meaning of view and edit rights in ADRMS Templates.

  • Hello,

    1. It is not possible for a recipient of a content to change the permission of the RMS template. If the owner of the content has given this user  Read rights only, then this user can not edit, print or save the document.

    2.  You can learn more about RMS use rights here: technet.microsoft.com/.../dd996658(v=WS.10).aspx

    Thanks,

    Gagan Gulati

    Lead PM, RMS

  • We have build a ADRMS Server and created some templates. In office 2013 its very simple top synchronize the ADRMS and it will downlaod the templates. nut in case of office 2007 and 2010 how can we synchronize with our running ADRMS.i am not able to find any solution for this.Kindly guide me

  • can adrms templates are applicable to user of other domain??

  • Varun - could you explain your question a bit more?  In general, when you build templates you assign the users to these templates, which could be part of multiple domains within the company.

    Thanks,

    Gagan

  • Hi all,

    i have server ad rms 2008 R2.when user want to add do not forward new email in outlook 2013 ,not option for it.

    how should i do ?

    thanks

  • quesiton , Windows 8 comes with ADRMS client? versión?

  • Hi Miguel, Yes, AD RMS ships with Windows Server. There is a client in the Windows box but the updated clients ship with their respective applications. Our RMS app is once such application. Office is another, Foxit PDF reader is yet another.

  • Thanks Dan for nice description, but I have case that I deploy AD RMS on Windows Server 2012 R2 -> create template to use it for specific application, my issue is all Microsoft Office 2013 outlook users can see this template with other Office 365 template, I want to hide template that I create, is it possible ?

  • Hi, first off all thanks for this blog. my question is related to accessing templates in office 2013 professional. i receive my templates from the adrms server when i connect the client machine but when i create a new template on adrms server then i don't receive the templates on the client machine. i did all the registry settings in the client machine as u described in this blog.

  • Hi Varun I have ADRMS server running on Windows 2012 with cryptography 2 (2048), it is working fine with Win 8 office 2013. I faced the issue with win 7 client machine having office 2010 were not activated by ADRMS 2012 . I installed the hotfix KB2627273 and issue resolved. but one issue is still left. I created 3 templates which are automatically published in Office 2013 but not in office 2010 win 7 machine. I made the changes in registry edit. AdminTemplatepath and through schedule task.. templates are being copied in DRM folder on win 7 machine but do not appear in outlook and office 2010. Any idea or any hotfixes to fix this issue?

  • Hi all. I have ADRMS server running on Windows 2012 with cryptography 2 (2048), it is working fine with Win 8 office 2013. I faced the issue with win 7 client machine having office 2010 were not activated by ADRMS 2012 . I installed the hotfix KB2627273 and issue resolved. but one issue is still left. I created 3 templates which are automatically published in Office 2013 but not in office 2010 win 7 machine. I made the changes in registry edit. AdminTemplatepath and through schedule task.. templates are being copied in DRM folder on win 7 machine but do not appear in outlook and office 2010. Any idea or any hotfixes to fix this issue?

  • Is it possible to configure that whenever a user open a document if opens with a default ADRMS template applied on it, and user will have an option to change it to a different ADRMS template if he needed.

  • Is it possible to configure that whenever a user open a document it opens with a default ADRMS template applied on it, and user will have an option to change it to a different ADRMS template if he needed.

  • Hi,
    Im am using server 2008 r2 sp1 and users are using windows 7 enterprise, office 2010 pro. plus. They can see right policy template with office 2010.
    But now I have installed office 2013 pro. plus and added new admx files to new gpo for office 2013 also enabled this policy "Enter Permission Policy Default Server for Quick Access Toolbar" and this is writing in the policy \\serverhostname But I cant receiving ad rms templates from my outlook?
    Is server 2008 r2 sp1 ad rms compatible with office 2013 or am I have to install server 2012 ad rms for office 2013?
    How can I fix this problem?
    Thanks.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment