Customizing Information Rights Management and Installing Client Software
Information Rights Management (IRM) is a new feature in Microsoft Office 2003 for managing access to content in files or messages created within Office.
Installing the Rights Management client software
Even though IRM is an integral part of the Microsoft Office System, the necessary client software to interact with the RMS server or the Passport service on the Internet requires separate installation and configuration.
For more information about the RM Update for Windows clients, see the Windows Rights Management documentation on the Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003/rm.
Permission policies
For corporations, administrators can create a custom permission policy that configures various people and groups with customized IRM permissions. In some cases, this can greatly simplify the process of setting permissions, because a single custom permission policy can replace the user’s need to select multiple permission settings.
For instructions on how to create, edit, and post custom rights policy templates, see the Windows Rights Management documentation on the Microsoft Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003/rm.
How to deploy permission policies
When the permission policies are ready, they should be posted to a server share where all users can have access to them or they should be copied to a local folder on the user’s computer. The IRM policy settings available in the Office11.adm template can then be used to point to the location where these permission policies are stored (either locally or on an available server share). Once the permission policies are available and the necessary Group Policy settings are implemented and propagated to users, the IRM Permissions menu option displays the available custom permission policies in a submenu.
For more information about how to use Group Policy with Office applications, see “How Policies Work” in Chapter 26, “Using Security-related Policies.”
Using Group Policy to access custom permission policies
It is possible to enable and distribute the configured policies provided in the Manage Restricted Permissions section of the Office11.adm policy template. When the IRM policy Specify Permission Policy Path is implemented and propagated through Active Directory directory service, IRM will automatically locate any available templates stored in the location specified. The IRM-enabled Office applications will then display the custom permission policies.
These are the core registry entries associated with IRM. Most of these have parallel policy entries.
The following two registry entries are under HKLM\Software\Microsoft\Office\11.0\Common\DRM:
| Value name: | CorpLicenseServer |
| Value type: | REG_SZ |
| Value data: | <URL> |
IRM registry entries
This setting allows the administrator to override the location of the Windows Rights Management server specified in Active Directory.
| Value name: | CorpCertificationServer |
| Value type: | REG_SZ |
| Value data: | <URL> |
This setting allows the administrator to override the location of the Windows Rights Management server specified in Active Directory for certification.
The remaining registry entries are under HKCU\Software\Microsoft\Office\11.0\Common\DRM:
| Value name: | Disable |
| Value type: | DWORD |
| Value data: | [ 0 | 1 ] |
If this key is set to 1, the Rights Management–related options within the user interface of all Office applications are disabled. This is identical to the Disable Information Rights Management User Interface policy.
| Value name: | DisablePassportCertification |
| Value type: | DWORD |
| Value data: | [ 0 | 1 ] |
If this key is set to 1, users cannot open content created by a Passport-authenticated account. This is identical to the Disable Microsoft Passport service for content with restricted permissions policy.
| Value name: | IncludeHTML |
| Value type: | DWORD |
| Value data: | [ 0 | 1 ] |
If this key is set to 1, users without Office 2003 can view the content in the Rights Management Add-in for Internet Explorer. This is identical to the Allow users with earlier versions of Office to read with browsers policy.
| Value name: | RequestPermissionURL |
| Value type: | REG_SZ |
| Value data: | URL or e-mail address |
This setting allows the administrator to specify a location where a user can obtain more information about getting access to IRM content. It can be either a URL or an email address. This is identical to the Additional permissions request URL policy.
| Value name: | RequireConnection |
| Value type: | DWORD |
| Value data: | [ 0 | 1 ] |
If this key is set to 1, any users attempting to open an Office document having IRM permissions enabled will be forced to connect to the Internet or local area network to have their license confirmed by either Passport or RMS. This is identical to the Always require users to connect to verify permission policy.
| Value name: | AutoExpandDLsEnable |
| Value type: | DWORD |
| Value data: | [ 0 | 1 ] |
If this key is set to 1, any user who attempts to apply permissions to a file will encounter different behavior when they select a group name in the Permissions dialog box. When a group is selected, the dialog box automatically expands to display all the members of the group. This is identical to the Always expand groups in Office when restricting permission for documents policy.
| Value name: | AdminTemplatePath |
| Value type: | REG_SZ |
| Value data: | <UNC or aliased drive> |
If this key is present, Office applications using IRM scans the path provided in this registry entry to see if any permission policy templates exist. If they are there, the title for each is displayed in the Permission dialog box (File menu). This is identical to the Specify Permission Policy Path policy.
Resources and related information
More up-to-date information regarding Information Rights Management will be available from the Office 2003 Resource Kit Web site at http://www.microsoft.com/office/ork/2003.
EAN: 2147483647
Pages: 196