Archive for November, 2009

SharePoint 2007 integration with Rights Management Services (RMS)

After integrating with RMS, SharePoint 2007 will translate its access level to corresponding permission of RMS.

SharePoint Permission Rights
Full Control / Design Full control of the documents, as defined by the client application. This generally permits the user to read, edit, copy, save, and modify permissions of the document.
Contributor Edit, copy, and save permissions. The user can only print the document if the document library IRM settings have been configured to allow document printing.
Read Read permissions. The user can read the document, but not copy or edit its content. The user can only print the document if the document library IRM settings have been configured to allow document printing.

In order to integrate Rights Management Server with SharePoint 2007, first step is to check whether SharePoint 2007 is running on Windows Server 2003 OS or Windows Server 2008 OS. If you are using Windows Server 2008, then, you are luckyJ.

For Window Server 2003 you need to install “Microsoft Windows Rights Management Services Client” on your SharePoint 2007 server machine. For Windows 2008, it comes by default with the name “Active Directory Rights Management Services”. In order to verify, Central Administration -> Operation -> Information Rights Management (under Security Configuration). For Windows Server 2003, this link will appear after you install “”Microsoft Windows Rights Management Services Client”.

Below is the URL where you can find Step-By-Step Guide:

For Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyID=7bab2321-71e6-4cf2-8bcd-0880e0d1cda3&DisplayLang=en

For Windows Server 2008: http://www.microsoft.com/downloads/details.aspx?FamilyID=A0EA7CD0-7DE7-43A5-B1F9-B4CC679CECB3&displaylang=en&displaylang=en

If you already have AD RMS server and SharePoint 2007 server installed on Windows Server 2008, following two steps will complete configuration:

On AD RMS server:

  1. Log on to ADRMS-SRV as domain\Administrator.
  2. Click Start, and then click Computer.
  3. Navigate to C:\Inetpub\wwwroot\_wmcs\Certification.
  4. Right-click ServerCertification.asmx, click Properties, and then click the Security tab.
  5. Click Advanced, click Edit, select the Include inheritable permissions from this object’s parent check box, and then click OK two times.
  6. Click Edit, and then click Add.
  7. Click Object Types, select the Computers check box, and then click OK.
  8. Type [SharePoint 2007 Server Name], and then click OK.
  9. Click OK to close the ServerCertification.asmx Properties sheet.
  10. Click Start, and then click Command Prompt.
  11. Type iisreset, and then press ENTER.

On SharePoint 2007 Server:

  1. Log on to SharePoint 2007 Server as domain\administrator.
  2. Click Start, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.
  3. Click Operations, and then click Information Rights Management (under Security Configuration).
  4. Select the Use the default RMS server specified in Active Directory option, and then click OK.

To Verify:

  1. Type http://ServerURL in the address bar, and then click Go.
  2. Go to any document Library, click Settings, and then click Document Library Settings.
  3. Under the Permissions and Management heading, click Information Rights Management.
  4. Select the Restrict permission to documents in this library on download check box.
  5. Type Protected in the Permissions policy title box.
  6. Type Restricted employees from printing in the Permission policy description box.
  7. Click OK.
  8. Access document with different access levels.

Sources:

http://msdn.microsoft.com/en-us/library/ms458245.aspx

http://blogs.technet.com/rmssupp/archive/2007/01/18/moss-2007-and-rms-baptism-by-fire-my-pain-is-your-gain.aspx

P.S. This post is dedicated to Kenneth Bae. Great friend. We were not able to accomplish without his support and help. Thanks Ken J.

Advertisements

Leave a Comment