DonatShell
Server IP : 180.180.241.3  /  Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Windows/Help/Windows/en-US/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /Windows/Help/Windows/en-US/rms_help.h1s
MZ@PEL!@0W@.rsrc@@.its @@0	HX||4VS_VERSION_INFOStringFileInfo040904b0b!FileVersion1.00.00                         l"FileDescriptionCompiled Microsoft Help 2.0 TitleBFileStampC420CE4301CA041F4JCompilerVersion2.5.71210.08579VCompileDate2009-07-14T01:09:41      >TopicCount255000000000000ALegalCopyright 2005 Microsoft Corporation. All rights reserved.CCCCCCCCCCCCCDVarFileInfo$Translation	tiC |2ITOLITLS(X쌡^
V` ` x CAOLPHHC ITSF c:0#	
-Y쌡^
VY쌡^
VIFCMAOLL&&IFCM AOLL//$FXFtiAttribute//$FXFtiAttribute/BTREE/$FXFtiAttribute/DATA/$FXFtiAttribute/PROPERTY-N/$FXFtiMain//$FXFtiMain/BTREE-/$FXFtiMain/DATAE/$FXFtiMain/PROPERTYGN/$Index/$ATTRNAME;,/$Index/$PROPBAG/$Index/$STRINGSN/$Index/$SYSTEM
/$Index/$TOC//$Index/$TOC/$rms_help"/$Index/$TOPICATTR{@/$Index/$TOPICS/$Index/$URLSTRY@/$Index/$URLTBLx/$Index/$VTAIDXg/$Index/AssetId//$Index/AssetId/$BL0s/$Index/AssetId/$LEAF_COUNTSs/$Index/AssetId/$LEAVES	/$OBJINST"/assets/0/assets/01719c3d-d9f3-4f00-a64e-227b66e13ed6.xmlt0/assets/02d8d05b-003e-451e-aa07-f5b47f23f589.xmlzr0/assets/05c98626-7880-44e7-821f-753bd88526ca.xmll0/assets/07567fd0-68bf-4f59-9916-b8cafacaf04e.xml0/assets/07780424-56b3-4032-932a-36aa3c6b8cbc.xmlG0/assets/10fd534d-18d4-46a9-9647-e50d4f95b464.xmlf0/assets/12db6560-7522-42e4-a98f-8f867c953635.xmll0/assets/1377e645-ba16-4b00-aba3-3682bc276998.xmlmw0/assets/154f79e2-7107-4138-b87b-2622ed879366.xmldR0/assets/1bc393b9-5ce9-4950-acae-63a463ccfc36.xml6]0/assets/1f1d0032-1e8c-4e5a-b438-cfa01fe82228.xml}0/assets/24ae01a6-a2c2-4f29-b16b-528565a83644.xml@0/assets/2a37646d-7011-40dd-a503-7cfdab162764.xmlP0/assets/2e08964c-fd34-4746-938b-672315aacf48.xmlP0/assets/2eecbdb1-9e09-4a46-bf34-3a2978313461.xmlR0/assets/3230bca4-51cb-418f-86ba-bb6539385418.xmlT50/assets/390c4d53-2a07-4207-af9a-401f916a9328.xml	B0/assets/3a612201-7302-419b-86b2-3bde6d448d4e.xmlKv0/assets/3a6165d2-252b-4407-b62b-75373f274b98.xmlAw0/assets/3dea486b-7d3d-4ac7-89d7-da012951f312.xml8/0/assets/3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d.xmlgD0/assets/3f1d6d09-4e85-4ad9-83ff-a8720b5441d6.xml+-0/assets/40786655-0f0a-4c11-9b21-131171917a93.xmlX0/assets/454ebdbb-6048-4fc3-a011-3fbed9d3d0e2.xml_0/assets/47c051ea-c776-4a56-ad5c-ec61ed139a17.xmlrn0/assets/4ceca4d5-3df2-4d36-ac68-461b7a34c716.xml`q0/assets/4f757264-290e-4661-ba07-83912325efbd.xmlQ)0/assets/50714cdb-7e30-4844-a2f0-55ef651eef7a.xmlz0/assets/5141e060-08ac-4874-98bc-c493658c4c8f.xmly0/assets/53f02768-c99c-4188-b2c2-6ccd3c7c6889.xmlO0/assets/55a69f4b-da6d-40b5-8673-17fa2fce6e7a.xmld0/assets/55a8adca-ccd6-41c8-a5e2-9a95926623da.xmlf#0/assets/568c8990-6120-4c3c-80d8-e7c37a784b94.xml	S0/assets/58dedefe-49d0-4b2e-b673-bfaa513fc70e.xml\C0/assets/59b8176f-ec11-494a-aa10-cb0e71b58ee9.xml0/assets/59c802d0-3982-432c-b06f-3e148dca0166.xml+0/assets/59ebced7-b364-4dcb-bf96-7a0fade8629c.xml6G0/assets/5c2b2b25-76b4-4ada-9d7b-4ef7a713b686.xml}0/assets/5c3e4dfa-acf1-4497-b57e-327e5be2b2b4.xml~j0/assets/5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b.xmlh'0/assets/5e480c64-e052-4408-bd1c-716df14b2355.xml70/assets/5eb527a9-34d8-464f-9735-e7dcd2613ffc.xmlF 0/assets/6072f26a-2e7a-4926-bf67-f6915cccfa9e.xmlf0/assets/6257f49a-bf8d-4d90-ad04-0918d400068d.xmlj0/assets/636a447d-35f0-4e6f-a8b2-0a1bf279d1de.xml50/assets/67d89efe-28f6-422e-b0e3-e85da40a04f0.xml;'0/assets/6ba05e2b-1b49-45c4-9138-6fd9d93ec142.xmlb|0/assets/71209d16-9e76-4bcf-8276-5e60ed8a4cef.xml^
0/assets/71ae6d8f-1b18-402d-bc08-aeef8d097a8e.xmlh
0/assets/73829489-45f1-415b-90ab-061a263d1ef6.xmlr=0/assets/74272acc-0f2d-4dc2-876f-15b156a0b4e0.xml/0/assets/74358772-bba0-4390-b83e-0e6aab08619c.xmlF$0/assets/74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea.xmlj/0/assets/786d0acf-6dab-417d-ae39-91450083ddfa.xmlZ0/assets/789533a5-50c5-435d-b06a-37db0ab5666e.xmlsj0/assets/7a14d648-8c0c-4579-a60d-7cf15d2137a5.xml]a0/assets/7cbdc6af-bd44-44ee-ae26-0d71318c9796.xml>0/assets/8028ae92-8397-4da3-b4be-5f04ec2532b5.xmlRy0/assets/8144f0e6-4968-4d3f-8af9-df23213786bf.xmlK^0/assets/838c46d3-e87a-445f-9ed5-9ba515f7ead2.xml)o0/assets/878e9550-5966-40f3-862c-7ea309ddb0ed.xmly0/assets/8dba2e7f-700d-41b1-88a4-7489a6999e7b.xml0/assets/8dbdc471-ca9f-4c31-9c36-5e5689b3f282.xml0/assets/8e9c43b0-a215-467a-877f-9b75419dd817.xml%|0/assets/8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8.xml!w0/assets/8fb70322-3964-4493-99c0-fbfea30d66b6.xml50/assets/90411fff-1651-43df-8b41-ea16b62da222.xmlM$0/assets/9060ef8e-8367-4d23-abaf-6bfeec7fced7.xmlq
0/assets/9145546f-a8ef-45b3-ab98-3e2c8bc1ef33.xml{`0/assets/9210fa30-ce12-468a-9f16-506868e2aa4b.xml[C0/assets/930d4692-3345-423c-99ac-63d21b12d94d.xmll0/assets/930fc9f6-bfd1-4ceb-8eec-7c40c29a4339.xml
0/assets/965c27f8-52cf-442f-9f95-dfbd7782fe8e.xmlb0/assets/973f6f34-e1e6-455d-b041-06f0970c6dcb.xml~0/assets/97764943-7cfc-423f-aec4-864e2dfdb630.xml0/assets/97c4a2bc-3885-4523-8b67-16e748d4dce8.xmlp0/assets/9905aecd-a764-4c29-a49e-0a53fbff85c3.xml$0/assets/9a944ab7-f0d9-4224-97c6-b2543f537827.xml,t0/assets/9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784.xml 0/assets/9fa2a030-7051-474d-bd71-da6482f9eb10.xml6(0/assets/a171a2ed-a357-4d88-ad4e-e447961bc632.xml^`0/assets/a21692e9-ce39-4fbb-90a3-11d676d5633e.xml>Q0/assets/a42680fa-2855-40d9-8e2c-74f72793ca24.xmlc0/assets/a7b8252b-454a-42d6-bed7-46e4459eafb4.xmlr;0/assets/a7cca614-3146-437e-be39-0f8b8952b491.xml-h0/assets/a8134792-3c67-4582-bf61-fe6d2e09ac84.xmlh0/assets/a928c435-77a8-49fe-b08e-bfdc6bcc1fa7.xml} 0/assets/a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4.xml0/assets/aa344ab6-67e5-4fd4-af95-153e7e0b2546.xml-0/assets/aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f.xmlIb0/assets/ac2ec246-dd17-4c72-bf55-8a0c13efac4f.xml+60/assets/ae03d1a8-dd14-4750-ae4e-679dad59c8fc.xmla#0/assets/ae904fc1-9a96-4dec-adf8-43aa8c3b89f0.xml0/assets/b67a40b0-f954-4f55-a047-f82dd62be796.xmlK0/assets/b8c24098-9f3b-4ba1-a34c-21e9308814c2.xmlj!0/assets/ba01e655-6a5f-4e6d-881d-4dca57859302.xmli0/assets/bd8266b9-ea5c-48d9-b1b2-0577154f7c9c.xmlt!0/assets/be22c109-968b-4635-a24d-050a25d4afee.xmlq0/assets/be7de4f2-7bc1-4704-a046-1a24623b5d7a.xmli0/assets/c60ace22-c18e-4f88-9cd4-d82f6ca7e455.xmlod0/assets/c64715bc-3d85-47b2-b543-5b97640303b3.xmlS\0/assets/c89f8c53-a265-4214-9c94-64159759fa5e.xml/_0/assets/c8b196f6-6099-4f20-bf85-5fd3d2faa31e.xmln0/assets/c941ad6b-6184-4859-bd79-dc6d309a5109.xml|`0/assets/c988e887-9d69-49eb-85aa-c53cf4504090.xml\0/assets/cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd.xml\40/assets/cdcd00de-abfb-43e9-a247-a462d7b65c54.xml0/assets/cf19efcd-db3d-4468-8d3c-f6bbb8918133.xml#0/assets/cfa7254d-eca7-4238-8a5f-c138d92be441.xml9s0/assets/d2fb938f-c13e-4293-b9df-245b63b6079f.xml,p0/assets/db312fba-7c19-4eae-b3b9-18c5d41cc011.xml0/assets/e46ee7dd-5acf-45db-b426-101fd6fa958b.xml400/assets/e4ca2b0c-cbb2-4c52-9023-47e484b991e5.xmld0/assets/e605e743-a4cb-416b-becd-c7240d0b0449.xmlde0/assets/e8aad84e-0be9-444a-a460-a4d40f4d2c0f.xmlI{0/assets/e95fea7b-b901-4fef-827e-9901abd58e1a.xmlDe0/assets/ea711929-0b07-4098-8738-89ef537c26e7.xml)a0/assets/eae75c44-0844-4756-b560-cbe96825b2de.xml
0/assets/edab589f-74ea-48d5-a55a-7cb18a65f066.xml	u0/assets/f04cf1fc-d07b-481e-a433-cf8e93ab64ba.xml~U0/assets/f1f3f842-b742-49a7-8724-04706368fcac.xmlS_0/assets/f43dcb03-6e23-491a-87b0-67d541575923.xml2
0/assets/f54901bb-20de-4103-b72b-a74f8e4e0054.xml<N0/assets/f80253cf-2112-4b7d-8e97-509e49a9345a.xml

0/assets/fab65ea2-4ad4-4d95-82d5-f7a25a08287a.xml50/assets/fd887192-681a-4ebc-a42d-a6be77f75dd4.xmlI0/assets/fef73389-43c8-4b45-bf48-4e1682d89838.xmlOs
/rms_help.h1cB 
/rms_help.H1FbA
/rms_help.H1Tc
/rms_help.H1V#@/rms_help_AssetId.H1Kqk/rms_help_BestBet.H1K\k/rms_help_LinkTerm.H1KGl/rms_help_SubjectTerm.H1K3o::DataSpace/NameList<(::DataSpace/Storage/MSCompressed/Content"4,::DataSpace/Storage/MSCompressed/ControlDataT )::DataSpace/Storage/MSCompressed/SpanInfoL/::DataSpace/Storage/MSCompressed/Transform/List<9~kXE2

	taN;)FTqAOLI/_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/AOLL_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTableV3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/UncompressedMSCompressedFX쌡^
VLZXCHH<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Federated Identity Support - Federated Identity Support Properties</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Federated Identity certificate validity period (days)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enter the validity periods for federated identity rights account certificates (RACs). The value must be within the range of 1 to 9,999 days.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Federated Identity certificate service URL</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select <maml:ui>https://</maml:ui> and enter a different server cluster URL that should issue RACs to all federated identities requesting RACs form this server. <maml:ui>Use default Federated Identity Certificate Service URL</maml:ui> is select to enable this server to issue federated identity RACs.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Allow proxy email address</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select this check box to enabled and disable trust of proxy address of a federated identity.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Security Policies - Super Users - Super Users Results Pane</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Change super user group</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The super users group has no members by default. You can specify an Active Directory Domain Service (AD DS) universal group to use as the super users group for AD RMS, either an existing AD DS group or a new group created for this purpose in the same forest as the AD RMS installation. </maml:para>

<maml:para>An e-mail address associated with this group is required.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set up a Super Users Group</maml:linkText><maml:uri href="mshelp://windows/?id=50714cdb-7e30-4844-a2f0-55ef651eef7a"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Deploying AD RMS with AD FS</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The following steps in this checklist describe the tasks required to configure identity federation support with Active Directory Rights Management Services (AD RMS) cluster.</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Assign a secure sockets layer (SSL) certificate to the Web site that will be hosting the AD RMS cluster.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Install and configure the AD RMS cluster.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Grant the AD RMS service account privileges to Generate Security Audits found in the <maml:ui>Local Security Policy</maml:ui> console. This privilege allows the AD RMS service account to generate events and write them to the Security log.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>On the AD FS resource partner, create a claims-aware application for the AD RMS certification and licensing pipelines.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Configure the AD RMS extranet cluster URL by using the Active Directory Rights Management Services console.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Add the AD RMS Identity Federation Support role service by using Server Manager.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>For detailed instructions about setting up AD RMS and AD FS, see AD RMS with AD FS Identity Federation Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=72135</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=72135"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure Federated Identity Support Settings</maml:linkText><maml:uri href="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add an Extranet Cluster URL</maml:linkText><maml:uri href="mshelp://windows/?id=ae03d1a8-dd14-4750-ae4e-679dad59c8fc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Import an SSL Certificate Using Internet Information Services (IIS) Manager</maml:linkText><maml:uri href="mshelp://windows/?id=a928c435-77a8-49fe-b08e-bfdc6bcc1fa7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Use Windows Live ID to Establish RACs for Users</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Microsoft provides an account certification service that uses Windows Live ID to establish the rights account certificate (RAC) for the user. If you want users with RACs from that service to be able to obtain use licenses from your Active Directory Rights Management Services (AD RMS) cluster, you need to set up a trusted user domain that accepts user credentials from Microsoft’s online RMS service. </maml:para>

