You can specify the version of an AD RMS-enabled application that all licensing requests are checked against. Application exclusion stamps every use license with a condition that the license can bind only to the rights-protected content for which it is issued if the application that is requesting the license is not on the excluded list.

This can be useful, for example, when an enterprise deploys an update for an AD RMS-enabled application. System administrators can use their usual mechanism to cause client computers to install the update. They can then set application exclusion policies that are defined by using the version information of the application. This exclusion policy restricts AD RMS from issuing licenses to clients that are running previous versions of the software.

As with other types of exclusion, you must configure application exclusion on each cluster for which you want it to take effect.

When you apply this exclusion policy on your cluster, clients cannot use the excluded application to request and bind new use licenses to rights-protected content. However, clients can continue to use the excluded application to consume previously licensed files.

Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.

To exclude applications
  1. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

  2. In the console tree, expand Exclusion Policies, and then click Applications.

  3. In the Actions pane, click Enable Application Exclusion.

  4. In the Actions pane, click Exclude Application. The Exclude Application wizard appears.

  5. In Application file name, type the file name and file name extension (such as example.exe) of the application or component to be excluded.

  6. In Minimum version, type the minimum version number (in the format x.x.x.x) of the application that is not allowed to decrypt rights-protected content.

  7. In Maximum version, type the maximum version (in the format x.x.x.x) of the application that is not allowed to decrypt rights-protected content.

  8. Click Finish.

    Note

    AD RMS requires the application version to be specified in a 4-digit period-delimited format (#.#.#.# ). However, some applications specify their application version with 2-digit or 3-digit period-delimited numbers. In this case, you should append a .0 as appropriate to make the version number match the format required by AD RMS.

To stop excluding applications
  1. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

  2. In the console tree, expand Exclusion Policies, and then click Applications.

  3. Do one of the following:

    • To disable all application exclusions, in the Actions pane, click Disable Application Exclusion.

    • To disable a specific application exclusion, in the results pane, select the excluded application.

  4. In the Actions pane, click Delete, and then click Yes to confirm the removal.

Additional considerations

Additional reference