Condividi tramite


E_ACCESSDENIED Error in RMS v1

When the RMS v1 SP2 client is installed the following folder is automatically created on the machine: %allusersprofile%\AppData\Microsoft\DRM\Server.  This folder is created to allow non-admin users, such as Network Service, to create the <sid> folder and licenses in the folder.    This information only pertains to organizations running RMS v1, it is not applicable AD RMS.

If receive reports of RMS applications failing machine activation with the error message E_ACCESSDENIED, make sure that the folder exists on the machines and that it has the appropriate ACLs assigned to it.  The appropriate ACLs, and a key, are listed below. 

Windows 7 and Windows Vista:                                                                                                                              

C:\ProgramData\Application Data\Microsoft\DRM\Server>icacls

  NT AUTHORITY\SYSTEM:(OI)(CI)(F)

  BUILTIN\Administrators:(OI)(CI)(F)

  Everyone:(OI)(CI)(R,AD)

C:\ProgramData\Application Data\Microsoft\DRM\Server>cacls .

C:\ProgramData\Application Data\Microsoft\DRM\Server

  NT AUTHORITY\SYSTEM:(OI)(CI)F

   BUILTIN\Administrators:(OI)(CI)F

   Everyone:(OI)(CI)(special access:)

        READ_CONTROL

        SYNCHRONIZE

        FILE_GENERIC_READ

        FILE_READ_DATA

        FILE_APPEND_DATA

        FILE_READ_EA

        FILE_READ_ATTRIBUTES

Windows XP

C:\Documents and Settings\All Users\Application Data\Microsoft\DRM\Server>icacls

  Everyone:(OI)(CI)(AD,RA)

  BUILTIN\Administrators:(I)(OI)(CI)(F)

  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)

C:\Documents and Settings\All Users\Application Data\Microsoft\DRM\Server>cacls .

C:\Documents and Settings\All Users\Application Data\Microsoft\DRM\Server

  Everyone:(OI)(CI)(special access:)

        FILE_APPEND_DATA

        FILE_READ_ATTRIBUTES

  BUILTIN\Administrators:(OI)(CI)F

  NT AUTHORITY\SYSTEM:(OI)(CI)F

Key:

OI: Object Inherit

CI: Container Inherit

F: Full Access

R: Read-only access

AD: Append data/add subdirectory

RA: Read attributes