<maml:para>To use this feature you must configure Internet Information Services (IIS) to allow access to the AD RMS licensing service, for example, by allowing anonymous access. This step is essential because the licensing service is configured to use Windows Integrated authentication by default. If IIS is not configured to allow access to the AD RMS licensing service, users with Windows Live ID-based RACs will not be able to acquire licenses.</maml:para>

<maml:para>If necessary, after they are configured, you can exclude users of this service based on their e-mail addresses.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To enable anonymous access to the AD RMS licensing service</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Internet Information Services (IIS) Manager console and expand the server that is hosting AD RMS.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Web sites</maml:ui> and then expand the Web site on which you have configured AD RMS. By default this is the <maml:ui>Default Web site</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand the <maml:ui>_wmcs</maml:ui> Web site and then select the <maml:ui>licensing</maml:ui> virtual directory. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, double-click <maml:ui>Authentication</maml:ui> to open the <maml:ui>Authentication</maml:ui> page.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select <maml:ui>Anonymous Authentication</maml:ui> and then, under <maml:ui>Tasks,</maml:ui> select the <maml:ui>Enabled</maml:ui> checkbox and then click <maml:ui>Save</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1-6 for each server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To trust Windows Live ID-based rights account certificates</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Trust Policies</maml:ui>, and then click <maml:ui>Trusted User Domains</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Trust Windows Live ID</maml:ui>. The Windows Live ID certificate appears in the <maml:ui>Trusted user domain</maml:ui> list in the results pane. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To specify Windows Live ID e-mail domains to exclude</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the AD RMS snap-in and expand the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Trust Policies</maml:ui>, and then click <maml:ui>Trusted User Domains</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the Windows Live ID certificate in the results pane, and then in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Excluded Windows Live IDs</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the e-mail domain to be excluded.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Add</maml:ui> to add the specified object to the exclusion list.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 5–7 for all e-mail domains that should be excluded.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK </maml:ui>to apply the exclusion list to the cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Users - Exclude User Wizard</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Use this option for excluding rights account certificates of internal users who have an Active Directory Domain Services account</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select this option to exclude the user's RAC by e-mail address.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Use this option for excluding rights account certificates of external users who do not have an Active Directory Domain Services account.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select this option to exclude the user's RAC by the user's public key.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Public key string</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enter the public key string of the RAC to be excluded.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you want to exclude a user who does not have an Active Directory Domain Services account, such as a Windows Live ID, or a federated identity, or a user who is not part of the Active Directory forest in which AD RMS is installed, you must exclude the RAC by using the value of the user's public key.</maml:para>
</maml:alertSet>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Users</maml:linkText><maml:uri href="mshelp://windows/?id=a21692e9-ce39-4fbb-90a3-11d676d5633e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted User Domains - Trusted User Domain Properties</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>This properties sheet contains the following tabs:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trusted User Domains tab</maml:linkText><maml:uri href="mshelp://windows/?id=10fd534d-18d4-46a9-9647-e50d4f95b464#BKMK_S1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trusted E-mail Domains tab</maml:linkText><maml:uri href="mshelp://windows/?id=10fd534d-18d4-46a9-9647-e50d4f95b464#BKMK_S2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section address="BKMK_S1">
<maml:title>Trusted User Domains tab</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Display name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Display name of the trusted user domain (TUD). This name is assigned when the TUD is imported from another root cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Identifies whether the certificate is internal or external to the AD DS forest.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Expiration</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Date that the imported TUD will expire.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Enable licensing to SIDs for these e-mail domains</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Gives the option to issue licenses to SIDs as opposed to using just the E-mail address attribute in AD DS.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section>

<maml:section address="BKMK_S2">
<maml:title>Trusted E-mail Domains tab</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Trust all e-mail domains</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This default setting allows all e-mail domains contained in the TUD to acquire AD RMS licenses and certificates.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Trust only specified e-mail domains</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Use this option when not all e-mail domains in the TUD should be trusted. All trusted e-mail domains must be added to this list.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Trusted e-mail domains</maml:para>
</maml:entry>
<maml:entry>
<maml:para>List of all trusted e-mail domains in the TUD.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Archive a Rights Policy Template</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Rights policy templates can be archived by using the Active Directory Rights Management Services console. Archived templates are not exported to the template export location and are not distributed by the template distribution pipeline. After the client computers refresh their rights policy templates, the archived templates are no longer available to users for publishing new content. At the same time, archived templates allow the server to continue issuing use licenses for content already published against them.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Archived rights policy templates are not exported to the shared templates folder. If you want to export this template, you must change it back to distributed rights policy template.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To archive a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the name of the rights policy template to archive, and then, in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Archive this Rights Policy Template</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Yes</maml:ui> to confirm.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Standard RAC Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Standard RAC validity period (days)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Type a value between 1 and 9,999 days.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Rights Account Certificate Validity Duration</maml:linkText><maml:uri href="mshelp://windows/?id=c8b196f6-6099-4f20-bf85-5fd3d2faa31e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Properties</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Display name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Display name of the trusted publishing domain</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>CSP</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Cryptographic service provider (CSP) used to protect the AD RMS cluster key</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Key container</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Key container on the CSP in which the AD RMS cluster key is stored</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Join an AD RMS Server to an Existing Cluster</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Additional servers can be joined to a cluster at any time. You can join servers to an AD RMS installation by using any one of the following methods:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Join one or more AD RMS servers to a root cluster.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Join one or more AD RMS servers to a licensing-only cluster. </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Joining servers to a root cluster</maml:title><maml:introduction>
<maml:para>For most purposes, joining one or more AD RMS servers to a root cluster is the best way to increase the availability and redundancy of your deployment. A root cluster can contain one or many servers that provide all services to AD RMS clients.</maml:para>

<maml:para>During installation and provisioning, you can choose the option to join a server to a cluster. When you do this, the new AD RMS server is automatically configured as a member of the cluster.</maml:para>

<maml:para>In addition to this provisioning step, if you are creating a cluster for the first time, you must also set up software or hardware with clustering and load balancing as needed. If you have already implemented a cluster, you must configure your load balancing software or hardware to work with the new cluster member. </maml:para>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Joining servers to a licensing-only cluster</maml:title><maml:introduction>
<maml:para>Unlike the root cluster, which provides all of the AD RMS services, servers in a licensing-only cluster provides only licensing and publishing services.</maml:para>

<maml:para>Licensing-only clusters are optional and are most often deployed to address specific licensing requirements, such as the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To support unique rights-management requirements of a department. For instance, a group within your organization may have a different set of rights policy templates that should not be shared with the rest of the organization. Because only one root cluster is allowed in a forest, setting up a separate root cluster is not possible unless a new forest is created. In this case, you could set up a licensing-only cluster that is dedicated to this group’s needs, and then set up rights policy templates separately for that licensing-only cluster. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To support rights management for external business partners as part of an extranet that requires strong separation and tracking of resources for specific business partners.</maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>If you are using a software or hardware-based cryptographic service provider (CSP) to protect the AD RMS cluster key, you should import this key container before joining the server to an AD RMS cluster.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To join an AD RMS server to an existing cluster </maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to the server that you want to join to an existing AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Roles Summary</maml:ui> box, click <maml:ui>Add Roles</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Read the <maml:ui>Before You Begin</maml:ui> section, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Select Server Roles</maml:ui> page, select the <maml:ui>Active Directory Rights Management Services</maml:ui> box check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The <maml:ui>Role Services</maml:ui> page appears informing you of the AD RMS dependent role services and features. Make sure that Web Server (IIS), Windows Process Activation Service (WPAS), and Message Queuing are listed, and then click <maml:ui>Add Required Role Services</maml:ui>. Click <maml:ui>Next</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Read the AD RMS introduction page, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Select Role Services</maml:ui> page, verify that the <maml:ui>Active Directory Rights Management Server</maml:ui> check box is selected, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Join an existing AD RMS cluster</maml:ui> option, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the name of the database server in the <maml:ui>Database server</maml:ui> box, choose the appropriate database server instance from the <maml:ui>Select or enter database server instance</maml:ui> box, type the name of the AD RMS configuration database in the <maml:ui>Enter database name</maml:ui> box, click <maml:ui>Validate</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you are using AD RMS to centrally manage the cluster key, confirm that the database is correct, type the cluster key password in the <maml:ui>Password</maml:ui> box, type the cluster password again in the <maml:ui>Confirm Password</maml:ui> box, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Read the <maml:ui>Introduction to Web Server (IIS)</maml:ui> page, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Keep the Web server default check box selections, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Install</maml:ui> to join this computer to the existing AD RMS cluster. It can take up to 60 minutes to complete the installation.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log off the server, and then log back on to update the permissions granted to the logged on user account. The user account that is logged on when the AD RMS server role is provisioned is automatically made a member of the AD RMS Enterprise Administrators group.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Deploying AD RMS in an Organization with Users in Multiple Forests</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Only one Active Directory Rights Management Services (AD RMS) root cluster is permitted per forest. If your organization wants to use rights-protected content in more than one forest, you must have a separate AD RMS root cluster for each forest.</maml:para>

<maml:para>The following steps in this checklist describe the tasks required to deploy AD RMS in an organization with users in multiple forests.</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Assign a secure sockets layer (SSL) certificate to the Web site that will be hosting the AD RMS cluster.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Install and configure an AD RMS root cluster in each forest.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you are not using Exchange Server in each forest, you must extend the Active Directory schema. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Add the AD RMS service account to the access control list of the group expansion pipeline.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>For detailed instructions about setting up AD RMS in a multiple forest environment, see Deploying Active Directory Rights Management Services in a multiple forest environment Step-by-Step guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=72139</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=72139"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Install AD RMS Server Role</maml:linkText><maml:uri href="mshelp://windows/?id=24ae01a6-a2c2-4f29-b16b-528565a83644"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure the Access Control List on the GroupExpansion Folder</maml:linkText><maml:uri href="mshelp://windows/?id=c64715bc-3d85-47b2-b543-5b97640303b3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=f43dcb03-6e23-491a-87b0-67d541575923"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=59c802d0-3982-432c-b06f-3e148dca0166"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Install AD RMS Server Role</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The computer on which you are installing AD RMS must be a member server in a domain, or it must be a domain controller. You cannot deploy AD RMS on a server that is part of a workgroup.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you are installing AD RMS on a domain controller, you must add the AD RMS service account to the Domain Admins group. We do not recommend adding the AD RMS service account to the Enterprise Admins group.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To install the AD RMS Server Role</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to the server on which you want to install AD RMS.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Roles Summary</maml:ui> box, click <maml:ui>Add Roles</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Read the <maml:ui>Before You Begin</maml:ui> section, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Select Server Roles</maml:ui> page, select the <maml:ui>Active Directory Rights Management Services</maml:ui> box. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The <maml:ui>Role Services</maml:ui> page appears informing you of the AD RMS dependent role services and features. Make sure that Web Server (IIS), Windows Process Activation Service (WPAS), and Message Queuing are listed, and then click <maml:ui>Add Required Role Services</maml:ui>. Click <maml:ui>Next</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Read the AD RMS introduction page, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Select Role Services</maml:ui> page, verify that the <maml:ui>Active Directory Rights Management Server</maml:ui> check box is selected, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Create a new AD RMS cluster</maml:ui> option, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Use a different database server</maml:ui> option, and then click <maml:ui>Select</maml:ui>.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you choose to use the Windows Internal database to host the AD RMS databases for a single-server installation, steps 11 and 12 are not required.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the name of the computer that will be hosting AD RMS databases, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Database Instance</maml:ui>, choose the appropriate instance, click <maml:ui>Validate</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Specify Service Account</maml:ui> page, click <maml:ui>Specify</maml:ui>, type the domain user account and password that should be used as the AD RMS service account, click <maml:ui>OK</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Ensure that the <maml:ui>Use AD RMS centrally managed key storage</maml:ui> option is selected, and then click <maml:ui>Next</maml:ui>. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you choose to protect the AD RMS cluster key by using a cryptographic storage provider, step 15 is not required.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type a strong password in the <maml:ui>Password</maml:ui> box and in the <maml:ui>Confirm password</maml:ui> box, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Choose the Web site where the AD RMS Web services will be installed, and then click <maml:ui>Next</maml:ui>. In a default installation, the name of the Web site should be <maml:ui>Default Web Site</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>As a best security practice, the AD RMS cluster should be provisioned by using an SSL-encrypted connection. Select the <maml:ui>Use an SSL-encrypted connection (https://)</maml:ui> option.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the fully-qualified domain name of the AD RMS cluster in the <maml:ui>Internal</maml:ui> <maml:ui>Address</maml:ui> box, and then click <maml:ui>Validate</maml:ui>. If you want to change the default port on which AD RMS communicates, you can do that on this page of the wizard as well. If validation succeeds, the <maml:ui>Next</maml:ui> button will become active. Click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Choose an existing certificate for SSL encryption</maml:ui> option, click the appropriate certificate or click <maml:ui>Import</maml:ui> to import the certificate, and then click <maml:ui>Next</maml:ui>.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Self-signed certificates should only be used for test environments. In a production environment, we strongly recommend using an SSL certificate issued from a certification authority, such as Verisign Inc.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type a name that will help you identify the AD RMS cluster in the <maml:ui>Friendly name</maml:ui> box, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Ensure that the <maml:ui>Register the AD RMS service connection point now</maml:ui> option is selected, and then click <maml:ui>Next</maml:ui> to register the AD RMS service connection point (SCP) in Active Directory Domain Services (AD DS).</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>In order to register the AD RMS SCP, you must be logged on to the AD RMS server with a user account with write access to the Services container in AD DS.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Read the <maml:ui>Introduction to Web Server (IIS)</maml:ui> page and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Next</maml:ui> again, leaving the Web server defaults.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Install</maml:ui> to provision AD RMS on the computer. It can take up to 60 minutes to complete the installation.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log off from the server, and then log back on to update the permissions granted to the logged on user account. The user account that is logged on when the AD RMS server role is provisioned is automatically made a member of the AD RMS Enterprise Administrators group. A user must be a member of that group to administer AD RMS.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>


