locked
ADRMS templates publishing for non administrative domain users RRS feed

  • Question

  • I have successfully implemented ADRMS in our domain. We are having few issues while publishing template for non administrative domain users. I want to make sure that our requirement is feasible for these products.
    We are using Windows 7 64bit Enterprise edition as client machines and UAC (user access control) is enable from group policy.
    created a script for following tasks:

    1) AD RMS Rights Policy Template Management (Automated) (enable ADRMS client).
    2) Creating Templates folder (C:\Users\domainUser\AppData\Local\Microsoft\DRM) inside each user profile .
    3) Registry entry for each system on in following location. HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM
    Problem : I am able achieve this using my script through group policy but it does not work for non administrative users.

    I can’t give admin rights to all users.
    I don’t want to disable UAC permanently due to security reason.
    Is there any solution for my problem? Any help will be highly appreciated.

     Following is my script. Please let me know if can run this script from admin right or any other alternative to solve my problem.

    Script for disable UAC
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

    Script for enabling”Active Directory Rights Management Services Client”
    schtasks /Change /TN "\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" /ENABLE
    Script for creating DRM and Templates folder:
    IF EXIST "%UserProfile%\AppData\Local\Microsoft\DRM" goto existDRM
    cd\
    cd %UserProfile%\AppData\Local\Microsoft
    md DRM
    :existDRM
    IF EXIST "%UserProfile%\AppData\Local\Microsoft\DRM\Templates" goto ExistTL
    cd\
    cd %UserProfile%\AppData\Local\Microsoft\DRM
    md Templates
    :ExistTL

    Script for registry entry:
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM" /f
    REG ADD "HKCU\Software\Microsoft\Office\12.0\Common\DRM" /v "AdminTemplatePath"  /t REG_EXPAND_SZ /d "%UserProfile%\AppData\Local\Microsoft\DRM\Templates" /f

     Script for enabling UAC
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

     Any help will be highly appreciated

     

    Tuesday, February 8, 2011 7:05 AM

Answers