Q. How can external users in a Windows Rights Management Services (RMS) environment create new rights-protected content?

A. An RMS implementation has two interfaces, an internal URL and an external URL. The internal URL is published in Active Directory (AD), so that internal users can find it when they want to create new content. Using the internal URL, users can request a client licensor certificate (CLC), so that they can publish protected content offline—that is, without having to access the RMS server.

Essentially, the external and internal URLs offer the same functionality. The only difference is that external users have to find the external URL to protect new content. To enable external users to locate an organization’s external RMS URL, you’ll need to set a registry key for external users who have never consumed content on the RMS client on which they want to create the content.

If you’re on your corporate network, your domain-joined machine will look up the serviceConnectionPoint object in AD and from this object obtain the URL of the certification server. If the serviceConnectionPoint isn’t published (i.e., you aren’t on your corporate network or VPN’ed in), or if you have a standalone machine, you need to specify the URL of your certification server so that you can create protected content outside of your organization’s network.

So how can you find the certification server’s URL? Two registry overrides are available for doing so; one of these is specific to Microsoft Office, and I recommend against using it. The other registry key, EnterprisePublishing, works with RMS in all Windows applications that support RMS. This setting points to the licensing cluster, where your machine can obtain the certification cluster URL. To find the EnterprisePublishing key, in the registry editor (Regedit) navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM\ServiceLocation\. For more information about using this and other RMS registry overrides, see http://technet.microsoft.com/en-us/library/cc747614.aspx.

 Thanks to John Howie for providing the information for this FAQ.

 Windows RMS Articles on Windowsitpro.com:
Q: I've deployed Windows Rights Management Service (RMS) in my organization, but users aren't receiving the templates I'm pushing.

Q. What are the options to allow non-organizational users access to content protected by Windows Rights Management Services (RMS)?

Q. What license do I need for external users to consume Windows Rights Management Services (RMS)-protected content?

Safeguard Sensitive Content with Information Rights Management

Windows Rights Management Services

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.