</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Check the Password Policy for Your Organization</maml:linkText><maml:uri href="mshelp://windows/?id=ac2ec246-dd17-4c72-bf55-8a0c13efac4f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Register a Service Connection Point</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The service connection point (SCP) for AD RMS identifies the connection URL for the service to the AD RMS-enabled clients in your organization. After you register the SCP in Active Directory Domain Services (AD DS), clients will be able to discover the AD RMS cluster to request use licenses, publishing licenses, or rights account certificates (RACs).</maml:para>

<maml:para>When the AD RMS role is configured on your server, the installation attempts to register the AD RMS SCP, but if it is unable to do so, you can register or change the SCP from the cluster <maml:ui>Properties</maml:ui> sheet in the Active Directory Rights Management Services console. </maml:para>

<maml:para>If you are registering a service connection point (SCP) from an AD RMS cluster in a child domain, you might receive an error stating that SCP registration failed. In many cases, the registration was successful, but the registration first takes place in the top-level domain and it takes time to replicate to the child domain where the AD RMS cluster checks for the SCP object. As soon as the SCP has been replicated to all global catalog servers in the forest, the message will no longer appear.</maml:para>

<maml:para>Membership in the <maml:phrase>AD RMS Enterprise Administrators</maml:phrase> and the <maml:phrase>Enterprise Admins</maml:phrase> group in AD DS, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To register a service connection point</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the cluster on which you need to register an SCP.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the AD RMS cluster, and then click <maml:ui>Properties.</maml:ui></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>SCP</maml:ui> tab. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Change SCP</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Set the SCP to current certification cluster </maml:ui>option, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Yes</maml:ui> to confirm.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>AD RMS Client Service Discovery</maml:linkText><maml:uri href="mshelp://windows/?id=edab589f-74ea-48d5-a55a-7cb18a65f066"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Restore Rights Policy Templates</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>To ensure that rights policy templates are available in the export location after a system restore of the computer where the rights policy templates are stored, you must export the rights policy templates from the configuration database again.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you are using Windows Server 2008 R2 with automatic template distribution enabled, exporting the rights policy templates is not required.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To restore a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a computer in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Delete the rights policy templates that are in the rights policy templates export folder.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui>, clear the <maml:ui>Enable export</maml:ui> check box, and then click <maml:ui>Apply</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Enable export</maml:ui> check box, specify a valid network path in the <maml:ui>Specify templates file location (UNC)</maml:ui> box, and then click <maml:ui>OK</maml:ui>. All the rights policy templates from the configuration database will be exported and overwrite the ones currently in this folder.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Location of Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding AD RMS User Accounts</maml:title><maml:introduction>
<maml:para>Active Directory Domain Services (AD DS) provides authentication for users of AD RMS. All of the user account requests received by the AD RMS cluster are recorded into the logging database if logging is enabled.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Deleting accounts from the configuration database</maml:title><maml:introduction>
<maml:para>When you delete a user account from AD DS, the configuration database entry in the user key table for the user’s rights account certificate (RAC) is not automatically deleted. Because of this, the user key table can grow unbounded as new user keys are added, but old ones are not deleted.</maml:para>

<maml:para>There are two approaches that you can use to maintain the configuration database. First, you can create and run a stored procedure that deletes a user key identified by its security identifier (SID) when you remove the associated user account from AD DS.</maml:para>

<maml:para>Alternately, you can write a script that deletes user keys from the configuration database when their associated SIDs no longer exist in AD DS and run it periodically. Because this method creates a large load on both the database server and AD DS, you should schedule the running of your script during times of low activity.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Moving user accounts to another AD DS forest</maml:title><maml:introduction>
<maml:para>When you set up and provision a root cluster in an organization, there can be only one root cluster for every Active Directory forest.</maml:para>

<maml:para>In general, when you move a user account from one domain to another domain in the same forest, a new SID is created for the user account in the new domain. Then, when a user attempts to acquire a new RAC from a server in the cluster, the user appears to be a new user because the SID is different. The cluster generates new keys for the user account and issues the new RAC by using the original e-mail address of the user. If the user attempts to use the new RAC with an existing use license, the SID and keys will not match. The user needs to acquire a new use license. This is also true for moving a user account to a domain that is in a different forest.</maml:para>
</maml:introduction><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Configuring Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Working with the AD RMS Client</maml:title><maml:introduction>
<maml:para>The Active Directory Rights Management Services (AD RMS) client is included with the Windows Vista, the Windows 7, the Windows Server 2008, and the Windows Server 2008 R2 operating systems. If you are using Windows XP, Windows 2000, or Windows Server 2003 as your client operating system, a compatible version of the AD RMS client is available for download from the Microsoft Download Center. </maml:para>

<maml:para>The AD RMS client can be used with the AD RMS server role included in Windows Server 2008 or Windows Server 2008 R2 or with previous versions of RMS running on Windows Server 2003.</maml:para>

<maml:para>The AD RMS client creates the machine certificate, which is used to identify the lockbox that stores the key pair for the current user. You can verify the presence of the AD RMS client on a computer by finding the msdrm.dll file on the computer. This file is protected by Windows Resource Protection in Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, and cannot be modified except through official Microsoft updates. </maml:para>

<maml:para>Applications can use the AD RMS client to incorporate rights management features into their application. For example, Microsoft Office 2003, Microsoft Office 2007, and Windows Mobile 6 use the AD RMS client to support the information rights management features that provide rights management for documents, e-mails, spreadsheets, and slide presentations.</maml:para>

<maml:para>This section contains the following procedures: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Install the AD RMS Client on Earlier Versions of Windows</maml:linkText><maml:uri href="mshelp://windows/?id=90411fff-1651-43df-8b41-ea16b62da222"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>AD RMS Client Service Discovery</maml:linkText><maml:uri href="mshelp://windows/?id=edab589f-74ea-48d5-a55a-7cb18a65f066"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding AD RMS Clusters</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>AD RMS clusters are defined as a single server running AD RMS or a group of servers that share AD RMS publishing and licensing requests from AD RMS clients. When the first AD RMS server is provisioned in an Active Directory forest, it becomes a AD RMS cluster. More servers can be provisioned and added to an AD RMS cluster at any time.</maml:para>

<maml:para>There are two types of clusters: root clusters and licensing-only clusters. The first server in an AD RMS installation always becomes the root cluster. The root cluster handles all certification and licensing requests for the Active Directory Domain Services (AD DS) domain in which it was installed. For complex environments, licensing-only clusters can be created in addition to the root cluster. However, it is recommended to use only a root cluster and join more AD RMS servers to this cluster because root and licensing-only clusters cannot be used in the same load-balancing pool.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding AD RMS Exclusion Policies</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can implement exclusion policies to deny certain entities the ability to acquire certificate and license requests There are three ways to exclude these entities: by user, by application, and by lockbox version.</maml:para>

<maml:para>When an entity is excluded, use licenses that are created by servers in the AD RMS cluster will have that entity specified in the exclusion list. If, after a period of time, you decide to remove an entity that you have previously included in an exclusion policy, you can delete the entity from the exclusion list. Any new certification or licensing requests will not consider this entity as excluded.</maml:para>

<maml:para>We recommend that you do not remove an entity from an exclusion policy until you can be sure that all of the certificates issued before the exclusion policy was created have expired. Otherwise, both the old certificates and the new certificates will allow the content to be decrypted, which might not be what your organization wants.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enabling Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=5141e060-08ac-4874-98bc-c493658c4c8f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Rights Policy Template - Specify Expiration Policy Page</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Never expires</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Default option. This option enables the user to access the content for as long as it is available.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Expires on the following date (UTC)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>You can specify a date and time on which the content expires, meaning that a use license that has been granted expires on that date, and that a user cannot acquire a use license for the content after that date. The date and time are expressed as Coordinated Universal Time (UTC), also known as Greenwich Mean Time.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Expires after the following duration (days). </maml:para>
</maml:entry>
<maml:entry>
<maml:para>You can specify the number of days after publication after which a user cannot acquire a use license for the content.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Expires are the following duration (days). This is for use licenses.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Used for assigning an expiration date to the use license. You can specify the number of days that a use license is valid after it has been granted to a user. After that time period has passed, the user will have to obtain a new use license from the server.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a New Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=5c3e4dfa-acf1-4497-b57e-327e5be2b2b4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add New Language to Rights Policy Template</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When you create a rights policy template, you select the language that the template uses. By default, rights policy templates use the language setting of your server operating system.</maml:para>

<maml:para>If you have AD RMS-enabled clients that use a different language setting on their operating systems, selecting their language setting when you create the rights policy template. This enables the template to reflect the preferred regional language option of the client.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To add a new language to a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a computer in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the name of the desired rights policy template, and then, in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Identification Information</maml:ui> tab, click <maml:ui>Add</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the desired language from the <maml:ui>Language</maml:ui> box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Name</maml:ui> box, type a name that will be displayed to AD RMS users. As a best practice, use the name of the language in the template name to allow you to easily distinguish which templates have which language identifiers.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Description</maml:ui> box, type a description for the rights policy template.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>, and then click <maml:ui>OK</maml:ui> again to close the properties sheet.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To select a given language, you must have the language installed on your server. Adding a new language is done though the <maml:ui>Regional and Language Options</maml:ui> in <maml:ui>Control Panel</maml:ui>. Click the <maml:ui>Keyboard and Languages</maml:ui> tab and then click <maml:ui>Install/uninstall languages</maml:ui> to start the <maml:ui>Install or Uninstall Display Languages</maml:ui> wizard.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Rights Policy Templates Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Rights policy templates are XML documents that establish a predefined set of rights for protected content. For example, you can establish a template that is used for intellectual property content that restricts the ability to copy or modify to all users except the content owner.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=6257f49a-bf8d-4d90-ad04-0918d400068d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Installing an AD RMS Cluster</maml:title><maml:introduction>
<maml:para>The procedures in this section are designed to help you set up Active Directory Rights Management Services (AD RMS) in your organization.</maml:para>

<maml:para>This section contains the following procedures: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Clusters</maml:linkText><maml:uri href="mshelp://windows/?id=390c4d53-2a07-4207-af9a-401f916a9328"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Key Protection and Storage</maml:linkText><maml:uri href="mshelp://windows/?id=db312fba-7c19-4eae-b3b9-18c5d41cc011"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Install AD RMS Server Role</maml:linkText><maml:uri href="mshelp://windows/?id=24ae01a6-a2c2-4f29-b16b-528565a83644"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Upgrade to AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=b8c24098-9f3b-4ba1-a34c-21e9308814c2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Join an AD RMS Server to an Existing Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=1bc393b9-5ce9-4950-acae-63a463ccfc36"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administer AD RMS by Using the Active Directory Rights Management Services console</maml:linkText><maml:uri href="mshelp://windows/?id=9145546f-a8ef-45b3-ab98-3e2c8bc1ef33"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change AD RMS Proxy Settings</maml:linkText><maml:uri href="mshelp://windows/?id=e4ca2b0c-cbb2-4c52-9023-47e484b991e5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add an Extranet Cluster URL</maml:linkText><maml:uri href="mshelp://windows/?id=ae03d1a8-dd14-4750-ae4e-679dad59c8fc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Register a Service Connection Point</maml:linkText><maml:uri href="mshelp://windows/?id=2a37646d-7011-40dd-a503-7cfdab162764"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure Windows Firewall</maml:linkText><maml:uri href="mshelp://windows/?id=fef73389-43c8-4b45-bf48-4e1682d89838"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Check the Password Policy for Your Organization</maml:linkText><maml:uri href="mshelp://windows/?id=ac2ec246-dd17-4c72-bf55-8a0c13efac4f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Import an SSL Certificate Using Internet Information Services (IIS) Manager</maml:linkText><maml:uri href="mshelp://windows/?id=a928c435-77a8-49fe-b08e-bfdc6bcc1fa7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Enable support for Kerberos authentication</maml:linkText><maml:uri href="mshelp://windows/?id=636a447d-35f0-4e6f-a8b2-0a1bf279d1de"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Cluster Properties - SCP Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Registered service domain</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The fully-qualified domain name that this AD RMS cluster serves.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Current SCP</maml:para>
</maml:entry>
<maml:entry>
<maml:para>URL that is currently present in the domain specified for connecting to AD RMS services. If another AD RMS installation was present in this domain, this object can still be identified with that connection URL. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Change SCP</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows you to change or create the AD RMS service connection point (SCP).</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Set SCP to current certification cluster</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a means for you to update the SCP when your AD RMS clusters change or to register the SCP for the first time.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Remove current SCP</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select this option to remove the current SCP from Active Directory Domain Services (AD DS). </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Register a Service Connection Point</maml:linkText><maml:uri href="mshelp://windows/?id=2a37646d-7011-40dd-a503-7cfdab162764"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Rights Policy Templates Properties</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The current export location of the rights policy templates for the cluster is displayed in the properties of the <maml:ui>Rights Policy Templates</maml:ui> node in the Active Directory Rights Management Services console.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Current templates file location</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays the current location where the rights policy templates files are stored.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Enable export</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select this check box if you are exporting the rights policy template to a shared folder.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Specify templates file location (UNC)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Type the UNC path to the shared folder in which the rights policy templates will be stored in the format <maml:replaceable>\\server\share</maml:replaceable>.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Location of Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Deploy Rights Policy Templates Manually</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>If you choose to configure the registry settings directly on the client computers, you must create the following registry key:</maml:para>

<maml:para><maml:phrase>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Common\DRM\AdminTemplatePath</maml:phrase></maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.</maml:para>
</maml:alertSet>

<maml:para>For the registry value, you must specify the path to the templates folder. You can create the registry setting using a data type of REG_SZ or REG_EXPAND_SZ.</maml:para>

<maml:para>If you create the <maml:phrase>AdminTemplatePath</maml:phrase> registry entry with a data type of REG_SZ, you must specify the explicit path for the templates folder, such as C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\DRM. If you create the AdminTemplatePath with a data type of REG_EXPAND_SZ you can specify the path using environment variables, for example, %<maml:replaceable>allusersprofile%\</maml:replaceable>Application Data\Microsoft\DRM.</maml:para>

