Active Directory Right Management Services: Installation and Configuration

Restrict access to a Word document with AD RMS

In this part, we will see how restricted access to a Word document using AD RMS.

Pour rappel il faut :

  • an email address configured to users
  • Office Pro (201X) to apply restrictions.

In Word, create a document, save it, and then click FILE 1 .
Word Sample

Click on Protect document 1 , go to Restrict access 2 and click on Restricted access 3 .
Restrict access doc

The window that opens allows you to configure read and edit accesses, check the Restrict access to 1 box and click on the “group” icon in the Read 2 section.
Add right

Search for a user or group with a configured email address 1 and click OK 2 .
Select group or user

On the screenshot below, we can see that only the user [email protected] can read the document. Click on Other options 1 .
AD RMS on Word file

From this rights view, you can add other users or groups, add an expiration date …, click OK 1 to configure permissions on the Word document.

Dans les informations du document, on peut voir que celui-ci est protégé.
protected document

Depuis le mode édition, un bandeau s’affiche aussi pour indiquer que le document est en Accès restreint.
protected document

Now try to open the same document with a user who does not have the right to access the document, at the opening of it an error message indicating to contact the owner of the contentLimited access.

If a user who does not have a configure e-mail address tries to open the document, you receive the following error message: The application received an unexpected response from the Rights Management server due to an incorrect configuration or a server error. Please contact Microsoft for additional assistance.
Error no email

The message below can be confusing by returning an RMS server error.

If you open the document with user2, it is read-only.
limited access limited access

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Related Posts

Active Directory: trust relationship between two forests / domains
Presentation The trust relationship between two Active Directory drill bits / domains is a trusted link that allows authenticated users to access resources in another domain. An approval relationship may be: Unidirectional: access to resources is onl

GPO: Deploy a certificate
Presentation In this tutorial, we will see how to deploy a certificate on computers using a GPO. Some cases where you may need to distribute a certificate: Internal Certification Authority Appliance certificate for SSL filtering Self-signed web serve

Rename a domain controller
Intro In this tutorial, we will see how to rename domain controller in the "rules of the art". The name change happens in several times, here is a summary: Add a secondary name to the DCPermutation of the secondary name in primaryDeleting the seconda