In Part 1 we walked through installing the RMS Connector services to light-up on-premises services for RMS.

The RMS connector supports a handful of additional scenarios and services:

  • For Exchange 2013: Client access servers and mailbox servers
  • For Exchange 2010: Client access servers and hub transport servers
  • For SharePoint: Front-end SharePoint webservers, including those hosting the Central Administration server
  • For File Classification Infrastructure: Windows Server computers that have installed File Resource Manager

This configuration requires registry settings. To do this, you have two options:

Configuration option Advantages Disadvantages
Automatically by using the server configuration tool for Microsoft RMS connector No direct editing of the registry. This is automated for you by using a script.

No need to run a Windows PowerShell cmdlet to obtain your Microsoft RMS URL.

The prerequisites are automatically checked for you (but not automatically remediated) if you run it locally.

When you run the tool, you must make a connection to a server that is already running the RMS connector.
Manually by editing the registry No connectivity to a server running the RMS connector is required. More administrative overheads that are error-prone.

You must obtain your Microsoft RMS URL, which requires you to run a Windows PowerShell command.

You must always make all the prerequisites checks yourself.

NOTE: In both cases you’ll need to manually install pre-requisites

I’d definitely recommend the automation option versus the manual option here.

First, go ahead and grab the PowerShell script you downloaded earlier, or grab it directly from here

You can either deploy the script through a local install, Configuration Manager or Group Policy.

Exchange 2010/2013

In order to configure RMS for Exchange, you’ll need to install it on the respective Exchange server roles:

  • For Exchange 2013: Client access servers and mailbox servers
  • For Exchange 2010: Client access servers and hub transport servers

You can run the following command, inserting the name of your RMS server in place below

.\GenConnectorConfig.ps1 -ConnectorUri -SetExchange2013

Now lets go ahead and enable IRM functionality in Exchange.

The first thing we’ll need to do is enable IRM

Set-IRMConfiguration -InternalLicensingEnabled $true

Let’s log into the ECP to create a transport rule.
Navigate to Mail Flow > Rules and choose Apply rights protection to messages…

It should be noted that you can really customize these transport rules to your liking, a few example scenarios may be protecting any content

  • Sent to a specific domain
  • Sent to Exchange Partner domains
  • Sent to HR or Legal from being forwarded
  • Sent to All Employees from Reply All
  • Sender is part of a specific group
  • Subject or body have specific words or text patterns
  • Message has sensitive content
  • Attachment content has specific words or text patterns

We’re going to go ahead and create rule that applies an RMS policy to block forwarding for any of the recipients of the domain

Select your RMS template

And modify the rest of the rule as needed

You’ll get prompted if you choose a date to apply before the current time

You should now see your transport rule

Now we’ll go ahead and send an e-mail to that domain

And you can see on the recipient side, we’ve received a message that has been protected with RMS.

I had to take a picture because the content is protected from Forward (grayed out), Copy, Print, Screen capture or Save. 🙂

See my follow-up blog for further Connector configuration for SharePoint & File Servers!

Leave a Reply

Your email address will not be published. Required fields are marked *