Quantcast
Channel: Active Directory Rights Management Service(On premise) forum
Viewing all 1025 articles
Browse latest View live

After creating templates and applying templates to documents they do not seem to have any affect

May 3, 2016, 8:52 am
$
0
0

In a development environment I created an AD RMS (2012) tied to our development AD (2012). I followed a step-by-step document on Technet and referenced several others (3rd party and otherwise) which all looked relatively the same and relatively straightforward.

I then created several templates and two users. The two users were John Doe (JDoe) and Joe Shmoe (JShmoe). The idea was that John Doe would author documents, apply templates and then I would attempt to view them as Joe Shmoe and see what happened. I created a template where Joe Shmoe had full control, one with read-only, and one with no rights given. John Doe was given full-control on each of the documents. I then transferred them to Joe Shmoe's desktop. It recognizes that the policy templates were applied, but Joe Shmoe has full access to all three documents. Here is an example of the no-rights document.

View in Word:

View in the Template:

I might be missing something very simple, but I was unable to find the answer and I have messed with a bunch of settings with no luck whatsoever.

Thanks,

Chris P.

Search

About Decryption for IRM Files

May 3, 2016, 9:52 am
$
0
0

Hi All,

A few days ago when I was trying to open a word file which was encrypted with Windows Rights Management, a little window appeared saying that"Server Error in '/Certification' Application" and "Cannot generate SSPI context". Followed by which was a description saying that "an unhandled exception occurred during the execution of the current web request. Please review the stack trace for the information about the error and where it originated in the code".

I went through this thing online and I believed that some MS users have shared the same experience. Unfortunately I could not find even one way to decrypt. What upset me the most was that comments generally suggest there is no way at all to get back the files since November 2015 when MS stopped the IRM functions.

The file I am obtaining is really important and critical to me. Anyone who knows what's going on and any solutions? Thanks a lot!

How many CAL to be purchased

May 14, 2016, 4:11 am
$
0
0

Hi

We have deployed Exchange server 2012 in our organization. Now we need to deploy RMS for rights. I want that RMS will only be used by certain people say 100 but rest of the people will not have it. In this case is it possible that if i send mail thru RMS client and other person not having client will not be able to print in case restirction were not to print

2nd ADFS Login Request

May 16, 2016, 11:43 am
$
0
0

Hello,

I'm almost certain I'm in the wrong place but have no idea where to start, or even if there is already a program that does this.

We have a requirement to set a system up on a "shared account" however so we retain a log of who has authorised the use of that session, when the "shared" account signs in we want another compulsory restricted window for a 2nd sign in against ADFS and allows access if the 2nd sign in has a particular valid ad attribute.

They should not be able to bypass this, and once sucesfull it should log the 2nd author, date time and IP to a file for reference.

If the account does not have the right attribute, or is not entered the session should log off.

Ideas welcome.

Thanks

Can not access RMS Docs from workgroup or external compluters

May 19, 2016, 3:26 am
$
0
0

I am not able to access files encrypted by RMS from External NW.

got the error " Cannot verify user information at this time , DO you want to open the document using different set of credential ? "

when selecting Yes , it tried to retrieve URL of RMS but not scucces , then box appear ask me to add the user , when click add it gasking me to register with MS service.

Protect a special file extension with RMS

May 20, 2016, 7:31 am
$
0
0

Hello,

we have some special files (not Office, not Adobe etc.). The extension is always .sldrw

The files have to be accessible (read and write) from the Application running on the Windows clients.

Is it possibleto preventthese files are copied to the local file system / USB Stick / Outlook / webbased mail,so that they are leaving the corporate network?

Is RMS a solution for this problem?

thankyou in advance Boris

This content could not be accessed using your current credentials. Do you want to use your Microsoft account to access this content?"

June 4, 2015, 3:34 am
$
0
0

Dear 

I am facing problem while opening word document in ADRMS. We are getting following message" 

This content could not be accessed using your current credentials.  Do you want to use your Microsoft account to access this content?" 

