The following is tip #19 from "20 Tips on securing Outlook in 20 minutes," excerpted from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange Server 2003 © 2004, published by Microsoft Press. Return to the main page for more tips on this topic.
When you install Office, you get a version of the IRM client. The first time you try to use the IRM feature of Office, you might be prompted to download an updated version of the Windows RMS client. There are actually two separate applications that use the Windows RMS client in an IRM deployment: the Office System, and the Rights Management add-on for Internet Explorer to enable users without the Office System to view RMS-protected content. Either way, the client installation is very straightforward, so I don't cover it here: Office prompts you to download a single Windows installer (.msi) file, and it doesn't ask you to do anything except accept the end-user license agreement.
Once you've installed the client, the first time you try to use an IRM feature, you'll be prompted to establish a set of credentials. This process is fairly simple; the Service Sign-Up Wizard leads you through each step. The process begins with a page that explains that the trial service requires a Microsoft Passport account, that Microsoft won't access your data unless a court forces them to, and that the service might be discontinued but that you'll get a warning first. Next, you'll be asked whether you have a Passport (in which case you'll need to sign in) or not (in which case you'll have to create one).
After signing in, the next question you'll be asked is whether you want a standard or temporary certificate. The Rights Management Account Certificate (RAC) is basically a PKI-based certificate issued by the Microsoft CAs that can only be used for RMS functions. If you just want to test IRM, the temporary certificate will do fine; when these certificates expire, just go through this same wizard again to get a new one. If you want a longer lived certificate, choose the Standard option instead.
After you've completed the wizard, your RAC will be downloaded and installed locally, although you won't see it in the Certificate snap-in. At that point, you're ready to start using the IRM mechanism of Outlook.
Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main page.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server and a frequent speaker and presenter at IT industry conferences. He's written software for everyone from the U.S. National Security Agency to scientists flying their experiments aboard the Space Shuttle, fixed helicopters in the desert and spent way too much time playing video games.