Active Directory Right Management Services: Installation and Configuration


Windows Server 2019

AD RMS: Configuring Super Users

The configuration of super users will allow to define a group that has access to all documents regardless of the rights applied to it.

In this part, we will configure the group created in the section Preparation of the environment.

Open the administration console accessible through the Start menu.
AD RMS lauch console

From the Admin Console go to Security Policies 1 .
Security Strategy

Click Edit Super User Settings 1 .
Edit super user

Without the Actions part of the console, click Enable super users 1 .
Enable super users

Now click on Edit Super User Group 1 .
Edit super users group

Enter the group’s email address 1 then click on Apply 2 and OK 3 .
Configure group

We can now see the super user group configured 1 .
AD RMS super users

Restrict access to a Word document with AD RMS

In this part, we will see how restricted access to a Word document using AD RMS.

Pour rappel il faut :

  • an email address configured to users
  • Office Pro (201X) to apply restrictions.

In Word, create a document, save it, and then click FILE 1 .
Word Sample

Click on Protect document 1 , go to Restrict access 2 and click on Restricted access 3 .
Restrict access doc

The window that opens allows you to configure read and edit accesses, check the Restrict access to 1 box and click on the “group” icon in the Read 2 section.
Add right

Search for a user or group with a configured email address 1 and click OK 2 .
Select group or user

On the screenshot below, we can see that only the user [email protected] can read the document. Click on Other options 1 .
AD RMS on Word file

From this rights view, you can add other users or groups, add an expiration date …, click OK 1 to configure permissions on the Word document.
Rights

In the document information, we can see that it is protected.
protected document

From editing mode, a banner is also displayed to indicate that the document is in Restricted Access.
protected document

Now try to open the same document with a user who does not have the right to access the document, at the opening of it an error message indicating to contact the owner of the contentLimited access.

If a user who does not have a configure e-mail address tries to open the document, you receive the following error message: The application received an unexpected response from the Rights Management server due to an incorrect configuration or a server error. Please contact Microsoft for additional assistance.
Error no email

The message below can be confusing by returning an RMS server error.

If you open the document with user2, it is read-only.
limited access limited access




Leave a Comment