Office 2013, AD RMS Client 2.x and Template distribution
Hello folks,
As deployments of Office 2013 and IRM implementation are starting, we are getting a lot of queries about template distribution and all the advancements we have made in AD RMS Client 2.x. I'll get our expert Gagan to explain more.
Hello, I am Gagan Gulati and I lead the program management for AD RMS developer platform.
While deploying IRM functionality with Office 2010 and Office 2007, one of the major work items for IT administrators has been deploying templates on user’s desktop. This functionality was achieved with running WMI scripts and by placing templates at a particular location so that Office (Word, PowerPoint, Excel, Outlook…) could access them. Office 2013 utilizes the new AD RMS Client 2.0 version. AD RMS Client 2.0 is a new, advanced software which abstracts a lot of tough concepts from developers and IT administrators. One of them is template distribution. AD RMS Client 2.x (and thus Office 2013) will automatically download templates for protection. When the user consumes or protects content for the first time, AD RMS Client 2.x bootstraps. During this process, it connects to the appropriate RMS server and downloads all templates that are available for download. These templates are cached at %LOCALAPPDATA%\Microsoft\MSIPC\Templates.
AD RMS Client 2.x also updates the template cache on a regular basis from RMS server. The default Template update interval is 7 calendar days. That is, every 7 calendar days, the client will refresh the templates from the RMS server. So if the administrator modified templates on the RMS server (which does not and should not happen very often after the initial testing and trial), the modified templates are brought down to the user desktop between 1 (best case) to 7 days (worst case). Also, note that modifications made to the properties of a template doesn’t require that the template be downloaded again to user’s desktops. The properties will get reflected when users consume the content.
To meet the common scenarios of trial and testing, and if administrators want to update this cache more often, we provide a variety of levers.
- Configure Template refresh frequency: IT administrators can choose to update the time interval after which template cache gets refreshed. There’s a registry key for this that is available at the following link. The registry key value is in days. This has been documented here: https://technet.microsoft.com/en-us/library/jj159267(v=ws.10).aspx. We are providing you with the snippet below.
To update the frequency (in days) within which Rights Policy Templates occur |
The following registry values specify how often Rights Policy Templates will be downloaded by the client. Use the mode-specific value most appropriate depending on whether your AD RMS Client 2.x application runs in client or server mode. Client Mode:
Server Mode:
|
- Force AD RMS Client 2.x to download templates immediately: This can be achieved by removing the following registry key:
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\MSIPC\<Server Name> \Template
This will ensure that the next time ask for Publishing, AD RMS Client 2.x will download the new set of templates right away.
- Unmanaged Templates
If you are in a situation where you need to download the templates yourself (department-wise, user-based templates), then you can use the following documentation: https://technet.microsoft.com/en-us/library/jj159267(v=ws.10).aspx. I have attached the snippet below as well.
How can I manage template distribution for the AD RMS Client 2.x?
The AD RMS Client 2.x will automatically download templates for publishing. If you are in charge of workstations in a managed environment, you can manage distribution of templates for your AD RMS server by placing templates in the following location. In this case, the AD RMS Client 2.x will not download any templates from your AD RMS server and will instead use the templates you have placed in this directory. The AD RMS Client 2.x might continue to download templates from other available AD RMS servers.
Client Mode: %localappdata%\Microsoft\MSIPC\UnmanagedTemplates
Server Mode: %allusersprofile%\Microsoft\MSIPC\Server\UnmanagedTemplates\ <SID>
When placing templates in these locations, there is no special naming convention that must be strictly followed except that the template should be issued by the AD RMS server and it should be named using the .xml file extension type. For example, Contoso-Confidential.xml or Contoso-ReadOnly.xml would be valid names.
Note: Given all the improvements made to template distribution with AD RMS Client 2.x and Office 2013, we prefer that you allow AD RMS Client 2.x to perform its job. Applications including Office 2013 utilize the new template distribution functionality and utilize new features like automatic template cache refresh, force template behaviors and others. Therefore, continuing to utilize the older patterns of template distribution would mean that IT administrators have to continue the burden of updating user desktops every time changes get made to templates on RMS server.
I hope this blog post helped your understanding on the Template distribution topic. Please utilize the comments section to ask questions and clarify your doubts.