Understanding Rights Policy Templates
Applies To: Windows Server 2008
Rights policy templates are used to control the rights that a user or group has on a particular piece of rights-protected content. AD RMS stores rights policy templates in the configuration database. Optionally, it maintains a copy of all rights policy templates in a shared folder that you specify.
When publishing protected content, the author selects the rights policy template to apply from the templates that are available on the local computer. To make rights policy templates available to use for offline publishing, the administrator must deploy them to user computers from a shared folder. In Windows Server 2008, rights policy templates are automatically managed by the AD RMS client. A new template distribution pipeline has been created that the AD RMS client can poll for updates to the rights policy templates. If a rights policy template has been added, changed, or deleted, the client detects these changes and updates the local rights policy templates during its next refresh. The rights policy templates are stored locally on the AD RMS client running Windows Server 2008 in the %localappdata%\Microsoft\DRM\templates folder. For Windows XP, Windows 2000, and Windows Server 2003, the path is %appdata%\Microsoft\DRM\templates.
Note
The new rights policy templates distribution method is only available for AD RMS clients running Windows Server 2008. All versions of the Rights Management Services (RMS) client use the previous method for rights policy template distribution.
When you modify a rights policy template on the AD RMS server, the server updates the template in both the configuration database and the shared folder (if the AD RMS cluster is configured to specify a file location for storing copies of rights policy templates). When using AD RMS clients other than Windows Server 2008, you should redeploy each rights policy template to client computers when it has been modified so that users have the most current version available on their computers. AD RMS clients running on Windows Server 2008 will automatically detect this change and update the rights policy templates accordingly.
For more information about deploying rights policy templates, see https://go.microsoft.com/fwlink/?LinkId=81070.
Rights policy templates for the RMS client
For users to be able to author rights-protected content using a rights policy template they must have access to the template. If client computers are always connected to the internal network and can access shared folders, you can have them use a shared folder for template access. However, most administrators choose to place the template files on the local client computers so that they can be used for offline as well as online publishing of rights-protected content. AD RMS-enabled clients running Windows Server 2008 can use the template distribution pipeline to automatically update their rights policy templates.
Note
If a template is moved to this AD RMS server from another AD RMS server, the template must then be exported from this server and redistributed to the clients before it can be used.
The following are a set of best practices to follow when deploying rights policy templates to versions of the RMS client:
Deploy the template files locally to user's computers, so they can use templates while their computers are not connected to the network.
Set up a shared folder as the deployment point on a server in the AD RMS cluster. Set the permissions on the shared folder and on the template files as described in the following table:
Account | Permissions |
---|---|
AD RMS Service Group |
Modify |
System |
Modify |
Users |
Read |