<maml:para>Once this registry entry is created, you must copy the templates files manually from the exported template location path. If you are using Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7 as your AD RMS client, the rights policy templates are automatically managed when the automatic rights policy template management feature is enabled. For more information about deploying rights policy templates, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=81070</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=81070"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Location of Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Cluster Properties - Proxy Settings Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>This cluster uses a proxy server to access external networks</maml:para>
</maml:entry>
<maml:entry>
<maml:para>If a proxy server is required, selecting this check box enables your AD RMS cluster to connect to the Internet.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Address</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Address of the proxy server.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Port</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Port the proxy server is configured to use.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Bypass proxy server for local addresses</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Selecting this check box prevents addresses without fully-qualified domain names (FQDNs) from connecting to the proxy server.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Do not use proxy server for address beginning with</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This box is used to enter addresses that should not go through the proxy server.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>This proxy server requires authentication</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Some proxy servers require credentials in order to connect to them. This box enables the AD RMS server in the cluster to authenticate with the proxy server.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Authentication type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The authentication type used to connect to the proxy server. The authentication type can be <maml:ui>Basic</maml:ui>, <maml:ui>Digest</maml:ui>, or <maml:ui>Integrated Windows</maml:ui>.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>User name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>User name of the account that is used to authenticate to the proxy server.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Password</maml:para>

<maml:para>Confirm Password</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Password of the account that is used to authenticate to the proxy server.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Domain</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Domain name where the user account that is used to authenticate to the proxy server resides.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change AD RMS Proxy Settings</maml:linkText><maml:uri href="mshelp://windows/?id=e4ca2b0c-cbb2-4c52-9023-47e484b991e5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Deploying a Single-Server Installation</maml:title><maml:introduction>
<maml:para>The following checklist describes the tasks required to install and configure a Active Directory Rights Management Services (AD RMS) root cluster on a single server that uses the Windows Internal Database. This deployment is appropriate for installing AD RMS in a test environment. This deployment cannot be scaled to include multiple servers in this cluster.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Step </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Install the AD RMS server role</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install AD RMS Server Role</maml:linkText><maml:uri href="mshelp://windows/?id=24ae01a6-a2c2-4f29-b16b-528565a83644"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure appropriate Windows Firewall exception on the AD RMS server.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Configure Windows Firewall</maml:linkText><maml:uri href="mshelp://windows/?id=fef73389-43c8-4b45-bf48-4e1682d89838"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Add the AD RMS server to the MMC console</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Administer AD RMS by Using the Active Directory Rights Management Services console</maml:linkText><maml:uri href="mshelp://windows/?id=9145546f-a8ef-45b3-ab98-3e2c8bc1ef33"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>For more information about installing and configuring AD RMS, see Windows Server Active Directory Rights Management Services Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=72134</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=72134"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Set up a Super Users Group</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The AD RMS super user group is a special group that has full control over all rights-protected content managed by the cluster. Its members are granted full owner rights in all use licenses that are issued by the AD RMS cluster on which the super users group is configured. This means that members of this group can decrypt any rights-protected content file and remove rights-protection from it.</maml:para>

<maml:para>The super users group is not enabled and is not assigned a group by default. When you enable the <maml:ui>Super Users</maml:ui> setting in the Active Directory Rights Management Services console, you can specify an Active Directory Domain Services (AD DS) universal group to use as the super users group for AD RMS. The group must exist in the same forest as the AD RMS installation. Any user accounts that are members of the group that you specify as the AD RMS super users group are automatically granted the permissions of the super users group.</maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Enabling the super users group should be done only on an as-needed basis. During normal operations, the super users group should be disabled. It should be enabled only when it can be justified.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To set up a super users group</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Security Policies</maml:ui>, and then click <maml:ui>Super Users</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions </maml:ui>pane, click <maml:ui>Enable Super Users</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, click <maml:ui>Change Super User Group</maml:ui> to open the <maml:ui>Super Users</maml:ui> properties sheet.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Super user group</maml:ui> box, type the e-mail address of an existing group in the Active Directory forest, or click <maml:ui>Browse</maml:ui> to navigate through the defined users and groups in the directory.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Enabling Exclusion Policies</maml:title><maml:introduction>
<maml:para>The procedures in this section are designed to help you define exclusion policies on your AD RMS cluster.</maml:para>

<maml:para>This section contains the following procedures:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Users</maml:linkText><maml:uri href="mshelp://windows/?id=a21692e9-ce39-4fbb-90a3-11d676d5633e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Applications</maml:linkText><maml:uri href="mshelp://windows/?id=be22c109-968b-4635-a24d-050a25d4afee"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Lockbox Versions</maml:linkText><maml:uri href="mshelp://windows/?id=9a944ab7-f0d9-4224-97c6-b2543f537827"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>


</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trust Policies Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Trust policies are designed to help you establish a trust relationship between your AD RMS infrastructure to an AD RMS infrastructure in another domain or organization's infrastructure. </maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=f04cf1fc-d07b-481e-a433-cf8e93ab64ba"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Reset the AD RMS Cluster Key Password</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When a new AD RMS cluster is provisioned, a method to protect the AD RMS cluster key is chosen. If you chose the default option of using AD RMS cluster key protection, you specified a strong password that was used to encrypt the cluster key in the configuration database. The AD RMS cluster key is used to sign the certificates and licenses granted by the cluster. The cluster key is generated and the password specified during the initial configuration of the AD RMS server role.</maml:para>

<maml:para>If you are running AD RMS in a clustered environment, and you decided to reset the cluster key, it must be completed on every AD RMS server in the cluster. If you do not, those servers will not be able function as they will be unable to decrypt the cluster key in the configuration database.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>This procedure applies only if you are using AD RMS to centrally manage the cluster key. If you are using either a hardware-based or software-based cryptographic service provider (CSP), consult the documentation of the CSP manufacturer.</maml:para></maml:alertSet>

<maml:para>Membership in the <maml:phrase>AD RMS Enterprise Administrators</maml:phrase> and the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To reset the cluster key password</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Security Policies</maml:ui>, and then click <maml:ui>Change cluster key password</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Cluster Key Password </maml:ui>wizard, type the new password for the cluster key in the <maml:ui>Password</maml:ui> box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Confirm Password </maml:ui>box, type the new password again.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Apply </maml:ui>to complete the password reset.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1–6 for each server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted Publishing Domains - Import Trusted Publishing Domain Wizard</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Trusted publishing domain file</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Path to the trusted publishing domain file to be imported</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Password</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specify a password to decrypt the trusted publishing domain file. This password must match the password specified when the trusted publishing domain file was exported from another AD RMS cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Display name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Name for the trusted publishing domain that will be displayed in the Active Directory Rights Management Services console</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Cluster Properties - Cluster URLs Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Intranet URLs</maml:para>
</maml:entry>
<maml:entry>
<maml:para>These URLs are used by AD RMS-enabled clients that are connected to your organization's private network to connect to certification and licensing services in the AD RMS cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Extranet URLs</maml:para>
</maml:entry>
<maml:entry>
<maml:para>These URLs are used by AD RMS clients that are connecting to your cluster over the Internet. The licensing and certification URLs will be created based on these URLs.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add an Extranet Cluster URL</maml:linkText><maml:uri href="mshelp://windows/?id=ae03d1a8-dd14-4750-ae4e-679dad59c8fc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding AD RMS Certificates</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The different components of Active Directory Rights Management Services (AD RMS) have trusted connections that are implemented by a set of certificates. Enforcing the validity of these certificates is a core function of AD RMS technology. Each piece of rights-protected content is published with a license that expresses its usage rules, and each consumer of that content receives a unique license that reads, interprets, and enforces those usage rules. In this context, a license is a particular type of certificate.</maml:para>

<maml:para>AD RMS uses an XML vocabulary to express usage rights for rights-protected content called eXtensible rights Markup Language (XrML).</maml:para>

<maml:para>The certificates and licenses used by AD RMS are connected in a hierarchy, so that the AD RMS client can always follow a chain from a particular certificate or license through trusted certificates, up to a trusted key pair.</maml:para>

<maml:para>The following table lists the certificates and licenses that are used by AD RMS:</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Certificate or License</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Purpose</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Content</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Server licensor certificate (SLC)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The SLC is created when the AD RMS server role is installed and configured on the first server in the cluster. It generates a unique SLC for itself that establishes its identity, called self-enrollment, and has a validity time of 250 years. This enables the archiving of rights-protected data for an extended period of time. A root cluster handles both certification, by issuing a rights account certificate (RAC), and licensing rights-protected content. Other servers added to the root cluster share an SLC. In complex environments, licensing-only clusters can be deployed, which generate their own SLC.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The SLC contains the public key of the server.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Client licensor certificate (CLC)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The CLC is created by the AD RMS cluster in response to a request from the client application. The CLC is sent to the client while it is connected to the organization's network and grants the user the right to publish rights-protected content when the client is not connected. The CLC is tied to the RAC of the user, so that if the RAC is not valid or not present, the user is not able to access the AD RMS cluster.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The CLC contains the client licensor public key, along with the client licensor private key that is encrypted by the public key of the user who requested the certificate. It also contains the public key of the cluster that issued the certificate, which is signed by the private key of the cluster that issued the certificate. The client licensor private key is used to sign publishing licenses.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Machine certificate</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The machine certificate is created on the client computer the first time that an AD RMS-enabled application is used. The AD RMS client in Windows Vista and Windows 7 automatically activates and enrolls with the root cluster to create this certificate on the client computer. This certificate identifies a lockbox on a computer or device that is correlated with the logged-on user profile.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The machine certificate contains the public key of the activated computer. The corresponding private key is contained by that computer's lockbox.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Rights account certificate (RAC)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The RAC established a user's identity in the AD RMS system. It is created by the AD RMS root cluster and provided to the user when first attempting to open rights-protected content. </maml:para>

<maml:para>A standard RAC identifies a user by account credentials in the context of a specific computer or device and has a validity time measured in number of days. The default validity time for a standard RAC is 365 days.</maml:para>

<maml:para>A temporary RAC identifies a user based on account credentials only and has a validity time measured in number of minutes. The default validity time for a temporary RAC is 15 minutes.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The RAC contains the public key of the user and the private key of the user encrypted with the public key of the activated computer.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Publishing license</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The publishing license is created by the client when content is saved with rights-protection. It specifies the users that can open the rights-protected content, under which conditions the content may be opened by the user, and the rights that each user will have to the rights-protected content.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The publishing license contains the symmetric content key for decrypting the content, which is encrypted with the public key of the server that issued the license.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Use license</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The use license specifies the rights that apply to the rights-protected content in the context of a specific authenticated user. This license is tied to the RAC. If the RAC is not valid or not present, the use license cannot be used to open the content.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The use license contains the symmetric content key for decrypting the content, which is encrypted with the public key of the user.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administering Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted User Domains - Trusted User Domain Certificate</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Export Trusted User Domain</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Export a server licensor certificate (SLC) to a file that can be imported into another AD RMS cluster as a trusted user domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Properties</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Configure the properties of the selected trusted user domain to give greater control of the trust level of user accounts.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Delete</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Stop trusting users from a domain. You cannot remove the core SLC of your installation, which named Enterprise by default.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add a Trusted User Domain</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>By default, Active Directory Rights Management Services (AD RMS) does not service requests from users whose rights account certificate (RAC) was issued by a different AD RMS installation. However, you can add user domains to the list of trusted user domains (TUDs), which allows AD RMS to process such requests. </maml:para>

<maml:para>For each trusted user domain (TUD), you can also add and remove specific users or groups of users. In addition, you can remove a TUD; however, you cannot remove the root cluster for this Active Directory forest from the list of TUDs. Every AD RMS server trusts the root cluster in its own forest. </maml:para>

<maml:para>You can add TUDs as follows: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To support external users in general, you can trust Windows Live ID. This allows an AD RMS cluster that is in your company to process licensing requests that include a RAC that was issued by Microsoft’s online RMS service. For more information about trusting Windows Live ID in your organization, see <maml:navigationLink><maml:linkText>Use Windows Live ID to Establish RACs for Users</maml:linkText><maml:uri href="mshelp://windows/?id=07567fd0-68bf-4f59-9916-b8cafacaf04e"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To trust external users from another organization’s AD RMS installation, you can add the organization to the list of TUDs. This allows an AD RMS cluster to process a licensing request that includes a RAC that was issued by an AD RMS server that is in the other organization. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In the same manner, to process licensing requests from users within your own organization who reside in a different Active Directory forest, you can add the AD RMS installation in that forest to the list of TUDs. This allows an AD RMS cluster in the current forest to process a licensing request that includes a RAC that was issued by an AD RMS cluster in the other forest. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For each TUD, you can specify which e-mail domains are trusted. For trusted Windows Live ID sites and services, you can specify which e-mail users or domains are not trusted. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To add a trusted user domain</maml:title><maml:introduction><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The private key information is not transferred when you set up a TUD.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:introduction><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The TUD of the AD RMS installation to be trusted should already be exported and available. For more information about exporting a TUD, see <maml:navigationLink><maml:linkText>Export a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=f43dcb03-6e23-491a-87b0-67d541575923"></maml:uri></maml:navigationLink>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Trust policies</maml:ui>, and then click <maml:ui>Trusted User Domains</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Import Trusted User Domain</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Trusted user domain file</maml:ui> box, type the path to the exported server licensor certificate of the user domain to trust or click <maml:ui>Browse</maml:ui> to locate it.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Display</maml:ui> name, type a name to identify this trusted user domain. If you would like to extend this trust to federated users, select <maml:ui>Extend trust to federated users of the imported server</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>The name of the domain appears in the <maml:ui>Trusted user domains</maml:ui> list in the results pane. To further configure e-mail domains within that trusted user domain, do the following steps:</maml:para>

<maml:procedure><maml:title>To specify properties of the trusted user domain</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the trusted user domain is based on another AD RMS cluster's server licensor certificate, you can specify which e-mail domains within the trusted user domain are trusted. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the certificate name in the results pane and then in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Trusted E-mail Domains</maml:ui> tab, and then choose one of the following trust options: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Select the <maml:ui>Trust all e-mail domains</maml:ui> option to trust all of the user accounts that are members of that domain. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Select the <maml:ui>Trust only specified e-mail domains</maml:ui> option and then type the domain name to trust, such as example.com, and then click <maml:ui>Add</maml:ui>. This adds the domain to the <maml:ui>Trusted e-mail domains</maml:ui> list. To remove a name from the list, select the name, and then click <maml:ui>Remove</maml:ui>. Adding a domain includes all of its child domains. </maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Trust AD RMS licensing to security identifiers (SIDs) for this user domain </maml:ui>check box, if necessary. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When finished, click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=f43dcb03-6e23-491a-87b0-67d541575923"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Use Windows Live ID to Establish RACs for Users</maml:linkText><maml:uri href="mshelp://windows/?id=07567fd0-68bf-4f59-9916-b8cafacaf04e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Rights Enforcement</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Active Directory Rights Management Services (AD RMS) rights provide the means for controlling how a user can access, use, and redistribute rights-protected content. Some rights are enforced exclusively by AD RMS-enabled applications or browsers, while others are enforced primarily by the AD RMS client (although applications can still apply their own interpretation of the right). The rights enforced by the AD RMS client control how license information is used, such as whether the license can be used to re-encrypt previously decrypted content. Rights that control how content is used are interpreted and enforced by AD RMS-enabled applications, such as Microsoft Office applications. For example, Microsoft Office applications enforce the View right by allowing a user to decrypt and view the contents of a protected document if the user has been granted the View right.</maml:para>

