Quantcast
Channel: Active Directory Rights Management Service(On premise) forum
Viewing all 1025 articles
Browse latest View live

compatibility View Not showing

April 10, 2019, 4:56 am
$
0
0

Dear ,

i have two domain controllers os2016 with domain func level and forest func level 2012 R2. i want to create a GPO allowas me to enable "turn on internet explorer standards mode for local intranet" contained in 

--àPolicies-àAdministrative Template-àwindows components--àInternet explorer--àcompatibility view--à double click “turn on Internet Explorer Standards Mode for local intranet”--àset it to enable

this is was made on a test environment and works perfectly. on the live env i can't find the compatibility view and don't know the reason why.

i have downloaded KB2841134 that contain the inetres.adm but sill not apperaing.

please help.

None

Search

alkhdraabn12@gmail.com دمشق سوريا

April 22, 2019, 4:57 pm
$
0
0
اثناء وضع الفلاش usb يطلب التهيئة ولاكن بدون جدوى رغم استعمال كل الطرق الفلاش أخذ صفة RAW المهم انني قمت بهذا الأستفسار فقط لكي ازداد علماً الى كيفية الاصلاح ومن ثم اعلام الكل على هذا الخطأ وكيف تم اصلاحة بفضلكم والشكر الجزيل لكم 

User Directory Access on Login

April 23, 2019, 7:22 am
$
0
0

Folks,

I admit, I have not been deep into networking for a few years, so things may have changed.

When I designed networks, a user's directory followed them on whatever device they used.  If a device went bad, the moved to a new device, logged in, and had access to their files immediately.

Recently I have experienced directory access tied to a machine name.

Specifically, if I do not log into a specific device, I have no access to the network files I have saved to my default directories because my login directory access is tied to a directory that only the machine on which I am a user has rights to access.

Can anyone explain to me the benefit of this approach?

The major drawbacks I see are:

  1. Laptops/computers cannot be shared without giving access to default directories
  2. When new devices are issued, IT must manually copy files from one directory to another
  3. When the user receives the device, they must manually copy any files created, updated, or downloaded after the end of IT activity  

Any direction is appreciated. 

AD groups vs Kerberos Token size

September 29, 2017, 5:48 am
$
0
0

I'm struggling with 2 articules. There is this one:

https://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Which says that "Security principals (that is, user, group, and computer accounts) can be members of a maximum of approximately 1,015 groups"

And this articule:

https://blogs.technet.microsoft.com/shanecothran/2010/07/16/maxtokensize-and-kerberos-token-bloat/

About token size. In my environment I have a user which has about 1000 groups, and he is not able to log in, but when I counted token size it is way lower than 64kB (64kB is a size set for all machines). I understand that number of groups is preventing user to log in, but what for is kerberos token size, if despite increaing it's limit we are still limited to have like 1000 AD groups? 

Limiting the number of RMS policy templates shown instead of showing all templates

May 2, 2019, 9:01 am
$
0
0

My company is now installing the RMS (Window Server 2012 R2) and we have set up a huge number of policy template for different sections.  However, we have found that the number of templates available to an end user should be limited to few policy templates instead of showing all 100+ templates as it will become overwhelmed searching for the right policy to apply. 

Is there any method to provide different sets of rights policy templates to different groups of users as well so that the end user only sees a subset of the total templates available?


MS word 2010 cannot protect file by RMS template

May 10, 2019, 12:36 am
$
0
0
When i apply the template to the file, ms word 2010 throw this message "Unexpected error occurred. Please try again later or contact your system administrator". How to see the detail error log? How to fix it? my certificate seems have problem. are there any tutorial can help troubleshoot this problem?

Window 7 with Word 2010 cannot apply RMS template to file

May 14, 2019, 2:57 am
$
0
0

Window 7 with Word 2010 cannot apply RMS template to file. It throws the following error.

  1. Unexpected error occured. Please try again later or contact your system administrator.
  2. The Windows Rights Management Services (RMS) certificates stored on this machine cannot be validated. The certificates were acquired from a different RMS server than the server currently specified.

How to fix this problems?


AD RMS & Resource Forest

August 30, 2018, 11:49 pm
$
0
0

We have forest A with users accounts and forest B with Exchange installed. Using linked mailbox for this topology.

Now we'd like to deploy AD RMS in forest A (users accounts) - could it be worked with email protection of Exchange (forest B)?

Could you share link-guide to achieve it, perhaps step-by-step?

Thank you!

Search

Cannot open a RMS protected file when add a new user to the group

May 21, 2019, 3:01 am
$
0
0

I granted a group to the RMS template and used it to protect a file. After that i added a new user to this group. But the new user cannot access this file. (the full control has already granted to this group). Are there any refresh function for the AD?


AD RMS not contacting endpoint for certification service

June 6, 2019, 4:59 am
$
0
0

Hello.

Office 2016 stopped seeing the RMS server, when trying to protect the document gives an error "An error occurred when trying to contact the active services rights management services server. Please try again later or contact your administrator."

At the same time, if you install office 2010 then everything works in it.

Links to services work fine:
https.//:..../_wmcs/licensing/license.ASMX services
https.//:...// _wmcs / certification / certification.ASMX services

RMS Analyzer generates an error in step 3 " the RMS client can find the RMS endpoints required to obtain certificates and policy templates."
System.Network.Services.Protocols.SoapException: exception of type ' System.Network.Services.Protocols.A soapexception' exception was thrown. ---> Microsoft.DigitalRightsManagement.Municipal services.Insecifiederrorexception: exception of type " Microsoft.DigitalRightsManagement.Municipal services.UnspecifiedErrorException " was thrown.
   --- End of internal exception stack trace ---
   at Microsoft.DigitalRightsManagement.Kernel.ServiceLocator.FindServiceLocationsForUser(ServiceLocationRequest[] The Names Of The Services)

RMS Ad-hoc policy incorrect Rights information

June 7, 2019, 6:50 am
$
0
0

Hi, 

In our environment, we have protected the office file using Ad-hoc policy with View, Print, Copy and Reviewer rights and the same rights are getting applied the file.

But, in the protected file while clicking the View Permission popup shown as "Do not Forward - Recipient can read this message, but can not forward, Print or copy content." even though we have View, Print, Copy and Reviewer rights. See the attachment

Please explain why RMS showing wrong information. 

Best regards,

Kathirvel Nagaraj

Using GUID to Remove member from AD Group.

June 17, 2019, 1:08 pm
$
0
0

I saw many examples that allows removal of members from AD Group however, after going through the documentation of Microsoft I came to know that ObjectGUID is also usable for performing the same operation. So, if I have the GUID of Group & GUID of different members that I want to remove how do I perform operation in power shell script? 

I tried doing this but it didn't work.

$GroupGUID = 'a3d65150-1739-4cc7-80d2-7b97c76b0aff'
Remove-ADGroupMember -Identity $GroupGUID -Members where {ObjectGUID -eq  } | where {$_.ObjectGUID  -eq '8a3fab53-4c8b-483d-89f0-e26de236a627'}

Office365 uses ADRMS encryption, how long is ADRMS permissions synchronized

June 18, 2019, 2:14 am
$
0
0
I have carried out the following test here, first add the read permission to the A user on a WORD document, then I cancel the read permission. After the cancellation, the A user has the right to access the WORD document. I would like to ask this. After the ADRMS permissions are modified, it takes a long time to take effect. Thanks for answering ~~

Does AD RMS on Windows server 2016 support SQL Server 2017?

August 29, 2018, 1:10 am
$
0
0

Microsoft document doesn't say AD RMS support SQL server 2017. Does it support?



AD RMS on Server 2012 R2 decommissioned but files are still protected and fails to open

July 10, 2019, 2:29 am
$
0
0

Hi,

We are upgrading our environment from Server 2012R2 to Server 2019, I was migrating AD RMS. I create a new server installed AD RMS and configured it, but didn't configure anything external or internal like URLs or DNS to point to it.

Once I had enough confidence that my configuration was correct, I used the Decommission option to remove the old AD RMS server. I was under the impression that the decommissioning will automatically disable all files protections and allow all users to open them. but none of the files are opening, when i open the files i get the following error.

I am not sure what to do here. I've ensured that my decommission.asmx works and i can see the web page fine.

https://rms.bayonetventures.com/_wmcs/decommission/decommission.asmx

MCITP:Server Administration|MCTS: Server 2008| MCSE: Server 2003| MCSA + M: Exchange Server 2003| MCP: Windows XP|

Search

unable to manage Azure AD through admin centre

July 12, 2019, 2:27 am
$
0
0
Hi,

Background: I have my organisation's AD setup in Azure (NOT on-prem). I am member of the AAD DC Administrators group. I can manage everything from Azure portal however would like to manage AD through AD tools (RSAT) or Administrative Centre basically the traditional way through Active Directory Users & Computers. I have installed it on a Domain Windows 2012 server which resides on Azure. 

Problem: The users & computers are appearing fine however, I get an Access Denied message whenever I try to change something like password. When click on user Properties, all fields are greyed out.

How to create /my folder under RMS on premise server

July 19, 2019, 1:22 am
$
0
0

Dear Sir,

I would like to install Mobile Device Extension into ADRMS on-premise servers, however, it shown that the pre-requisites which need to publish /my folder. 

I cannot find /my folder in IIS setting, May I know how I can create it?

Reference Link:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn673574(v=ws.11)

https://www.google.com.hk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=2ahUKEwiuhaHQxsDjAhXRfXAKHTfnBycQFjADegQIAxAC&url=https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2Ff%2F6%2F3%2Ff63c9623-053f-44dd-bfa8-c11fa9ea4b61%2Fleverage-the-mobile-device-extension-for-ad-rms-on-your-premises.docx&usg=AOvVaw1FtuwE3LBf1jBOgAKQtQNj

How to configure AD RMS with Sharepoint server 2016

April 27, 2017, 11:36 pm
$
0
0

Hi all

I have following enviroment

VM01= Windows 2012 R2 Data center Server [Having AD DS and AD RMS ] installed

VM02= Os= Windows 2012 R2 Data center Sever

           Appplication= Microsoft office sharepoint server 2016

            DB = MS SQL 2012 

Every thing is working fine, AD RMS working fine with office suite (word, execl), but when i enable IRM---- in sharepoint selecting 2nd option: Use the default rms specified in active directory. I am getting below error

MS Configuration not working: The required Active Directory Rights Management Service Client (MSIPC.DLL) is present but could not be configured properly. IRM will not work until the client is configured

I tried many articles, but not successful to integrated AD RMS with sharepoint.

Please help me out

Regards

M.Amir

How to remove RMS protection from emails?

August 7, 2019, 6:52 am
$
0
0

Hi, 

I have inherited RMS (WS 2008 R2) which I need to decommission. 

RMS is only used to prevent printing, copying and forwarded emails from one mailbox. 

EXCH 2016 has a mail flow rule which applies the RMS template to email sent to this one mailbox.

I've added my account to the RMS super user group yet I am unable to remove the RMS protection from email in this mailbox. 

Do do I remove RMS protection from these emails?

There are several thousand emails, is there a way to select them all then remove RMS protection or a tool I can use for this?

Thanks in advance. 

ADRMS Deployment in a Resource Forest.

August 14, 2019, 3:36 am
$
0
0

Hello All, 

Today I have a 3 AD Forest:

- AD1  : Account Forest - Windows 2012R2 Forest/domain level

- AD2 : Account Forest - Windows 2016 Forest/domain level

- AD3 : Resource Forest - Windows 2016 Forest/domain level with Exchange 2016

- One way AD Trust with the 2 Account forest

Users in account Forest have an linked Mailbox into the dedicated Exchange Forest. Everything works great.

I want to deploy ADRMS for end users (it needs to cover AD1 and AD2) - For Exchange purpose only (Like Do Not Transfer mail and so on)

I read last days many blog on the subject, and some points still unclear.

https://blogs.technet.microsoft.com/zaid_arafehs_blog/2012/03/08/installing-adrms-in-an-ad-resource-forest/ 

And : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee918789(v=ws.10)

What is the best design to implement ADRMS to achieve my goal? 

If I deploy ADRMS on the resource forest, do I really need to sync user SidHistory with an ILM just for Exchange purpose?

If I deploy Licensing servers on Resource Forest and Certifcation Servers on the two Account forest do I need SidHistory ILM too? 

And finally if I deploy all ADRMS services just in Account Forest, do I need something on Resource forest side? 

Thanks

m.geyer


Viewing all 1025 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>