Pl revert back with a solution . Thanks.


You computer isn't set up to use restricted permission in mac computer

May 25, 2016, 12:20 am
$
0
0

Please, Any one Help me

I am facing following issue . when i'm trying to Restrict mail in outlook or document .

office for mac need to connect to following server https://<AD RMS Server FQDN>

You computer isn't set up to use restricted permission
Search

Unable to contact AD RMS Server

May 28, 2016, 2:57 am
$
0
0

Hello

I am having issues connecting my clients to my AD RMS Server. I am reaching the below error message when going to Office Application > File > Protect Document > Restrict > Connect to RMS Servers and get templates.

Environment:

2 x Server 2012r2 AD RMS Clustered VM's. SQL 2012 Database on Server 2012r2.

Windows 7, 8, 10 Pro domain connected workstations, Office 2013, 2016 ProPlus.

SCP registered in AD and no connection issues connecting to either licensing or certification cluster URL's from client PC's.

The templates have already been pulled down to the local machine via the scheduled task + registry tweaks.

Essentially, Office will not locate the AD RMS Servers.

Any help appreciated.

IRM and Exchange 2013 OWA

September 4, 2014, 8:52 pm
$
0
0

Outlook (2010 SP2) and OWA (Exchange 2013 CU6) have different behavior when viewing a message secured with AD RMS.

I have enabled IRM successfully for internal use.  I've set a test policy that allows messages to only be viewed for one day.  After one day, viewing secured messages via Outlook is blocked as expected.  The issue is when I view the message via OWA, I can see the body content.  The content is not protected, only attachments are protected.

A message that is intended to be protected but without attachments can be viewed via OWA even if it has been set to expire.  Viewing the same message in Outlook is prohibited, as it should be.

I tried to open a thread in the Exchange forum but they said that it is a RMS issue and that you guys would know what to do.

http://social.technet.microsoft.com/Forums/en-US/6b253c68-956c-43ef-a071-0b76e537ef56/owa-and-irm?forum=exchangesvrclients

Please help!

Configure RMS with Exchange 2013

March 29, 2016, 12:11 am
$
0
0

hi,

We have RMS (on-premises) in our organization and now we want to use it with exchange (on-premises) to choose who can forward/copy etc. our e-mails outside our organization. Is there any guide or if someone has its own blog which explaning these settings and how to configure this?

Thank you in advanced.


Problem installing RMS Mobile Device Extensions on RMS Server

June 2, 2016, 10:01 am
$
0
0

Hello,

I'm having this issue when i try to install MDE on RMS Server.

"Product: Active Directory Rights Management Services Mobile Device Extension -- AD RMS server role is not configured on the server. Please configure it first then install the Active Directory Rights Management Services Mobile Device Extension."

The AD RMS Server Role is installed on the server.

Any help will be appreciated

Thanks

Using AD RMS with AD FS current limitations

June 7, 2016, 12:21 am
$
0
0

Hello All

Can someone please help me with the following questions :)

I am learning AD RMS and read a MS document entitled "Active Directory Rights Management Services Overview" last updated April 1 2015.

It started the following with regard to the cons (limitations) of using federation (AD FS) with AD RMS

-------------------

At the same time, AD FS integration for AD RMS has some limitations when compared to other alternatives, such as trusted user domains and trusted publisher domains. One potentially significant limitation is that AD RMS with AD FS, in its current implementation, does not provide group expansion capabilities for remote groups. This implies that a remote user belonging to a group that has been assigned rights to a document cannot exercise those rights unless she has also individually been assigned the same rights.

A second limitation is that AD FS integration is dependent on the capabilities of the client device accessing a protected document. Today, Windows Mobile clients are not able to authenticate through AD FS, so such clients can consume AD RMS protected documents only if their users are in the same forest as the AD RMS server that issued the publishing license or the organization uses trusted user domains or trusted publishing domains. In addition, the Rights Management Add-on document viewer for Internet Explorer, typically used when the recipient does not have an IRM capable application, does not support AD FS authentication.

