Active Directory Rights Management Services (AD RMS) provides services to enable the creation of information protection solutions. It allows organization to protect sensitive documents and control its consumption through publishing licenses and user rights.
Using AD RMS-enabled applications, such as Office 2003 and Office 2007 a document owner can apply rights to a document file to be consumed by an intended consumer. RMS as a Microsoft feature, is tightly intergrated with MS Office suite of applications.
I would like to share a deployment scenario with RMS which was currently used to apply document permissions to Word, Excel and PowerPoint documents. This organization was not using Outlook as their main mail client since they do not have Exchange in their environment. The way that RMS works is that when someone attempts to publish or consume a rights-protected document, AD RMS identifies the consumer through the Simple Mail Transfer Protocol (SMTP) e-mail address assigned to the consumer's Active Directory logon account. In an organization that uses Exchange, the RMS enabled application uses Outlook to validate email addresses entered in that dialog. This causes an instance of Outlook to be started when restricting permissions. However, if an organization does not use Exchange and uses another mail client but at the same time the users use Outlook probably for their personal POP3 accounts in example, this could present a nuissance. The default behavior is that the RMS enabled application such as Word will launch an instance of the Outlook address book to query users which on this environment would be empty since there is no Exchange in the environment. (see below)
Ok enough for all that background, there is a registry key that can be used to control this behavior. The following registry key is stated below.
DoNotUseOutlookByDefault
Location:HKCU\Software\Microsoft\Office\12.0\Common\DRMDWORD:DoNotUseOutlookByDefault
Value:
0 = Outlook is used
1 = Outlook is not used
Description:The permissions dialog uses Outlook to validate email addresses entered in that dialog. This causes an instance of Outlook to be started when restricting permissions.
Users can disable this option using this key
Exists in Office 11:Yes
Exists in Office 12:Yes
Can Be Set by GPO in Office 11:No
Can Be Set by GPO in Office 12:No
After setting this, you will be provided with the default lookup method of browsing through your AD similar to a window when adding Local Users and Groups in Computer Management. One more note to add, make sure your Office 2003 has the latest service pack or this fix would not work. Check out this kb article. http://support.microsoft.com/kb/892542
Posts
No comments:
Post a Comment