To edit an existing rights policy template, use the following procedure.
Membership in the local AD RMS Template Administrators, or equivalent, is the minimum required to complete this procedure.
To edit a rights policy template |
-
Open the Active Directory Rights Management Services console and expand the Active Directory Rights Management Services (AD RMS) cluster.
-
In the console tree, click Rights Policy Templates.
-
If you are editing a distributed rights policy template, click Manage Distributed Rights Policy Templates in the Actions pane. If you are editing an archived rights policy template, click Managed Archived Rights Policy Templates in the Actions pane.
-
In the results pane, click the name of the template to edit.
-
In the Actions pane, click Properties of the rights policy template.
-
On the Identification Information tab, modify the information in the Template name, and Template description areas as appropriate. You can add additional languages to Template language as necessary.
-
On the User Rights tab, do one or more of the following:
- To add a user or group, in Users and
rights, click Add, type the valid e-mail address of a
specific user or group to select Anyone to allow all users
to view content, and then click OK.
- Select the name in Users and rights.
In the Rights for area, select all rights to be granted to
the selected user or group.
- To modify the rights of an existing user or
group, select the name in Users and rights, and then select
or clear the rights check boxes, as appropriate.
- To remove a user or group, select the name in
Users and rights, and then click Remove.
- To add a custom right, click Create Custom
Right and then type the name of the right supported by your
rights-enabled application.
- To change the URL that users can request
additional rights through in Rights request URL, type the
new URL.
- To add a user or group, in Users and
rights, click Add, type the valid e-mail address of a
specific user or group to select Anyone to allow all users
to view content, and then click OK.
-
On the Expiration Policy tab, edit the information to change when content licenses expire and when they must be renewed, as appropriate.
- Click Never Expires to set no
expiration date on content that is protected with this rights
policy template.
- Click Expires on the following date
(UTC) to set a specific date and time when the content
protected with this rights policy template expires. The date and
time are expressed in Coordinated Universal Time (UTC), also known
as Greenwich Mean Time.
- Click Expires after the following
duration to set the content to expire after a set amount of
days.
- Under Use license expiration, set
Expires after the following duration to force the user to
request a new use license for all content protected by using this
rights policy template.
- Click Never Expires to set no
expiration date on content that is protected with this rights
policy template.
-
On the Extended Policy tab, edit the information to change how content licenses are to be implemented, including the persistence of author rights, whether trusted browsers are supported, license persistence within the content, and enforcement of any application-specific data, as appropriate.
- Select Enable users to view protected
content using a browser add-on if you want content protected by
this rights policy template to be accessible by means of a Web
browser, such as Internet Explorer with the Rights Management
add-on.
- Select Require a new use license every
time content is consumed if you want users to request a new use
license whenever the content protected with this rights policy
template is opened. The AD RMS client must be able to connect
to the AD RMS cluster each time that this content is consumed.
This is not ideal for offline publishing.
- To add additional name/value pairs created
with AD RMS-enabled applications, select the If you would
like to specify additional information for your AD RMS-enabled
application box.
- Select Enable users to view protected
content using a browser add-on if you want content protected by
this rights policy template to be accessible by means of a Web
browser, such as Internet Explorer with the Rights Management
add-on.
-
On the Revocation policy tab, select whether a revocation list is to be required for content that is created by using this template. If you select Require revocation, complete the following settings, as appropriate:
- In Location where the revocation list is
published, type the URL where the revocation list file is
posted. If you need to support disconnected users or external
users, this URL should be accessible from both the corporate
network and the Internet.
- In Refresh interval for Revocation
list, type the number of days that the revocation list remains
valid. If a user has a copy of the revocation list that is older
than this value, the user must obtain an updated revocation list to
consume the content.
- In File containing public key
corresponding to the signed revocation list, type the path and
file name of the public key file for the revocation list.
Caution Be careful when implementing revocation. Based on the refresh interval that you specify, you must renew a revocation list periodically or it will automatically expire, preventing users from consuming content that requires that list. To ensure that you do not inadvertently prevent users from consuming content, carefully evaluate the interval you require for refreshing the revocation list.
- In Location where the revocation list is
published, type the URL where the revocation list file is
posted. If you need to support disconnected users or external
users, this URL should be accessible from both the corporate
network and the Internet.
-
Click OK.
Once a rights policy template is edited on the cluster, the local copies of the template on the client computers must be updated as well.
Additional considerations
- You can also perform the task described in
this procedure by using Windows PowerShell. For more information
about Windows PowerShell for AD RMS, see http://go.microsoft.com/fwlink/?LinkId=136806.