<maml:para>The following table lists the rights that are available by default when you create a rights policy template and gives a brief description of how the right is enforced by the AD RMS client and interpreted by common AD RMS-enabled applications.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>AD RMS-enabled applications can interpret these rights differently. This is intended as a general description for how these rights are typically used. Consult the documentation of the specific application for information on how these rights are enforced.</maml:para></maml:alertSet>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry><maml:para>Right</maml:para></maml:entry>
<maml:entry><maml:para>Description</maml:para></maml:entry>
</maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry><maml:para>Full control</maml:para></maml:entry><maml:entry><maml:para>If granted, this right allows a user to exercise all rights in the license, whether or not the rights are specifically granted to that user.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>View</maml:para></maml:entry><maml:entry><maml:para>If this right is granted, the AD RMS client allows protected content to be decrypted. Typically, when this right is granted, the application will allow the user to view protected content.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Edit</maml:para></maml:entry><maml:entry><maml:para>If this right is granted, the AD RMS client allows protected content to be decrypted and then re-encrypted by using the same content key. Typically, when this right is granted, the application will allow the user to change protected content and then save it to the same file. This right is effectively identical to the Save right.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Save</maml:para></maml:entry><maml:entry><maml:para>If this right is granted, the AD RMS client allows protected content to be decrypted and then re-encrypted by using the same content key. Typically, when this right is granted, the application will allow the user to change protected content and then save it to the same file. This right is effectively identical to the Edit right.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Export (Save As)</maml:para></maml:entry><maml:entry><maml:para>If this right is granted, the AD RMS client allows protected content to be decrypted and then re-encrypted by using the same content key. Typically, when this right is granted, the application will allow the user to use the “Save As” feature to save protected content to a new file.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Print</maml:para></maml:entry><maml:entry><maml:para>Typically, when this right is granted, the application will allow the user to print protected content.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Forward</maml:para></maml:entry><maml:entry><maml:para>Typically, when this right is granted, the application will allow an e-mail recipient to forward a protected message.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Reply</maml:para></maml:entry><maml:entry><maml:para>Typically, when this right is granted, the application will allow an e-mail recipient to reply to a protected message and include a copy of the original message.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Reply All</maml:para></maml:entry><maml:entry><maml:para>Typically, when this right is granted, the application will allow an e-mail recipient to reply to all recipients of a protected message and include a copy of the original message.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Extract</maml:para></maml:entry><maml:entry><maml:para>Typically, when this right is granted, the application will allow the user to copy and paste information from protected content.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Allow Macros</maml:para></maml:entry><maml:entry><maml:para>Typically, when this right is granted, the application will allow the user to run macros in the document or use an editor to modify macros in the document.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>View Rights</maml:para></maml:entry><maml:entry><maml:para>If this right is granted, the AD RMS client allows a user to view the user rights that are assigned by the license.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Edit Rights</maml:para></maml:entry><maml:entry><maml:para>If this right is granted, the AD RMS client allows a user to edit the user rights that are assigned by the license. </maml:para></maml:entry></maml:row>
</maml:table></maml:introduction><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=6257f49a-bf8d-4d90-ad04-0918d400068d"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Temporary RAC Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Temporary RAC validity period (minutes)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Type a value between 0 and 600,000 minutes.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Rights Account Certificate Validity Duration</maml:linkText><maml:uri href="mshelp://windows/?id=c8b196f6-6099-4f20-bf85-5fd3d2faa31e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create a New Rights Policy Template</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When you create a new rights policy template, the <maml:ui>Create Distributed Rights Policy Template</maml:ui> or <maml:ui>Create Archived Rights Policy Template</maml:ui> wizard , steps you through the different elements of the template depending on the desired type of rights policy template. These elements can be modified later by selecting the template and opening its properties sheet. A distributed rights policy template allows users to publish and consume rights-protected content, and an archived rights policy template only allows consumption once the rights policy template has been removed from the client computer. The properties included in these two rights policy templates are the same and are configured in the following procedure. </maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To create a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the Active Directory Rights Management Services (AD RMS) cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Create Distributed Rights Policy Template</maml:ui>. The <maml:ui>Create Distributed Rights Policy Template</maml:ui> wizard appears.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Add Template identification Information</maml:ui> page, click <maml:ui>Add</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Specify a language, name, description, and for the template, and then click <maml:ui>Add</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Add User Rights </maml:ui>page do the following:</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Click <maml:ui>Add</maml:ui>. In the <maml:ui>Add User or Group </maml:ui>dialog box, click <maml:ui>Browse</maml:ui> to browse to a user or group in your Active Directory Domain Services directory or type the valid e-mail address of a user or group to add, and then click <maml:ui>OK</maml:ui>. Repeat to add additional users or groups as necessary.</maml:para>

<maml:para>To specify that any user can acquire a use license for the protected content, select the <maml:ui>Anyone</maml:ui> option, which is a special group that is recognized by AD RMS.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Under <maml:ui>Users and rights</maml:ui>, select a user or group to which to assign rights. Select the check box of each right to grant to the selected user or group. </maml:para>

<maml:para>Select another user or group and repeat the process to grant rights to the remaining users and groups. If your AD RMS-enabled application has custom usage rights, you can assign those rights to users and groups by clicking <maml:ui>Create Custom Right</maml:ui>. In the <maml:ui>Create Custom Right </maml:ui>dialog box type the name of the right defined by your application. A check box will then be available for that right in your template. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In the <maml:ui>Rights request URL </maml:ui>box, type the URL from which users can request additional rights to rights-protected content.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>Next</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Specify Expiration Policy</maml:ui> page:</maml:para>
<maml:list class="ordered"><maml:listItem><maml:para>In <maml:ui>Content expiration</maml:ui>, select one of the three expiration options:</maml:para><maml:list class="unordered"><maml:listItem><maml:para>Select <maml:ui>Never expires</maml:ui> to prevent the content from expiring.</maml:para></maml:listItem>
<maml:listItem><maml:para>Select <maml:ui>Expires on the following date (UTC)</maml:ui> and then select the date and time on which you want the content to expire. The time is expressed in Coordinated Universal Time (UCT), also known as Greenwich Mean Time.</maml:para></maml:listItem>
<maml:listItem><maml:para>Select <maml:ui>Expires after the following duration (days)</maml:ui> and then select the number of days you want the content to remain valid.</maml:para></maml:listItem></maml:list></maml:listItem><maml:listItem><maml:para>If appropriate, in <maml:ui>Use license expiration</maml:ui>, select <maml:ui>Expires after the following duration (days)</maml:ui> and then select the number of days you want the license to remain valid.</maml:para></maml:listItem></maml:list>



<maml:para>Click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Specify Extended Policy</maml:ui> page:</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Click <maml:ui>Enable users to view protected content using a browser add-on</maml:ui> if you want the user who does not have an AD RMS-enabled application installed to view rights-protected content.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>Request a new use license every time content is consumed (disable client-side caching)</maml:ui> if you want the user to re-authenticate with AD RMS each time the rights-protected content is consumed.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>If you would like to specify additional information for your AD RMS-enabled applications, you can specify them here as name-value pairs</maml:ui> if you want to add application-specific data as custom name value pairs in addition to the XrML rights supported by AD RMS. An application developer can add to an AD RMS-enabled application to limit interaction with the protected content. Application-specific data is enforced at the AD RMS-enabled application level and applies to all users who use the application.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>Click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To implement revocation, in the <maml:ui>Specify Revocation Policy</maml:ui> page, select the <maml:ui>Require revocation</maml:ui> check box, and then take the following steps: </maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>In <maml:ui>Location where the revocation list is published (URL or UNC)</maml:ui>, type the URL where the revocation list file is posted. If you need to support disconnected users or external users, this URL should be accessible from both the internal organization's network and the Internet. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In <maml:ui>Refresh interval for revocation list (days)</maml:ui>, type the number of days that the revocation list remains valid. If a user has a copy of the revocation list that is older than this value, the user must obtain an updated revocation list to consume the content. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In <maml:ui>File containing public key corresponding to the signed revocation list</maml:ui>, type the path and file name, or click <maml:ui>Browse</maml:ui> to locate the public key file for the revocation list.</maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Be careful when implementing revocation. Based on the refresh interval that you specify, you must renew a revocation list periodically or it will automatically expire, preventing users from consuming content that requires that list. To ensure that you do not inadvertently prevent users from consuming content, carefully evaluate the interval you require for refreshing the revocation list.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>You can also create copies of rights policy templates. This can be useful if you have a template that you want to use as the basis for other templates with only minor modifications.</maml:para>

<maml:procedure><maml:title>To copy a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, select the rights policy template to be copied.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Copy</maml:ui> in the <maml:ui>Actions</maml:ui> pane. A new rights policy template will appear in the results pane.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configuring Accounts</maml:title><maml:introduction>
<maml:para>Accounts in AD RMS are used for the operation and maintenance of an AD RMS cluster. </maml:para>

<maml:para>This section describes the following procedures:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS User Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=2eecbdb1-9e09-4a46-bf34-3a2978313461"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add Users to AD RMS Administrative Groups</maml:linkText><maml:uri href="mshelp://windows/?id=9210fa30-ce12-468a-9f16-506868e2aa4b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set up a Super Users Group</maml:linkText><maml:uri href="mshelp://windows/?id=50714cdb-7e30-4844-a2f0-55ef651eef7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Reset the AD RMS Cluster Key Password</maml:linkText><maml:uri href="mshelp://windows/?id=55a69f4b-da6d-40b5-8673-17fa2fce6e7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change the AD RMS Service Account</maml:linkText><maml:uri href="mshelp://windows/?id=6ba05e2b-1b49-45c4-9138-6fd9d93ec142"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Administrative Contact</maml:linkText><maml:uri href="mshelp://windows/?id=a171a2ed-a357-4d88-ad4e-e447961bc632"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Edit a Rights Policy Template</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>To edit an existing rights policy template, use the following procedure.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To edit a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the Active Directory Rights Management Services (AD RMS) cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you are editing a distributed rights policy template, click <maml:ui>Manage Distributed Rights Policy Templates</maml:ui> in the <maml:ui>Actions</maml:ui> pane. If you are editing an archived rights policy template, click <maml:ui>Managed Archived Rights Policy Templates</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, click the name of the template to edit. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui> of the rights policy template.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Identification Information</maml:ui> tab, modify the information in the <maml:ui>Template name</maml:ui>, and <maml:ui>Template description</maml:ui> areas as appropriate. You can add additional languages to <maml:ui>Template language </maml:ui>as necessary.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>User Rights</maml:ui> tab, do one or more of the following: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To add a user or group, in <maml:ui>Users and rights</maml:ui>, click <maml:ui>Add</maml:ui>, type the valid e-mail address of a specific user or group to select <maml:ui>Anyone</maml:ui> to allow all users to view content, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Select the name in <maml:ui>Users and rights</maml:ui>. In the <maml:ui>Rights for</maml:ui> area, select all rights to be granted to the selected user or group. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To modify the rights of an existing user or group, select the name in <maml:ui>Users and rights</maml:ui>, and then select or clear the rights check boxes, as appropriate. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To remove a user or group, select the name in <maml:ui>Users and rights</maml:ui>, and then click <maml:ui>Remove</maml:ui>. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To add a custom right, click <maml:ui>Create Custom Right</maml:ui> and then type the name of the right supported by your rights-enabled application.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To change the URL that users can request additional rights through in<maml:ui> Rights request URL</maml:ui>, type the new URL.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Expiration Policy</maml:ui> tab, edit the information to change when content licenses expire and when they must be renewed, as appropriate.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Click <maml:ui>Never Expires</maml:ui> to set no expiration date on content that is protected with this rights policy template.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>Expires on the following date (UTC)</maml:ui> to set a specific date and time when the content protected with this rights policy template expires. The date and time are expressed in Coordinated Universal Time (UTC), also known as Greenwich Mean Time.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>Expires after the following duration</maml:ui> to set the content to expire after a set amount of days.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Under <maml:ui>Use license expiration</maml:ui>, set <maml:ui>Expires after the following duration</maml:ui> to force the user to request a new use license for all content protected by using this rights policy template.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Extended Policy</maml:ui> tab, edit the information to change how content licenses are to be implemented, including the persistence of author rights, whether trusted browsers are supported, license persistence within the content, and enforcement of any application-specific data, as appropriate.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Select <maml:ui>Enable users to view protected content using a browser add-on</maml:ui> if you want content protected by this rights policy template to be accessible by means of a Web browser, such as Internet Explorer with the Rights Management add-on.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Select <maml:ui>Require a new use license every time content is consumed</maml:ui> if you want users to request a new use license whenever the content protected with this rights policy template is opened. The AD RMS client must be able to connect to the AD RMS cluster each time that this content is consumed. This is not ideal for offline publishing.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To add additional name/value pairs created with AD RMS-enabled applications, select the <maml:ui>If you would like to specify additional information for your AD RMS-enabled application</maml:ui> box.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Revocation policy</maml:ui> tab, select whether a revocation list is to be required for content that is created by using this template. If you select <maml:ui>Require revocation</maml:ui>, complete the following settings, as appropriate: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>In <maml:ui>Location where the revocation list is published</maml:ui>, type the URL where the revocation list file is posted. If you need to support disconnected users or external users, this URL should be accessible from both the corporate network and the Internet.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In <maml:ui>Refresh interval for Revocation list</maml:ui>, type the number of days that the revocation list remains valid. If a user has a copy of the revocation list that is older than this value, the user must obtain an updated revocation list to consume the content.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In <maml:ui>File containing public key corresponding to the signed revocation list</maml:ui>, type the path and file name of the public key file for the revocation list. </maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Be careful when implementing revocation. Based on the refresh interval that you specify, you must renew a revocation list periodically or it will automatically expire, preventing users from consuming content that requires that list. To ensure that you do not inadvertently prevent users from consuming content, carefully evaluate the interval you require for refreshing the revocation list. </maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Once a rights policy template is edited on the cluster, the local copies of the template on the client computers must be updated as well.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Administering Certificates</maml:title><maml:introduction>
<maml:para>The procedures in this section are designed to help you manage rights account certificates (RACs) and server licensor certificates (SLC) in your AD RMS environment.</maml:para>

