Configuring Windows Rights Management Services with SharePoint
Windows 2003 Rights Management Services is a technology that allows you to apply usage policies that are permanently attached to content such as Office documents. For example, instead of restricting permissions on a folder on a network share, a usage policy may be applied to a Word document so that only certain people can open the document. The usage policy may also dictate that readers not be able to print the document, or copy its contents to the clipboard. The policy is attached to the document (or email) regardless of its physical location, e.g. a network share or a SharePoint document library.
We recently deployed WRMS at Clarity and realized that it can integrate nicely into SharePoint; allowing you to apply usage policies at the document library level. Microsoft provides an excellent
guide for configuring WRMS to integrate with SharePoint.
Our SharePoint and WRMS deployments at Clarity are on the same server, so that simplified things a lot. However, this is usually not the case, so it is important to point out that for the integration to work, the Windows Rights Management Client w/ SP2 needs to be installed on all SharePoint web front ends.
WRMS creates a Service Connection Point on the domain, so that all rights management enabled applications can automatically discover the WRMS instance to authenticate against. In the Central Administration site, there is a section that allows you to configure your portal to use WRMS. You can specify that SharePoint use the default WRMS instance on the domain to implement Information Rights Management features.
However, after selecting this option we got the following error:
The required Windows Rights Management client is present but could not be configured properly. IRM will not work until the client is configured properly.
It turns out that to configure the rights management client "properly", you have to trigger it by opening a document that has been restricted by WRMS. The only way we could accomplish this was by installing Word 2007 on the web front end server and opening a Word document which we had restricted using WRMS.
After that, we were able to configure Information Rights Management in the SharePoint Central Administration site. The solution is very frustrating in my opinion because you would never install Office programs like Word on a SharePoint server.
I'm going to uninstall Word 2007 from the server this week and see if the integration between WRMS and SharePoint still works. My hunch that it will because it looks like the WRMS client just needed to run that one time. I'll post my findings here in an update.