Rights Management Service (RMS) – IRM implementation for Exchange 2010 SP2 OWA


RMS implementation is well described in several blogs. I have been requested to implement RMS on user basis. This means to override global / CAS / Virtual directory based settings of IRM and set IRM through OWAMailboxPolicy parameter (Get-CASMailbox ‘ Set-CASMailbox)

  • IRM has been enabled globally:

Set-IRMConfiguration –InternalLicensingEnabled $true

RMS-global

RMS-global

  • IRM has been enabled on CAS servers

Set-IRMConfiguration –ClientAccessServerEnabled $true

  • IRM has been enabled on particular virtual directory (needs iisreset /noforce)

Get-OwaVirtualDirectory -identity *10*owa* | Set-OwaVirtualDirectory -IRMEnabled $true

At this point the only thing which matters is OWA mailbox policy to prevent / allow use of IRM in OWA

  •  Created Two OWA mailbox policies:

New-OWAMailboxPolicy -Name IRM_Disabled

Set-OwaMailboxPolicy IRM_Disabled -IRMEnabled $false

New-OWAMailboxPolicy -Name IRM_Enabled

There is no need to set IRMEnabled to $true since this is default.

  •  Assign policies to mailboxes:

Set-CasMailbox <alias> -OWAMailboxPolicy IRM_Disabled

RMS-disabled

RMS-disabled

Or

Set-CasMailbox <alias> -OWAMailboxPolicy IRM_Enabled

RMS-Enabled

RMS-Enabled

Note: Even though in both ways it seems that IRM is enabled, In case of disabled IRM, there are visible only default RMS Templates and even though you select one of these templates, it will take no action an mail will be sent unrestricted.

  • Also user has to log off from OWA to apply IRM setup changes.
  • For global IRM configuration there is need for IISreset.
Advertisements

One thought on “Rights Management Service (RMS) – IRM implementation for Exchange 2010 SP2 OWA

  1. Pingback: Rights Management Service (RMS) – IRM implementation for Exchange 2010 SP2 ActiveSync « exkb

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s