<maml:para>This section contains the following procedures:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=58dedefe-49d0-4b2e-b673-bfaa513fc70e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export the Server Licensor Certificate</maml:linkText><maml:uri href="mshelp://windows/?id=be7de4f2-7bc1-4704-a046-1a24623b5d7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Rights Account Certificate Validity Duration</maml:linkText><maml:uri href="mshelp://windows/?id=c8b196f6-6099-4f20-bf85-5fd3d2faa31e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enable Certification of Mobile Devices</maml:linkText><maml:uri href="mshelp://windows/?id=a7cca614-3146-437e-be39-0f8b8952b491"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enable Certification of Server Services</maml:linkText><maml:uri href="mshelp://windows/?id=7cbdc6af-bd44-44ee-ae26-0d71318c9796"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Authenticate Clients Using Smart Cards</maml:linkText><maml:uri href="mshelp://windows/?id=bd8266b9-ea5c-48d9-b1b2-0577154f7c9c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - AD RMS Server Cluster Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:para>Each AD RMS root or licensing-only cluster can be managed by using the Active Directory Rights Management Services console. This console can be used directly on an AD RMS server, through a Remote Desktop connection, or in a Microsoft Management Console (MMC) to which the remote cluster has been added.</maml:para>

<maml:para>For more information about tasks that can be accomplished by using the Active Directory Rights Management Services console, see <maml:navigationLink><maml:linkText>Configuring an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=73829489-45f1-415b-90ab-061a263d1ef6"></maml:uri></maml:navigationLink> and <maml:navigationLink><maml:linkText>Administer AD RMS by Using the Active Directory Rights Management Services console</maml:linkText><maml:uri href="mshelp://windows/?id=9145546f-a8ef-45b3-ab98-3e2c8bc1ef33"></maml:uri></maml:navigationLink>.</maml:para></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Rights Policy Templates</maml:title><maml:introduction>
<maml:para>Rights policy templates are used to control the rights that a user or group has on a particular piece of rights-protected content. AD RMS stores rights policy templates in the configuration database. Optionally, it maintains a copy of all rights policy templates in a shared folder that you specify. For information about how rights are enforced, see <maml:navigationLink><maml:linkText>Understanding Rights Enforcement</maml:linkText><maml:uri href="mshelp://windows/?id=59ebced7-b364-4dcb-bf96-7a0fade8629c"></maml:uri></maml:navigationLink>.</maml:para>


<maml:para>When publishing protected content, the author selects the rights policy template to apply from the templates that are available on the local computer. To make rights policy templates available to use for offline publishing, the administrator must deploy them to user computers from a shared folder. For  AD RMS running on Windows Server 2008 R2 or Windows Server® 2008, rights policy templates are automatically managed by the AD RMS client. A template distribution pipeline enables the AD RMS client to poll for updates to the rights policy templates. If a rights policy template has been added, changed, or deleted, the client detects these changes and updates the local rights policy templates during its next refresh. The rights policy templates are stored locally on the AD RMS client running Windows Server 2008 R2, Windows 7, Windows Server 2008, or Windows Vista in the <maml:replaceable>%localappdata%</maml:replaceable>\Microsoft\DRM\templates folder. For Windows XP, Windows 2000, and Windows Server 2003, the path is <maml:replaceable>%appdata%</maml:replaceable>\Microsoft\DRM\templates.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The new rights policy templates distribution method is only available for AD RMS clients running Windows Server 2008, Windows Vista RC1, Windows Server 2008 R2 or Windows 7. All versions of the Rights Management Services (RMS) client use the previous method for rights policy template distribution.</maml:para>
</maml:alertSet>

<maml:para>When you modify a rights policy template on the AD RMS server, the server updates the template in both the configuration database and the shared folder (if the AD RMS cluster is configured to specify a file location for storing copies of rights policy templates). When using AD RMS clients other than Windows Server 2008, Windows Vista RC1, Windows 7, or Windows Server 2008 R2, you should redeploy each rights policy template to client computers when it has been modified so that users have the most current version available on their computers. AD RMS clients running on Windows Server 2008, Windows Vista RC1, Windows 7, or Windows Server 2008 R2 will automatically detect this change and update the rights policy templates accordingly.</maml:para>

<maml:para>For more information about deploying rights policy templates, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=81070</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=81070"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Rights policy templates for the RMS client</maml:title><maml:introduction>
<maml:para>For users to be able to author rights-protected content using a rights policy template they must have access to the template. If client computers are always connected to the internal network and can access shared folders, you can have them use a shared folder for template access. However, most administrators choose to place the template files on the local client computers so that they can be used for offline as well as online publishing of rights-protected content. AD RMS-enabled clients running Windows Server 2008, Windows Vista RC1, Windows 7, or Windows Server 2008 R2 can use the template distribution pipeline to automatically update their rights policy templates.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If a template is moved to this AD RMS server from another AD RMS server, the template must then be exported from this server and redistributed to the clients before it can be used.</maml:para>
</maml:alertSet>

<maml:para>The following are a set of best practices to follow when deploying rights policy templates to versions of the RMS client:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Deploy the template files locally to user's computers, so they can use templates while their computers are not connected to the network. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Set up a shared folder as the deployment point on a server in the AD RMS cluster. Set the permissions on the shared folder and on the template files as described in the following table: </maml:para>
</maml:listItem>
</maml:list>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Account</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Permissions</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>AD RMS Service Group</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Modify</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>System</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Modify</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Users</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Read</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Enable support for Kerberos authentication</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>If you plan to use Active Directory Rights Management Services (AD RMS) with Kerberos authentication, you must take additional steps to configure the server running AD RMS after installing the AD RMS server role and provisioning the server. Specifically, you must perform these procedures:</maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>Set the Internet Information Services (IIS) useAppPoolCredentials variable to True</maml:para></maml:listItem>
<maml:listItem><maml:para>Set the Service Principal Names (SPN) value for the AD RMS service account</maml:para></maml:listItem></maml:list>
<maml:para>Membership in the <maml:phrase>AD RMS Enterprise Administrators</maml:phrase> and the <maml:phrase>Enterprise Admins</maml:phrase> group in AD DS, or equivalent, is the minimum required to complete this procedure.</maml:para>
<maml:procedure><maml:title>Set the IIS useAppPoolCredentials value to True</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Open an elevated command prompt window. To open an elevated Command Prompt window, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, right-click <maml:ui>Command Prompt</maml:ui>, and then click <maml:ui>Run as administrator</maml:ui>.

</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Navigate to %windir%\system32\inetsrv.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Type <maml:userInput>appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication -useAppPoolCredentials:true</maml:userInput>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>To perform the following procedure successfully, the AD RMS service account must be in the same forest as the AD RMS cluster. Also, if you change the AD RMS service account, you must delete the SPN registrations for the previous service account and then perform this procedure for the new service account.</maml:para></maml:alertSet>
<maml:procedure><maml:title>Set the Service Principal Names (SPN) value for the AD RMS service account</maml:title><maml:introduction><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>If the cluster is using Secure Sockets Layer (SSL), repeat steps 2 through 5, substituting HTTPS for HTTP.</maml:para></maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:introduction><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Open an elevated command prompt window. To open an elevated Command Prompt window, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, right-click <maml:ui>Command Prompt</maml:ui>, and then click <maml:ui>Run as administrator</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Type <maml:ui>setspn -a HTTP/&lt;ServerName&gt; &lt;ServiceAccountDomain&gt;\&lt;ServiceAccount&gt;</maml:ui>, where &lt;ServerName&gt; is the name of the server, &lt;ServiceAccountDomain&gt; is the name of the domain containing the AD RMS service account, and &lt;ServiceAccount&gt; is the name of the AD RMS service account.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Type <maml:ui>setspn -a HTTP/&lt;ServerFQDN&gt; &lt;ServiceAccountDomain&gt;\&lt;ServiceAccount&gt;</maml:ui>, where &lt;ServerFQDN&gt; is the fully qualified domain name (FQDN) of the server.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Type <maml:ui>setspn -a HTTP/&lt;ClusterName&gt; &lt;ServiceAccountDomain&gt;\&lt;ServiceAccount&gt;</maml:ui>, where &lt;ClusterName&gt; is the name of the AD RMS cluster.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Type <maml:ui>setspn -a HTTP/&lt;ClusterFQDN&gt; &lt;ServiceAccountDomain&gt;\&lt;ServiceAccount&gt;</maml:ui>, where &lt;ClusterFQDN&gt; is the fully qualified domain name (FQDN) of the cluster.</maml:para></maml:section></maml:sections></maml:step></maml:procedure></maml:introduction>

<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:introduction></maml:section>
</maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Establishing Trust Policies</maml:title><maml:introduction>
<maml:para>The procedures in this section are designed to help you establish a trust relationship between your AD RMS cluster and an AD RMS cluster in another domain or that is part of a different organization. </maml:para>

<maml:para>This section contains the following procedures:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=f04cf1fc-d07b-481e-a433-cf8e93ab64ba"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure Federated Identity Support Settings</maml:linkText><maml:uri href="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=59c802d0-3982-432c-b06f-3e148dca0166"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=f43dcb03-6e23-491a-87b0-67d541575923"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add a Trusted Publishing Domain</maml:linkText><maml:uri href="mshelp://windows/?id=71209d16-9e76-4bcf-8276-5e60ed8a4cef"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export a Trusted Publishing Domain</maml:linkText><maml:uri href="mshelp://windows/?id=930d4692-3345-423c-99ac-63d21b12d94d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Use Windows Live ID to Establish RACs for Users</maml:linkText><maml:uri href="mshelp://windows/?id=07567fd0-68bf-4f59-9916-b8cafacaf04e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Change the AD RMS Service Account</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>During installation, Active Directory Rights Management Services (AD RMS) creates the AD RMS Service Group on the local computer and grants it appropriate permissions on all of the resources that are required for AD RMS to operate. When you provision AD RMS on a server, you must define a domain account for use as the AD RMS service account. </maml:para>

<maml:para>That account is made a member of the AD RMS Service Group, and it is granted the permissions that are associated with this group. During routine operations, AD RMS runs under the AD RMS service account.</maml:para>

<maml:para>You can change the AD RMS service account at any time. When you do so, the previously specified account is automatically removed from the AD RMS Service Group, and the new account is made a member of it. If there is more than one server in the AD RMS cluster where you are changing the AD RMS service account, you must change the service account on all servers in the cluster.</maml:para>

<maml:para>To run the <maml:ui>Change Service Account</maml:ui> wizard, you must be logged on locally on the AD RMS server with a user account that has administrative privileges to the configuration database.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>For security reasons, we highly recommend that you create a special user account to use as the AD RMS service account, and that you use this account only as the AD RMS service account and for no other purpose. In addition, you should not grant this account any additional permissions.</maml:para>
</maml:alertSet>

<maml:para>Membership in the <maml:phrase>AD RMS Enterprise Administrators</maml:phrase> and the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To change the AD RMS Service Account</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and select the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Change Service Account</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Change Service Account</maml:ui> wizard, read the text on the Before Changing the AD RMS Service Account page, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>User name</maml:ui> box, specify the name of the account within which AD RMS will run for most operations. The user name should use the format <maml:replaceable>domain_name</maml:replaceable>\<maml:replaceable>user_name</maml:replaceable>. In the <maml:ui>Password</maml:ui> box, type the password for the associated user account.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Next</maml:ui>, and then click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1–5 for each server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>The AD RMS service account cannot be the same domain account that was used to install AD RMS.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add a Trusted Publishing Domain</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>By default, servers in an Active Directory Rights Management Services (AD RMS) cluster can issue use licenses only against the publishing licenses that it, or another server in its cluster, issued. If you have content that was published by using another AD RMS root cluster either in your organization, for example a subsidiary organization in another forest, or in another separate organization, your AD RMS cluster can grant use licenses to users for this content if you configure a trusted publishing domain (TPD). By adding a trusted publishing domain, you set up a trust relationship between your AD RMS cluster and the other root cluster by importing the server licensor certificate (SLC) of the other cluster. There is no limit to the number of TPDs that you can configure for your AD RMS cluster.</maml:para>

<maml:para>If the cluster key is stored in a CSP, you must transfer the cluster key to the CSP key container on each trusted server in the cluster by following the instructions in the CSP manufacturer's documentation. Depending on the type of CSP on each server and the configuration of any hardware security module devices, you might not be able to transfer the cluster key from one hardware security module to another. If you are using a CSP with a hardware security module, review the hardware security module documentation to determine whether you can transfer the cluster key without losing data that is in the destination hardware security module. If you cannot successfully transfer the cluster key, you cannot establish a trusted publishing domain.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you are using a hardware-based CSP, also known as a hardware security module (HSM), to protect your AD RMS cluster key and you are importing an SLC from an AD RMS installation that internally manages the AD RMS cluster key, you must specify a cluster key password on the <maml:ui>Security Policies</maml:ui> settings of the cluster before you attempt to import the certificate.</maml:para>
</maml:alertSet>

<maml:para>This procedure assumes that you have exported the TPD of another AD RMS cluster. For more information about exporting the TPD, see <maml:navigationLink><maml:linkText>Export a Trusted Publishing Domain</maml:linkText><maml:uri href="mshelp://windows/?id=930d4692-3345-423c-99ac-63d21b12d94d"></maml:uri></maml:navigationLink>.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To add a trusted publishing domain</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console, and then expand the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Trust Policies</maml:ui>, and then click <maml:ui>Trusted Publishing Domains</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Import Trusted Publishing Domain</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Trusted Publishing Domain file</maml:ui>, type the path to the trusted publishing domain file or click <maml:ui>Browse</maml:ui> to locate it.</maml:para>

<maml:para>This file contains the licensor certificate, private key (if the key is stored in software), and rights policy templates. This file is encrypted.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Password</maml:ui>, type the password required to decrypt this file.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Display name</maml:ui>, type a name to identify this trusted user domain.</maml:para>

<maml:para>Click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>You can remove a TPD at any time by removing its certificate from the list of certificates for TPDs under the <maml:ui>Trust Polices</maml:ui> node in the Active Directory Rights Management Services console. </maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export a Trusted Publishing Domain</maml:linkText><maml:uri href="mshelp://windows/?id=930d4692-3345-423c-99ac-63d21b12d94d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Reset the AD RMS Cluster Key Password</maml:linkText><maml:uri href="mshelp://windows/?id=55a69f4b-da6d-40b5-8673-17fa2fce6e7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Lockbox - Lockbox Results Pane</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>View recommended minimum lockbox version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This option connects to the Windows AD RMS Activation Service Web site (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=12995</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=12995"></maml:uri></maml:navigationLink>) and displays the current recommended lockbox version number. This number can be used to set the minimum lockbox version.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Lockbox Versions</maml:linkText><maml:uri href="mshelp://windows/?id=9a944ab7-f0d9-4224-97c6-b2543f537827"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configuring an AD RMS Cluster</maml:title><maml:introduction>
<maml:para>The procedures in this section are designed to help you configure Active Directory Rights Management Services (AD RMS) in your organization.</maml:para>

