Translate this site using Windows Live Translator:
Helping customers, help themselves /w IRMCheck Pt 4. (The final chapter) - RMS: Protecting Your Assets. - Site Home - TechNet Blogs

RMS: Protecting Your Assets.

The Protecting 'My' Asset Disclaimer: This is my 'un-official', 'in my spare time', 'use at your own risk', all things RMS (Rights Management Services), IRM (Information Rights Management), IPP (Information Protection Pla

Helping customers, help themselves /w IRMCheck Pt 4. (The final chapter)

Helping customers, help themselves /w IRMCheck Pt 4. (The final chapter)

  • Comments 2
  • Likes

OK. Today's feature presentation will complete our IRMCheck series. After this lesson everyone who reads this will be dubbed 'the expert' within your company walls, so beware...reading this may cause you to be given MORE WORK!

RMA Activation Service -
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Activation\ServiceLocation
Reg_SZ:default
Value:<http://url.to.your.rms.server/_wmcs/Certification>

Not Documented. This is similar to the ActivationServer setting for Office, but this applies to the Rights Management Add-on (RMA) for IE. What is the RMA for I.E.? Well, lets say that you don't have Office 2003, but you want to be able to open RMS protected content. Install this puppy, and you will be able to view (not edit), RMS protected content, assuming you have everything setup properly. BEWARE: RMA is in maintenance mode right now, which means there will be no further releases. We are moving to wards XPS format, and there is (or will be) a nifty replacement plug-in for RMA.

Another oddity about this is that you can actually set this in several places either under HKLM, or HKCU. RMA checks in both places. You can also control which particular service you want to control activation to, by setting the ServiceLocation key under the following other keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Activation\WindowsAuthProvider\<DOMAIN>\  <--To be really specific
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Activation\WindowsAuthProvider\ <-- To blanket all WindowsAuth
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Activation\PassportAuthProvider\ <-- Passport Service
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Activation\ <-- Blanket everything RMA

RMA Enterprise Certification Service -
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Certification\ServiceLocation
Reg_SZ:default
Value:<http://url.to.your.rms.server/_wmcs/Certification>

Not Documented. This is similar to the CorpCertificationServer setting for Office, but this applies to the Rights Management Add-on (RMA) for IE, and similar keys apply as above:

HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Certification\WindowsAuthProvider\<DOMAIN>\  <--To be really specific
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Certification\WindowsAuthProvider\ <-- To blanket all WindowsAuth
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Certification\ <-- Blanket everything RMA

RMA Cloud Certification Service -
HKEY_LOCAL_MACHINE\Software\Microsoft\RMA\Certification\PassportAuthProvider\ServiceLocation
Reg_SZ:default
Value:<http://url.to.your.rms.server/_wmcs/Certification>

Not Documented.  This is similar to CloudCertificationServer setting for Office, but this applies to the Rights Management Add-on (RMA) for IE. 


RM Activation Service -
HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM\ServiceLocation\Activation
Reg_Sz: default
Value:<http://url.to.rms/_wmcs/Certification>

These are the 'Big Daddy' keys of RMS. Setting these will control 'any' RMS enabled application on your machine. These are the 'God' keys if you will. If you don't want granularity, set these.


RM Enterprise Client Enrollment Service -
HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing
Reg_Sz: default
Value:<http://url.to.rms/_wmcs/Licensing>

See above description.

RM Cloud Client Enrollment Service -
HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM\ServiceLocation\CloudPublishing
Reg_Sz: default
Value:<http://url.to.passport.service/_wmcs/Licensing>

See above description, and follow those instructions.

Use Proxy Server -
This specifies if the proxy server is turned on for the client.

Proxy Server -
This specifies what the proxy server URL is.

Don't use proxy server for -
This specifies what the exception list for the proxy server is.
 
Use proxy autoconfig script from -
This specifies where the proxy autoconfig location is.

IE Enhanced Security -
This specifies if Windows 2003 Enhanced IE security is turn on.

The Enterprise Service Discovery Results Section
====================================================

This section shows the results of calling DRMGetServiceLocation() function (mentioned in IRMCheck Pt. 3) to find the local Enterprise RMS services.  The following table correlates the IRMCheck information to the DRMServiceLocation() flags.

RM Activation Service - DRM_SERVICE_TYPE_ACTIVATION - Machine activation service
RM Certification Service - DRM_SERVICE_TYPE_CERTIFICATION - Rights Account Certificate activation service
RM Online Publishing Service - DRM_SERVICE_TYPE_PUBLISHING - Issuance License signing service.
RM Client Enrollment Service - DRM_SERVICE_TYPE_CLIENTLICENSOR - Client Licensor Certificate service.

 
This is going to tell you if you have properly registered your SCP. :)

I hope that all of this information was useful, and informative. If you already knew all of this, then go out and buy yourself a t-shirt that says RMS GURU. Just don't wear it to work, or they will give you more work. :)

 - Jason

Comments
  • Hi Jason, great review.

    Can you please elaborate on the "Use proxy autoconfig script from" entry.

    How is it used in an organization, what is an autoconfig script?

    Thanks

  • Hi Jason, great review.

    Can you please elaborate on the "Use proxy autoconfig script from" entry.

    How is it used in an organization, what is an autoconfig script?

    Thanks

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment