SecurityPolicy object
The SecurityPolicy object can be used to decommission a server and to specify a super users group. You can retrieve this object by calling the SecurityPolicy property on the Enterprise object.
When provisioned, AD RMS creates a special distribution group that has full control over all rights-protected content stored on the server. Members of this group can decrypt any protected content files or remove protection from them. By default, this super users group is not set, but you can use this object to specify a new or existing Active Directory distribution group to use. The group must exist in the same Active Directory forest as the AD RMS installation and is specified by its email address. Any user accounts that are members of the group that you specify are automatically granted super user permissions.
You can also use this object to decommission an AD RMS server. After a server has been decommissioned, AD RMS issues an end user license to any user who requests content, thereby effectively eliminating protection for that content.
Members
The SecurityPolicy object has these types of members:
Methods
The SecurityPolicy object has these methods.
| Method | Description |
|---|---|
| DecommissionNow | Decommissions a server. |
| EnableDecommission | Configures the AD RMS environment to allow a server to be decommissioned. |
Properties
The SecurityPolicy object has these properties.
| Property | Description |
|---|---|
| EnableSuperUserGroup |
Specifies or retrieves a Boolean value that indicates whether a security group can be designated as the super user group. |
| SuperUserGroup |
Specifies or retrieves the super user group. |
Examples
DIM config_manager
DIM admin_role
' *******************************************************************
' Create and initialize a ConfigurationManager object.
SUB InitObject()
CALL WScript.Echo( "Create ConfigurationManager object...")
SET config_manager = CreateObject _
("Microsoft.RightsManagementServices.Admin.ConfigurationManager")
CheckError()
CALL WScript.Echo( "Initialize...")
admin_role=config_manager.Initialize(false,"localhost",80,"","","")
CheckError()
END SUB
' *******************************************************************
' Security policy.
SUB EnableSecurityPolicy()
DIM securityPolicy
' Create a SecurityPolicy object.
SET securityPolicy = config_manager.Enterprise.SecurityPolicy
CheckError()
' Enable the super user group.
securityPolicy.EnableSuperUserGroup = TRUE
CheckError()
' Set the super user group.
securityPolicy.SuperUserGroup = group_name@domain_name.com
CheckError()
' Enable the decommissioning process.
securityPolicy.EnableDecommission()
CheckError()
' Decommission the server.
securityPolicy.DecommissionNow()
CheckError()
END SUB
' *******************************************************************
' Error checking function.
FUNCTION CheckError()
CheckError = Err.number
IF Err.number <> 0 THEN
CALL WScript.Echo( vbTab & "*****Error Number: " _
& Err.number _
& " Desc:" _
& Err.Description _
& "*****")
WScript.StdErr.Write(Err.Description)
WScript.Quit( Err.number )
END IF
END FUNCTION
Requirements
| Minimum supported client |
None supported |
| Minimum supported server |
Windows Server 2008 |
| Assembly |
|