<maml:para>This section contains the following procedures: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administering Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enabling Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=5141e060-08ac-4874-98bc-c493658c4c8f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing the AD RMS databases</maml:linkText><maml:uri href="mshelp://windows/?id=8dba2e7f-700d-41b1-88a4-7489a6999e7b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring AD RMS Across Forests</maml:linkText><maml:uri href="mshelp://windows/?id=f1f3f842-b742-49a7-8724-04706368fcac"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Active Directory Rights Management Services Overview</maml:title><maml:introduction>
<maml:para>By using Active Directory Rights Management Services (AD RMS) and the AD RMS client, you can augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved. You can use AD RMS to help prevent sensitive information—such as financial reports, product specifications, customer data, and confidential e-mail messages—from intentionally or accidentally getting into the wrong hands. </maml:para>

<maml:para>For information about AD RMS, see the Active Directory Rights Management Services TechCenter page at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=80907</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=80907"></maml:uri></maml:navigationLink>.</maml:para>

<maml:para>In the following sections, learn more about AD RMS, the required and optional features in AD RMS, and hardware and software used for running AD RMS. At the end of this topic, learn how to open the AD RMS console and how to find more information about AD RMS.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>What is Active Directory Rights Management Services?</maml:title><maml:introduction>
<maml:para>An AD RMS system includes a Windows Server® 2008 R2-based server running the Active Directory Rights Management Services (AD RMS) server role that handles certificates and licensing, a database server, and the AD RMS client. The latest version of the AD RMS client is included as part of the Windows® 7 and Windows Vista® operating systems. The deployment of an AD RMS system provides the following benefits to an organization:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Safeguard sensitive information</maml:phrase>. Applications such as word processors, e-mail clients, and line-of-business applications can be AD RMS-enabled to help safeguard sensitive information Users can define who can open, modify, print, forward, or take other actions with the information. Organizations can create custom usage policy templates such as "confidential - read only" that can be applied directly to the information.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Persistent protection</maml:phrase>. AD RMS augments existing perimeter-based security solutions, such as firewalls and access control lists (ACLs), for better information protection by locking the usage rights within the document itself, controlling how information is used even after it has been opened by intended recipients.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Flexible and customizable technology</maml:phrase>. Independent software vendors (ISVs) and developers can AD RMS-enable any application or enable other servers, such as content management systems or portal servers running on Windows or other operating systems, to work with AD RMS to help safeguard sensitive information. ISVs are enabled to integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>AD RMS provides developer tools and industry security technologies—including encryption, certificates, and authentication—to help organizations create reliable information protection solutions. For creating customized AD RMS solutions, an AD RMS software development kit (SDK) is available.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Features in AD RMS</maml:title><maml:introduction>
<maml:para>By using Server Manager, you can set up the following components of AD RMS:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Active Directory Rights Management Services</maml:phrase>. The Active Directory Rights Management Services (AD RMS) role service is a required role service that installs the AD RMS components used to publish and consume rights-protected content.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Identity Federation Support</maml:phrase>. The identity federation support role service is an optional role service that allows federated identities to consume rights-protected content by using Active Directory Federation Services.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>Hardware and software considerations</maml:title><maml:introduction>
<maml:para>AD RMS runs on a computer running the Windows Server 2008 R2 operating system. When the AD RMS server role is installed, the required services are installed, one of which is Internet Information Services (IIS). AD RMS also requires a database, such as Microsoft SQL Server, which can be run either on the same server as AD RMS or on a remote server, and an Active Directory Domain Services forest.</maml:para>

<maml:para>The following table describes the minimum hardware requirements and recommendations for running Windows Server 2008 R2-based servers with the AD RMS server role. </maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Requirement</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Recommendation</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>One Pentium 4 3 GHz processor or higher</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Two Pentium 4 3 GHz processors or higher</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>512 MB of RAM</maml:para>
</maml:entry>
<maml:entry>
<maml:para>1024 MB of RAM</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>40 GB of free hard disk space</maml:para>
</maml:entry>
<maml:entry>
<maml:para>80 GB of free hard disk space</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>A limited set of server roles is available for the Server Core installation option of Windows Server 2008 and for Windows Server 2008 for Itanium-Based Systems.</maml:para>
</maml:alertSet>

<maml:para>To assist with your hardware considerations, use testing in a lab environment, data from existing hardware in a production environment, and pilot roll-outs to determine the capacity needed for your server.</maml:para>

<maml:para>The following table describes the software requirements for running Windows Server 2008 R2-based servers with the AD RMS server role. For requirements that can be met by enabling features on the operating system, installing the AD RMS server role will configure those features as appropriate, if they are not already configured. </maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Software</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Requirement</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Operating system</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Windows Server 2008 R2</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>File system</maml:para>
</maml:entry>
<maml:entry>
<maml:para>NTFS file system is recommended</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Messaging</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Message Queuing</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Web services</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Internet Information Services (IIS).</maml:para>

<maml:para>ASP.NET must be enabled.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Active Directory or Active Directory Domain Services</maml:para>
</maml:entry>
<maml:entry>
<maml:para>AD RMS must be installed in an Active Directory domain in which the domain controllers are running Windows Server 2000 with Service Pack 3 (SP3), Windows Server 2003, Windows Server® 2008, or Windows Server 2008 R2. All users and groups who use AD RMS to acquire licenses and publish content must have an e-mail address configured in Active Directory.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Database server</maml:para>
</maml:entry>
<maml:entry>
<maml:para>AD RMS requires a database server, such as Microsoft SQL Server 2005 or Microsoft SQL Server 2008, and stored procedures to perform operations. The AD RMS server role on Windows Server 2008 R2 does not support Microsoft SQL Server 2000.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>The AD RMS-enabled client must have an AD RMS-enabled browser or application, such as Microsoft Word, Outlook, or PowerPoint in Microsoft Office 2007. The AD RMS-enabled client must have an AD RMS-enabled browser or application, such as Microsoft Word, Outlook, or PowerPoint in Microsoft Office 2007. These applications require the Enterprise, Professional Plus, or Ultimate versions of Microsoft Office 2007 to create rights-protected content.
 For additional security, AD RMS can be integrated with other technologies such as smart cards.</maml:para>

<maml:para>Windows 7 and Windows Vista include the AD RMS client by default, but other client operating systems must have the RMS client installed. The RMS client with Service Pack 2 (SP2) can be downloaded from the Microsoft Download Center and works on versions of the client operating system earlier than Windows Vista and Windows Server 2008. </maml:para>

<maml:para>For more detailed information about hardware and software considerations with AD RMS, see the Pre-installation Information for Active Directory Rights Management Services topic on the Windows Server 2008 Technical Library (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=84733</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=84733"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Installing AD RMS</maml:title><maml:introduction>
<maml:para>After you finish installing the operating system, you can use Initial Configuration Tasks or Server Manager to install server roles. To install AD RMS, in the list of tasks, click <maml:ui>Add roles</maml:ui>, and then click the <maml:ui>Active Directory Rights Management Services</maml:ui> check box.</maml:para>

<maml:para>For detailed instructions about installing and configuring AD RMS in a test environment, see the AD RMS installation Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=72134</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=72134"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Managing AD RMS</maml:title><maml:introduction>
<maml:para>Server roles are managed by using a Microsoft Management Console (MMC) snap-in. Use the Active Directory Rights Management Services console to manage AD RMS. To open the Active Directory Rights Management console, click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Rights Management Services</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>For more information</maml:title><maml:introduction>
<maml:para>To learn more about AD RMS, you can view the Help on your server. To do this, open the Active Directory Rights Management Services console, and then press F1, or visit the Active Directory Rights Management Services TechCenter (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=80907</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=80907"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted User Domains - Trusted User Domains Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>By default, an AD RMS cluster does not service requests from users with a rights account certificate (RAC) that was issued by a different AD RMS cluster. However, you can add user domains to the list of trusted user domains, which allows AD RMS to process such requests. </maml:para>

<maml:para>For each trusted domain, you can also add and remove specific users or groups of users. In addition, you can remove a trusted user domain; however, you cannot remove the root cluster for this Active Directory Domain Services (AD DS) forest from the trusted user domains. Every AD RMS server in a deployment trusts the root cluster in its own forest. </maml:para>

<maml:para>The Trusted User Domains results pane lists the trusted user domains for the cluster.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=f43dcb03-6e23-491a-87b0-67d541575923"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=59c802d0-3982-432c-b06f-3e148dca0166"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=f04cf1fc-d07b-481e-a433-cf8e93ab64ba"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Deploying AD RMS in an Extranet</maml:title><maml:introduction>
<maml:para>This checklist helps you set up your Active Directory Rights Management Services (AD RMS) cluster to support users that need to work with rights-protected content when they are not connected to your organization's network, such as mobile users and telecommuters.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Step</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Install the AD RMS server role</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Install AD RMS Server Role</maml:linkText><maml:uri href="mshelp://windows/?id=24ae01a6-a2c2-4f29-b16b-528565a83644"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure appropriate Windows Firewall exception</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Configure Windows Firewall</maml:linkText><maml:uri href="mshelp://windows/?id=fef73389-43c8-4b45-bf48-4e1682d89838"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Open the Active Directory Rights Management Services console</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Administer AD RMS by Using the Active Directory Rights Management Services console</maml:linkText><maml:uri href="mshelp://windows/?id=9145546f-a8ef-45b3-ab98-3e2c8bc1ef33"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure the AD RMS cluster settings</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Add an Extranet Cluster URL</maml:linkText><maml:uri href="mshelp://windows/?id=ae03d1a8-dd14-4750-ae4e-679dad59c8fc"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>This checklist does not cover publishing the AD RMS certification and licensing extranet cluster URLs to the Internet. For recommendations about how to securely publish the extranet cluster URLs to the Internet, see Deploying Active Directory Rights Management Services in an Extranet Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=72138</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=72138"></maml:uri></maml:navigationLink>).</maml:para>
</maml:alertSet>

<maml:para>For more information about configuring AD RMS to collaborating outside of the organizational network, see Deploying Active Directory Rights Management Services in an Extranet Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=72138</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=72138"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Remove the AD RMS Server Role</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The AD RMS server role is removed from an AD RMS cluster by using Server Manager. </maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>If you are removing every server in the AD RMS cluster, be sure to first decommission AD RMS and remove all protection from the content that is rights-protected by this AD RMS cluster. If you are only removing one AD RMS server from the cluster, you do not need to decommission the AD RMS environment because other servers continue to issue certification and licensing requests to AD RMS users.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To remove the AD RMS server role</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to the server on which you want to remove the AD RMS server role. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the tree, click <maml:ui>Manage Roles</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Roles Summary</maml:ui>, click <maml:ui>Remove roles</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Read <maml:ui>Before You Begin</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Clear the <maml:ui>Active Directory Rights Management Services</maml:ui> check box. If you no longer have a need for Internet Information Services (IIS) on this server, clear the <maml:ui>Web Server (IIS)</maml:ui> box, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Remove</maml:ui>. Removing the AD RMS server role can take several minutes.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When the server role is removed, click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Decommission AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=e46ee7dd-5acf-45db-b426-101fd6fa958b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Removing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=ae904fc1-9a96-4dec-adf8-43aa8c3b89f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Resources for AD RMS</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:para>For more information about Active Directory Rights Management Services (AD RMS), see the following resources:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>For information about getting started with AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=84730</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=84730"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For information about evaluating AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=84732</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=84732"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:sections><maml:section><maml:title>Additional reference</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Active Directory Rights Management Services</maml:linkText><maml:uri href="mshelp://windows/?id=f80253cf-2112-4b7d-8e97-509e49a9345a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Users - User Exclusion Policies Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>A rights account certificate (RAC) can be excluded by specifying either the user's e-mail address or the RAC public key string. When you exclude a user’s RAC, AD RMS adds the excluded key, the user’s account name, as well as the date and time of the exclusion to the DRMS_GicExclusionList table of the configuration database for the root cluster.</maml:para>

<maml:para>This results pane lists all of the excluded users of the AD RMS cluster.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Users</maml:linkText><maml:uri href="mshelp://windows/?id=a21692e9-ce39-4fbb-90a3-11d676d5633e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Enable Certification of Server Services</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Server services in AD RMS allows for AD RMS-enabled server applications to request rights account certificates (RACs) on behalf of other users. An example of an AD RMS-enabled server application is Microsoft Exchange Server 2007. There are a few things that you should be aware of when configuring server services:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Discretionary Access Control Lists (DACLs) on the AD RMS pipelines use the most secure settings by default. You must modify the DACL when using AD RMS server services.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If the AD RMS client is installed on a Windows Server 2003-based, Windows Server 2008, or Windows Server 2008 R2-based server and Internet Explorer Enhanced Security Configuration is enabled, you must add the AD RMS cluster URL to the <maml:ui>Local Intranet</maml:ui> security zone in Internet Explorer.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Many server services use advanced Active Directory Domain Services (AD DS) functionality that is only available if all AD DS domain controllers are running Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. If you are using any server services, we recommend that all domain controllers are running Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2, and that both the domain and forest AD DS functional levels are at least Windows Server 2003.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>In a default AD RMS installation, the DACL of the AD RMS server certification pipeline is restricted, which means an application cannot obtain certificates and licenses for their users. However, if you have an AD RMS-enabled application for these computers, you can enable them to participate in your AD RMS system by configuring the DACLs on the AD RMS server certification pipeline.</maml:para>

<maml:para>AD RMS-enabled server applications can connect to the AD RMS server certification service by using the <maml:ui>ServerCertification.asmx</maml:ui> file.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If there is more than one AD RMS server in the AD RMS cluster, the DACL on the server certification service must be changed on each server in the cluster.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To enable certification of server services</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Windows Explorer and navigate to the folder where Internet Information Services was installed. By default, the folder path is %systemdrive%\Inetpub\wwwroot\_wmcs\Certification.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To enable server services to receive RACs, right-click the <maml:ui>ServerCertification.asmx</maml:ui> file, and then click <maml:ui>Properties</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Security</maml:ui> tab, click <maml:ui>Add</maml:ui>, and then add the computer account object of the AD RMS-enabled server application and the <maml:ui>AD RMS Service Group</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Permissions</maml:ui> lists for the groups, select the <maml:ui>Allow</maml:ui> check box for both <maml:ui>Read</maml:ui> and <maml:ui>Read &amp; Execute</maml:ui> permissions, and then click <maml:ui>OK</maml:ui>.  </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If several servers are hosting AD RMS-enabled server applications, consider creating a group, adding all of the computer objects to this group, and then adding the group to the DACL of the certification pipeline instead.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Restart Internet Information Services by running <maml:computerOutputInline>IISRESET</maml:computerOutputInline> at a command prompt to implement the changes to the DACLs on the AD RMS Web services.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administering Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Delete a Rights Policy Template</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When you delete a rights policy template from the AD RMS cluster, content published using that template can no longer be consumed. As a best practice, you should back up the configuration database before deleting a rights policy template to ensure that you can recover rights-protected content if necessary. </maml:para>

