When you create a new rights policy template, the Create Distributed Rights Policy Template or Create Archived Rights Policy Template wizard , steps you through the different elements of the template depending on the desired type of rights policy template. These elements can be modified later by selecting the template and opening its properties sheet. A distributed rights policy template allows users to publish and consume rights-protected content, and an archived rights policy template only allows consumption once the rights policy template has been removed from the client computer. The properties included in these two rights policy templates are the same and are configured in the following procedure.

Membership in the local AD RMS Template Administrators, or equivalent, is the minimum required to complete this procedure.

To create a rights policy template
  1. Open the Active Directory Rights Management Services console and expand the Active Directory Rights Management Services (AD RMS) cluster.

  2. In the console tree, click Rights Policy Templates.

  3. In the Actions pane, click Create Distributed Rights Policy Template. The Create Distributed Rights Policy Template wizard appears.

  4. On the Add Template identification Information page, click Add.

  5. Specify a language, name, description, and for the template, and then click Add.

  6. Click Next.

  7. On the Add User Rights page do the following:

    1. Click Add. In the Add User or Group dialog box, click Browse to browse to a user or group in your Active Directory Domain Services directory or type the valid e-mail address of a user or group to add, and then click OK. Repeat to add additional users or groups as necessary.

      To specify that any user can acquire a use license for the protected content, select the Anyone option, which is a special group that is recognized by AD RMS.

    2. Under Users and rights, select a user or group to which to assign rights. Select the check box of each right to grant to the selected user or group.

      Select another user or group and repeat the process to grant rights to the remaining users and groups. If your AD RMS-enabled application has custom usage rights, you can assign those rights to users and groups by clicking Create Custom Right. In the Create Custom Right dialog box type the name of the right defined by your application. A check box will then be available for that right in your template.

    3. In the Rights request URL box, type the URL from which users can request additional rights to rights-protected content.

    4. Click Next.

  8. On the Specify Expiration Policy page:

    1. In Content expiration, select one of the three expiration options:

      • Select Never expires to prevent the content from expiring.

      • Select Expires on the following date (UTC) and then select the date and time on which you want the content to expire. The time is expressed in Coordinated Universal Time (UCT), also known as Greenwich Mean Time.

      • Select Expires after the following duration (days) and then select the number of days you want the content to remain valid.

    2. If appropriate, in Use license expiration, select Expires after the following duration (days) and then select the number of days you want the license to remain valid.

    Click Next.

  9. On the Specify Extended Policy page:

    1. Click Enable users to view protected content using a browser add-on if you want the user who does not have an AD RMS-enabled application installed to view rights-protected content.

    2. Click Request a new use license every time content is consumed (disable client-side caching) if you want the user to re-authenticate with AD RMS each time the rights-protected content is consumed.

    3. Click If you would like to specify additional information for your AD RMS-enabled applications, you can specify them here as name-value pairs if you want to add application-specific data as custom name value pairs in addition to the XrML rights supported by AD RMS. An application developer can add to an AD RMS-enabled application to limit interaction with the protected content. Application-specific data is enforced at the AD RMS-enabled application level and applies to all users who use the application.

    Click Next.

  10. To implement revocation, in the Specify Revocation Policy page, select the Require revocation check box, and then take the following steps:

    1. In Location where the revocation list is published (URL or UNC), type the URL where the revocation list file is posted. If you need to support disconnected users or external users, this URL should be accessible from both the internal organization's network and the Internet.

    2. In Refresh interval for revocation list (days), type the number of days that the revocation list remains valid. If a user has a copy of the revocation list that is older than this value, the user must obtain an updated revocation list to consume the content.

    3. In File containing public key corresponding to the signed revocation list, type the path and file name, or click Browse to locate the public key file for the revocation list.

    Caution

    Be careful when implementing revocation. Based on the refresh interval that you specify, you must renew a revocation list periodically or it will automatically expire, preventing users from consuming content that requires that list. To ensure that you do not inadvertently prevent users from consuming content, carefully evaluate the interval you require for refreshing the revocation list.

  11. Click Finish.

You can also create copies of rights policy templates. This can be useful if you have a template that you want to use as the basis for other templates with only minor modifications.

To copy a rights policy template
  1. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

  2. In the console tree, click Rights Policy Templates.

  3. In the results pane, select the rights policy template to be copied.

  4. Click Copy in the Actions pane. A new rights policy template will appear in the results pane.

Additional considerations

Additional reference