Translate this site using Windows Live Translator:
RMS - Testing RMS without modifying the AD - RMS: Protecting Your Assets. - Site Home - TechNet Blogs

RMS: Protecting Your Assets.

The Protecting 'My' Asset Disclaimer: This is my 'un-official', 'in my spare time', 'use at your own risk', all things RMS (Rights Management Services), IRM (Information Rights Management), IPP (Information Protection Pla

RMS - Testing RMS without modifying the AD

RMS - Testing RMS without modifying the AD

  • Comments 4
  • Likes

RMS uses the concept of a SCP (Service Connection Point), to allow users to automatically locate the RMS certification server. This gets put into the configuration container in your environment, and if you open AD Sites and Services>Click View>Click Show Services Node. Expand the Services node, and if RMS is registered you should see the SCP for it listed as RightsManagementServices.

Alot of companies want to test RMS, but do not want to make modifications to their AD for many reasons. Maybe you only have a few users you want to actually use the service. Maybe there is so much red tape to get a modification made to the AD, that its just not worth it.

So how do you get your clients to see the RMS server, without being able to query the AD for the location?

You need to set the following keys on the client.

Either these keys just for Office 2007* applications:

Location:HKLM\Software\Microsoft\Office\12.0\Common\DRM
String:CorpLicenseServer
Value:< http://url.to.rms/_wmcs/Licensing>

Location:HKLM\Software\Microsoft\Office\12.0\Common\DRM
String:CorpCertificationServer
Value:<http://url.to.rms/_wmcs/Certification>

*NOTE* change the 12.0 to an 11.0 of you are using Office 2003 **

or these keys for global RMS supremacy on the machine:

Location:HKLM\Software\Microsoft\MSDRM\ServiceLocation\Activation
Reg_Sz: default
Value:<http://url.to.rms/_wmcs/Certification>

Location:HKLM\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing
Reg_Sz: default
Value:<http://url.to.rms/_wmcs/Licensing>

 The CorpLicenseServer string and EnterprisePublishing key can actually be used even if you do have an SCP registered, if you want your clients to use a different licensing server.

Once you drop into production, you can take these keys off the test users machines (well assuming you aren't using a seperate licensing cluster), and register the SCP...or leave them on, and don't register the SCP.

 -Jason

Comments
  • Note that if you’re using a 32-bit application on a machine with a 64-bit OS, you’ll be operating in the WOW64 mode and in that case the registry location will be:

    HKLM/Software/wow6432node/Microsoft/MSDRM/ServiceLocation/Activation

    @=http(s)://url.to.rms/_wmcs/certification

    HKLM/Software/wow6432node/Microsoft/MSDRM/ServiceLocation/EnterprisePublishing

    @=http(s)://url.to.rms/_wmcs/licensing

  • True Dat!!

  • What if the server is also a domain controller?

    There is no entry for MSDRM in that case!!!!

    My email: croldan@gigatrust.es

    Carlos

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment