In such scenarios, you usually enable the super-user functionality. Open the ADRMs console > Security policies > Super users. Enable the feature then add members as needed.
How to mass-unlock Active Directory right management systesm(ARM now?)
Dear MS Support Team,
Let's say my company has used Active Directory Right Management System to secure 'confidential documents/emails' in the company.
Today, we have ediscovery issue with competitors, so need to provide some of 'confidential documents/emails' to our law firm/ediscovery vendor to submit as evidence.
In this situation, how we can de-activate the ADRMS of the 'confidential documents/emails' by mass operation, not manual job(one by one)?
In addition, even though we tried to de-activate the ADRMS as much as possible, some of encrypted(by ADRMS) could be appeared by extracting from archive files, etc.
Let's law firm/discovery vendors export/send several encrypted files to us(via FTP or external HDD), how we can do mass-deactivate them?
Sign in to comment
Sort by: Most helpful
Thanks for your reply.
I understand 'Super user' can decrypt all files in the company.
Could you let me know how to mass-decrypt the files in the path(i.e. D:\need decryption)?
(Let's say my vendor gathered protected documents and provided me via external HDD and it is plugged to my pc.)
I tried to find 'how to do mass-decrypt', but only can find 'how to assign super user'
The Unprotect-RMSFile cmdlet from the AzureInformationProtection module can be used for that bulk decrypting files. Make sure you configure the prerequisites for AD RMS as detailed here: https://github.com/MicrosoftDocs/Azure-RMSDocs/blob/master/Azure-RMSDocs/rms-client/client-admin-guide-powershell.md#active-directory-rights-management-services
Here's the cmdlet help itself: https://learn.microsoft.com/en-us/powershell/module/azureinformationprotection/unprotect-rmsfile?view=azureipps
Sign in to comment