RMS - Testing RMS without modifying the AD
RMS uses the concept of a SCP (Service Connection Point), to allow users to automatically locate the RMS certification server. This gets put into the configuration container in your environment, and if you open AD Sites and Services>Click View>Click Show Services Node. Expand the Services node, and if RMS is registered you should see the SCP for it listed as RightsManagementServices.
Alot of companies want to test RMS, but do not want to make modifications to their AD for many reasons. Maybe you only have a few users you want to actually use the service. Maybe there is so much red tape to get a modification made to the AD, that its just not worth it.
So how do you get your clients to see the RMS server, without being able to query the AD for the location?
You need to set the following keys on the client.
Either these keys just for Office 2007* applications:
Location:HKLM\Software\Microsoft\Office\12.0\Common\DRM
String:CorpLicenseServer
Value:< https://url.to.rms/_wmcs/Licensing>
Location:HKLM\Software\Microsoft\Office\12.0\Common\DRM
String:CorpCertificationServer
Value:<https://url.to.rms/_wmcs/Certification>
*NOTE* change the 12.0 to an 11.0 of you are using Office 2003 **
or these keys for global RMS supremacy on the machine:
Location:HKLM\Software\Microsoft\MSDRM\ServiceLocation\Activation
Reg_Sz: default
Value:<https://url.to.rms/_wmcs/Certification>
Location:HKLM\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing
Reg_Sz: default
Value:<https://url.to.rms/_wmcs/Licensing>
The CorpLicenseServer string and EnterprisePublishing key can actually be used even if you do have an SCP registered, if you want your clients to use a different licensing server.
Once you drop into production, you can take these keys off the test users machines (well assuming you aren't using a seperate licensing cluster), and register the SCP...or leave them on, and don't register the SCP.
-Jason
Comments
Anonymous
January 01, 2003
True Dat!!Anonymous
January 01, 2003
Note that if you’re using a 32-bit application on a machine with a 64-bit OS, you’ll be operating in the WOW64 mode and in that case the registry location will be: HKLM/Software/wow6432node/Microsoft/MSDRM/ServiceLocation/Activation @=http(s)://url.to.rms/_wmcs/certification HKLM/Software/wow6432node/Microsoft/MSDRM/ServiceLocation/EnterprisePublishing @=http(s)://url.to.rms/_wmcs/licensingAnonymous
June 18, 2010
What if the server is also a domain controller? There is no entry for MSDRM in that case!!!! My email: croldan@gigatrust.es CarlosAnonymous
May 13, 2014
Pingback from AD RMS: Client machine activation | Technical Blog