Rights Management Service and Exchange 2003 (Part 3)

If you missed the other parts in this article series please go read:

Scenario

At the end of every year the Human Resource Manager sends out an email with employee utilization and performance details to all the executive staff and HR employees. According to a new company policy, the company wants to make sure the HR employees are not forwarding this information to other employees in the organization. Also, the company wants to make sure this limitation will not apply to the executive staff. 

In this organization, they have two mail enabled security groups, executives ([email protected]) and HR ([email protected]). All the executive employees are part of Executives security universal group and all HR employees are part of the HR security universal group. 

  1. Open the RMS Administration console (Start->All Programs->Windows RMS->RMS Administration).
  2. Click Administer RMS on this website option.


Figure 1

  1. In the Administration links section, click the Rights Policy Templates option.


Figure 2

  1. On the Rights Policy Template page, select the Add rights policy template option. 
  2. In the Template identification section, specify the Template name, Template description, and Right request URL for the template.


Figure 3

  1. In the Users and Group section, type [email protected] in the Add users or groups box, click Add button. Repeat the same procedure for [email protected].


Figure 4

  1. Select [email protected] and select the Full Control check box. 


Figure 5

  1. Select [email protected] and select the View Rights check box.


Figure 6

  1. Click Submit.
  2. You can view the template details by clicking the View button.


Figure 7 

  1. The View use rights will explain the details for the template rights. 


Figure 8

  1. Click Return button to go back to the Rights policy templates page. 
  2. You can edit/modify the template by clicking the template name. Once you complete the edit, click the Submit button again to update the changes. 


Figure 9

How to Verify the Template File and its Existence

As I explained the Part 2 of my document, RMS stores the rights policy template in the Configuration database. In addition, it will keep a Policy Template file (XML) on the shared template folder location specified in the Template location on the RMS server. Once you create the custom templates, you can open the template location to verify the template file existence. 

  1. Open Windows Explorer and browse the C:\RMS Template folder.


Figure 10

How to Verify the Template Details in the Configuration Database

  1. Logon to the SQL Server.
  2. Open the Enterprise Manager.
  3. Expand the Databases folder and expand the configuration database (DRMS_Config_lab1_rms1_80). 
  4. From the left pane, select Tables.
  5. Right click the DRMS_RightsTemplate table in the right pane.
  6. Select Open Table and click Return all rows option.


Figure 11

  1. You will see the template details as displayed in the following screen shot. 


Figure 12

The template distribution is important because when you log on to a client machine and open Outlook you won’t be able to see any of the custom templates.  You will only see the built-in Do Not Forward template.  This is because you haven’t distributed the template to the client machines.  

Template Distribution

Templates can be distributed using any of the existing distribution methods such as SMS, Group Policy, etc.  In my lab I am going to copy the template manually from my RMS server to the client machine. 

  1. Logon to the client computer.
  2. Click Start -> Run and then type \\lab1-rms1\RMS Templates\ in the Open box.  Click OK.


Figure 13

  1. Copy policy template files (XML) from \\lab1-rms1\RMS Templates\ to C:\RMS Templates folder.

Note:
On a client machine, the RMS template location must be configured through AdminTemplatePath registry key in order to use the custom template with RMS aware applications.  AdminTemplatePath configuration details are described in Part 2 of this document.

At this point the custom templates are available to use with any RMS aware application.

  1. Logon to Margot’s Computer and open Outlook.
  2. Create a new email message by selecting File->New->New Message.
  3. Go to File menu and select Permission.  You will see the newly created custom template Employee Utilization Report (Executive and HR only) on the template list.


Figure 14

  1. Select the Employee Utilization Report (Executives and HR only) templateOnce it completes the verification process a banner will appear at the top of the e-mail message indicating this email message is protected with Employee Utilization Report (Executives and HR only) template.


Figure 15

Note:
By default the document author has full permission in the protected email. You can change the configuration by modifying the Extended Policy section in the template.


Figure 16

You can verify the protected email by logging onto HR and Executive employees mailboxes. Following is a screen shot of an executive employee.  As you can see in the email, this email is protected with Employee Utilization Report (Executive and HR only) and the executive employee has full permission. 


Figure 17

Following is the screen shot of an HR employee.  As you can see in the email, this email is protected with Employee Utilization Report (Executive and HR only) and the “Reply, Reply to All, Forward”, “Print” and “Copy”  buttons are grayed out.  According to the template settings, HR employees have only View permission. 


Figure 18

I always receive a lot of questions about attachments, as well as email template permission inheritance.  Here are the points you need to keep in mind when attaching a RMS protected document.

  • Attached document will inherit Outlook message permissions if it does not have its own permissions setup with RMS
  • If rights were applied to the attached document prior to the attachment, the document rights are unaffected by email rights

I hope this part of the article provides a better understanding of RMS custom templates and its distribution.  If you have any questions regarding this article, feel free to email me at [email protected] or post a comment on the newsgroup.  I really appreciate all who sent your valuable comments to me regarding Part 1 and Part 2 of this document.

If you missed the other parts in this article series please go read:


Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top