Active Directory Right Management Services: Installation and Configuration

Restrict access to a Word document with AD RMS

In this part, we will see how restricted access to a Word document using AD RMS.

Pour rappel il faut :

  • an email address configured to users
  • Office Pro (201X) to apply restrictions.

In Word, create a document, save it, and then click FILE 1 .
Word Sample

Click on Protect document 1 , go to Restrict access 2 and click on Restricted access 3 .
Restrict access doc

The window that opens allows you to configure read and edit accesses, check the Restrict access to 1 box and click on the “group” icon in the Read 2 section.
Add right

Search for a user or group with a configured email address 1 and click OK 2 .
Select group or user

On the screenshot below, we can see that only the user [email protected] can read the document. Click on Other options 1 .
AD RMS on Word file

From this rights view, you can add other users or groups, add an expiration date …, click OK 1 to configure permissions on the Word document.
Rights

Dans les informations du document, on peut voir que celui-ci est protégé.
protected document

Depuis le mode édition, un bandeau s’affiche aussi pour indiquer que le document est en Accès restreint.
protected document

Now try to open the same document with a user who does not have the right to access the document, at the opening of it an error message indicating to contact the owner of the contentLimited access.

If a user who does not have a configure e-mail address tries to open the document, you receive the following error message: The application received an unexpected response from the Rights Management server due to an incorrect configuration or a server error. Please contact Microsoft for additional assistance.
Error no email

The message below can be confusing by returning an RMS server error.

If you open the document with user2, it is read-only.
limited access limited access





Related Posts


Bitlocker : enable encryption with a TPM chip

IntroductionAdd a TPM chip to a Hyper-V virtual machine (optional)Check the presence of a TPM moduleActivate BitlockerConclusion Introduction In this tutorial, I will tell you how to activate Bitlocke

Active Directory: Joining a Computer to a Domain at the Command Line

Introduction The Active Directory domain join of a computer can be done using either the GUI or using command line and PowerShell. In this tutorial, I will explain how to join a computer to a domain u

Remove an Active Directory Domain Controller

In this article, we will see how to remove a domain controller in an Active Directory environment. The deletion is done in two steps: Demote the domain controller: remove the controller configuration.