Finally, using AD FS with AD RMS imposes some requirements on the infrastructure, such as access to the AD RMS servers from the Internet and specific configurations in the client. These include specifying the remote federation servers URLs in the trusted zone and the local federation servers in the Intranet zone, in the Internet Explorer security settings.

------------

What I would like to know is as of today (7th June 2016) and Windows 2012 R2 (with all relevant up to date patches installed). Are the above still limitations including group expansion there in place? or have they now been removed with proiduct enhancements/patches sine April 1 2015?

However it also occurs to me when it comes to 'claims' you could create a claim based on weather or not a given user is a member of a particular group. That being the case I am not sure what you need group expansion because as far as I am aware you expand a group to see if a user (or computer) is a member of the group in question. However if you have already determined this as part of building the claims token for the user why do you still need group expansion? Like I said I am learning :) so appolgies if the answer is obvious and I am not seeing it.

Thanks All

Ernie

Active direcyory

June 8, 2016, 10:12 pm
$
0
0

dear team,

i want to change my compange all users password how we able to change or reset all users login ID password in AD 

please share any good way or command step by step windows 2008 r2 standard AD Server 

  • Contain a combination of at least three of the following characters: uppercase letters, lowercase letters, numbers, symbols (punctuation marks)


Unrestricted Access and Do Not Forward Permissions

March 29, 2016, 6:37 pm
$
0
0

Hi,

I believe I found from other questions in this forum that the Do Not Forward Permissions template is created for outlook when AD RMS is installed and the client connects RMS. Where does the option for Unrestricted Access come from? Is it also created for Outlook when IRM connected? It appears in OWA that it shows as No Restriction instead. Is this correct? I assume they cannot easily be removed.

Thank you

Search

windows rights management error cannot generate SSPI context sql exception (0x80131904)

June 17, 2016, 7:07 am
$
0
0

http://joxi.ru/ZrJykNQc15n9BA

i have a file that was protected with windows rights management

it was open correctly for 5 or even more years

with all types of office products

from very different computers

but since last few months i cant open it

it gives me server error in certification application

cannot generate SSPI context

sql exception (0x80131904)

as seen on a printscrin

i googled a lot for this problem

but there is no solution

some say that i need to transfer to azzure rigts management

i did

i doesnot help

i registred an wms portal

it didnt help i installed all information rights managemt tools avaliable it did not help

please suggest anything

IRM What are Pre-requsists

June 23, 2016, 12:25 am
$
0
0

Hi,

We are planning to enable IRM feature for Exchange 2013, I would like to know that is this built in feature or i have to Install another server which will have AD RMS Role Installed first and then i can enable this feature.

Regards

Usman Ghani

Usman Ghani - MCITP Exchange 2010

Protect PDF files using RMS

June 28, 2016, 2:27 pm
$
0
0
Can I protect PDF files using AD RMS installed on Windows Server 2012 R2?

Sharing Protected Document with External Users

June 28, 2016, 12:26 am
$
0
0

HI,

I would like to understand , if i have IRM enabled on my exchange 2013 and say enable that Users can not "forward" emails. I understand within internal domain it will work fine , what will happen if i sent the same protected email to external users or external domain.

Regards

Usman Ghani

Usman Ghani - MCITP Exchange 2010

Client can't connect to AD RMS Server

July 27, 2011, 1:22 am
$
0
0

Hi all,

All my client can't connect to AD RMS Server (Win 2008 R2 SP1), error like this : 

This service is temporarily unavailable. Ensure that you have connectivity to this server. this error could be because you are working offline, your proxy settings are preventing your connection, or you are experiencing intermittent network issues.

From the client I have configure URL to local trust site, can ping the server, can access the url RMS, IE online.

what could probably wrong ?

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Viewing all 1025 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>