<maml:para>An alternative to backing up the whole database is to archive the template that you want to stop using to add rights-protection to documents. Archiving a rights policy template will allow users to consume the content but not create new rights-protected content with the template. For more information about archiving templates, see <maml:navigationLink><maml:linkText>Archive a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=12db6560-7522-42e4-a98f-8f867c953635"></maml:uri></maml:navigationLink>. </maml:para>

<maml:para>For AD RMS clients that are not running Windows Server 2008 or Windows Server 2008 R2, or clients for which the automatic rights policy template distribution has not been enabled, you must manually remove the rights policy template from a user's computer. If you do not remove the deleted rights policy template and someone uses it to publish content, AD RMS will not be able to issue any use licenses for the content, because it will not be able to locate the specified template in the configuration database.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To delete a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a computer in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the name of the rights policy template to delete, and then, in the <maml:ui>Action</maml:ui> pane, click <maml:ui>Delete</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Yes</maml:ui> to confirm the deletion.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Archive a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=12db6560-7522-42e4-a98f-8f867c953635"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Security Policies - Security Policies Results Pane</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Change super user settings</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This option allows you to enable or disable the AD RMS super users group. This group can decrypt all content published by the cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Reset password</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The cluster key password is used to protect the private key of the AD RMS cluster if the cluster's private key is being centrally managed by AD RMS.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Change decommissioning settings</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The decommissioning feature is used before you remove AD RMS from your infrastructure and you need to decrypt all of the content that was protected by AD RMS.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set up a Super Users Group</maml:linkText><maml:uri href="mshelp://windows/?id=50714cdb-7e30-4844-a2f0-55ef651eef7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Reset the AD RMS Cluster Key Password</maml:linkText><maml:uri href="mshelp://windows/?id=55a69f4b-da6d-40b5-8673-17fa2fce6e7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Decommission AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=e46ee7dd-5acf-45db-b426-101fd6fa958b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding the AD RMS Databases</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Servers in the AD RMS cluster are tightly integrated with the database server during normal operations. The AD RMS database server stores configuration, logging, and directory services information for use by AD RMS. </maml:para>

<maml:para>You can use the Windows Internal Database in Windows Server® 2008 R2 to support a new installation of AD RMS using a single server.</maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>If you are using the MSDE 2000 or Microsoft SQL Server 2000 to host the Rights Management Services (RMS) databases, you cannot upgrade to AD RMS. An upgrade is only supported if you are using Microsoft SQL Server 2005 or Microsoft SQL Server 2008 to host the AD RMS databases.</maml:para>
</maml:alertSet>

<maml:para>We recommend that you use a separate database server such as Microsoft SQL Server 2005 or Microsoft SQL Server 2008. AD RMS uses the following databases:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Configuration database</maml:para>

<maml:para>The configuration database is a critical component of an AD RMS installation because it stores, shares, and retrieves all configuration data and other data that you need to manage account certification, licensing, and publishing services for a cluster. The way that you manage your configuration database directly affects the security and availability of rights-protected content.</maml:para>

<maml:para>Each AD RMS cluster has one configuration database. The configuration database for the root cluster contains a list of Windows user identities and their rights account certificate (RAC)s. If the cluster key is centrally managed by AD RMS, the certificate key pair is encrypted to the AD RMS cluster key before it is stored in the database. The configuration databases for licensing-only clusters do not contain this information.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Logging database</maml:para>

<maml:para>For each root or licensing-only cluster, by default AD RMS installs a logging database in the same database server instance that hosts the configuration database. AD RMS also creates a private message queue on each server in the AD RMS cluster for logging in Message Queuing. The AD RMS logging service transmits data from this message queue to the logging database.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Directory services database</maml:para>

<maml:para>This database contains information about users, identifiers (such as e-mail addresses), security ID (SID), group membership, and alternate identifiers. This information is obtained from Lightweight Directory Access Protocol (LDAP) queries made to the Active Directory Domain Services (AD DS) global catalog by the AD RMS licensing service. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>The user account that was logged on when the AD RMS server role was added has Database Owner permissions on all of these databases.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing the AD RMS databases</maml:linkText><maml:uri href="mshelp://windows/?id=8dba2e7f-700d-41b1-88a4-7489a6999e7b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Pre-installation Information for Active Directory Rights Management Services</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Before you install AD RMS</maml:title><maml:introduction>
<maml:para>Before you install Active Directory Rights Management Services (AD RMS) on Windows Server® 2008 R2 for the first time, there are several requirements that must be met:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Install the AD RMS server as a member server in the same Active Directory Domain Services (AD DS) domain as the user accounts that will be consuming rights-protected content.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Create a domain user account with no additional permissions to be used as the AD RMS service account.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Select the user account for installing AD RMS with the following restrictions:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The user account installing AD RMS must be different than the AD RMS service account.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you are registering the AD RMS service connection point (SCP) during installation, the user account installing AD RMS must be a member of the AD DS Enterprise Admins group, or equivalent.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you are using an external database server for the AD RMS databases, the user account installing AD RMS must have the right to create new databases. If Microsoft SQL Server 2005 or Microsoft SQL Server 2008 is used, the user account must be a member of the System Administrators database role, or equivalent</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The user account installing AD RMS must have access to query the AD DS domain.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>

<maml:listItem>
<maml:para>Reserve a URL for the AD RMS cluster that will be available throughout the lifetime of the AD RMS installation. Ensure that the reserved URL is different from the computer name.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>In addition to pre-installation requirements for AD RMS, we strongly recommend the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Install the database server used to host the AD RMS databases on a separate computer. See <maml:navigationLink><maml:linkText>System requirements</maml:linkText><maml:uri href="mshelp://windows/?id=878e9550-5966-40f3-862c-7ea309ddb0ed#rms_reqs"></maml:uri></maml:navigationLink> for information about database servers that Windows Server 2008 R2 supports.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Install the AD RMS cluster using a secure sockets layer (SSL) certificate. This certificate should be issued from a trusted root certification authority.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Create a DNS alias (CNAME) record for the AD RMS cluster URL and a separate CNAME record for the computer hosting the AD RMS configuration database. In the event that the AD RMS servers are retired, lost due to a hardware failure, or the computer's name is changed, a CNAME record can be updated without having to publish all rights-protected files again.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you are using a named instance for the AD RMS configuration database, the SQL Server Browser service must be started on the database server before installing AD RMS. Otherwise, the AD RMS installation will not be able to locate the configuration database and the installation will not succeed.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>Before you upgrade from RMS to AD RMS</maml:title><maml:introduction>
<maml:para>If you are upgrading from any version of Rights Management Services (RMS) to AD RMS, do the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Back up the RMS databases and store in a secure location.</maml:para>
</maml:listItem>
<maml:listItem><maml:para>If your RMS cluster was configured to use the local SYSTEM account as the service account for the cluster, you must change the service account from the local SYSTEM account to a domain user account before upgrading from RMS to AD RMS.</maml:para></maml:listItem>

<maml:listItem>
<maml:para>If you used the offline enrollment option to provision RMS, ensure that the enrollment is complete before upgrading to AD RMS.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you have been using MSDE to host your RMS databases, you must upgrade the databases to Microsoft SQL Server 2005 or later before you upgrade the RMS cluster to AD RMS. An upgrade from versions of RMS by using the MSDE database is not supported. </maml:para></maml:listItem>
<maml:listItem><maml:para>If you have been using Microsoft SQL Server 2000 to host your RMS databases, you must upgrade the databases to Microsoft SQL Server 2005 or later before you upgrade the RMS cluster to AD RMS.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Flush the RMS Message Queuing queue to ensure that all messages are written to the RMS logging database.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>Important considerations for installing AD RMS</maml:title><maml:introduction>
<maml:para>The following are a list of things that should be considered before installing AD RMS:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Self-signed certificates should be used only in a test environment. For pilot and production environments, we recommend using an SSL certificate issued by a trusted certification authority.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The Windows Internal Database with AD RMS is intended for use only in test environments. Because the Windows Internal Database does not support remote connections, it is not possible to add another server to the AD RMS cluster in this scenario.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If an SCP already exists in the Active Directory forest for which you are installing AD RMS, ensure that the cluster URL in the SCP is the same as the cluster URL for the new installation. If they are not the same, you should not register the SCP during AD RMS installation.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>When installing AD RMS, localhost is not a supported cluster URL.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>When specifying the AD RMS service account during installation, make sure that a smart card has not been inserted into the computer. If a smart card is attached to the computer, you will get an error message that the user account installing AD RMS does not have access to query AD DS.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>When joining a new server to an existing AD RMS cluster, the SSL certificate should exist on the new server before the AD RMS installation starts.</maml:para>
</maml:listItem>
<maml:listItem><maml:para>AD RMS does not support Kerberos authentication by default. For information about steps you must take to configure the server to support Kerberos authentication, see <maml:navigationLink><maml:linkText>Enable support for Kerberos authentication</maml:linkText><maml:uri href="mshelp://windows/?id=636a447d-35f0-4e6f-a8b2-0a1bf279d1de"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Windows Server 2008 R2 does not support Windows Rights Management Services (RMS) Client version 1. Support for this version of the client has ended with the release of the latest service pack for RMS Client version 1. To continue being able to create and access AD RMS-protected content, clients running RMS Client version 1 must install the latest service pack from <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=140054</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=140054"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>Important considerations for installing AD RMS with identity federation support</maml:title><maml:introduction>
<maml:para>The following are a list of things that should be considered before installing AD RMS with identity federation support:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>A federated trusted relationship must be configured before you install Identity Federation Support. During the installation of the Identity Federation Support role service, you are asked to specify the URL of the federation service.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Active Directory Federation Services (AD FS) requires secure communication between AD RMS and the AD FS resource server. In order to use federation support with AD RMS, AD RMS must be installed using a secure cluster address.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The AD RMS service account must have the <maml:ui>Generate Security Audits</maml:ui> privilege. This privilege is granted by using the Local Security Policy console.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The AD RMS extranet cluster URLs must be accessible to the federated account partner.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section address="rms_reqs">
<maml:title>System requirements</maml:title><maml:introduction>
<maml:para>The following table describes the minimum hardware requirements and recommendations for running Windows Server® 2008 R2 servers with the AD RMS server role. </maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Requirement</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Recommendation</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>One Pentium 4 3 GHz processor or higher</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Two Pentium 4 3 GHz processors or higher</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>512 MB of RAM</maml:para>
</maml:entry>
<maml:entry>
<maml:para>1024 MB of RAM</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>40 GB of free hard disk space</maml:para>
</maml:entry>
<maml:entry>
<maml:para>80 GB of free hard disk space</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>The following table describes the software requirements for running Windows Server 2008 R2 servers with the AD RMS server role. For requirements that can be met by enabling features on the operating system, installing the AD RMS server role will configure those features as appropriate, if they are not already configured. </maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Software</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Requirement</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Operating system</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Windows Server 2008 R2</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>File system</maml:para>
</maml:entry>
<maml:entry>
<maml:para>NTFS file system is recommended</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Messaging</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Message Queuing</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Web services</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Internet Information Services (IIS)</maml:para>

<maml:para>ASP.NET must be enabled.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Active Directory or AD DS</maml:para>
</maml:entry>
<maml:entry>
<maml:para>AD RMS must be installed in an Active Directory domain in which the domain controllers are running Windows Server 2000 with Service Pack 3 (SP3), Windows Server 2003, Windows Server® 2008 or Windows Server 2008 R2. All users and groups who use AD RMS to acquire licenses and publish content must have an e-mail address configured in Active Directory.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Database server</maml:para>
</maml:entry>
<maml:entry>
<maml:para>AD RMS requires a database server, such as Microsoft SQL Server 2005, and stored procedures to perform operations. The AD RMS server role on Windows Server 2008 R2 does not support Microsoft SQL Server 2000.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying a Single-Server Installation</maml:linkText><maml:uri href="mshelp://windows/?id=4f757264-290e-4661-ba07-83912325efbd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying AD RMS in an Extranet</maml:linkText><maml:uri href="mshelp://windows/?id=74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying AD RMS in an Organization with Users in Multiple Forests</maml:linkText><maml:uri href="mshelp://windows/?id=1f1d0032-1e8c-4e5a-b438-cfa01fe82228"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying an AD RMS Licensing-only Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=e605e743-a4cb-416b-becd-c7240d0b0449"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying AD RMS with AD FS</maml:linkText><maml:uri href="mshelp://windows/?id=05c98626-7880-44e7-821f-753bd88526ca"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing the AD RMS databases</maml:title><maml:introduction>
<maml:para>AD RMS events and messages can be logged to a database on your database server. This section describes the following operations:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding the AD RMS Databases</maml:linkText><maml:uri href="mshelp://windows/?id=838c46d3-e87a-445f-9ed5-9ba515f7ead2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Turn on or Turn off Logging</maml:linkText><maml:uri href="mshelp://windows/?id=cdcd00de-abfb-43e9-a247-a462d7b65c54"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Monitor the AD RMS Message Queue</maml:linkText><maml:uri href="mshelp://windows/?id=b67a40b0-f954-4f55-a047-f82dd62be796"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Deploy Rights Policy Templates Through Group Policy</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>New Group Policy template files (ADM files) are available that assist Active Directory administrators in making and distributing settings for Office 2007 by using Group Policy. To download the 2007 Office System Administrative Templates, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=80639</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=80639"></maml:uri></maml:navigationLink>.</maml:para>

<maml:para>The following files in the Administrative Templates package are extracted to a folder that you choose:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Access12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Cpao12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Excel12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Groove12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Ic12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Inf12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Office12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Onent12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Outlk12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Ppt12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Proj12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Pub12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Spd12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Visio12.adm</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Word12.adm</maml:para>
</maml:listItem>
</maml:list>

<maml:para>Once the ADM files are imported into Group Policy (at minimum you must have Office12.adm), IRM settings can be found under <maml:ui>User Configuration</maml:ui>, <maml:ui>Administrative Templates</maml:ui>, <maml:ui>Microsoft Office 2007 System</maml:ui>, <maml:ui>Manage Restricted Permissions</maml:ui>. Configure the <maml:ui>Specify Permission Policy Path</maml:ui> setting to reflect the local template store on the client computer.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted Publishing Domains - Export Trusted Publishing Domain Wizard</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Publishing domain file</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Path to the trusted publishing domain you are exporting</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Password</maml:para>

<maml:para>Confirm Password</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Type a strong password that is used to encrypt the trusted publishing domain file</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Saved as V1 trusted publishing domain file</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select this check box if the trusted publishing domain will be imported into an earlier version of Rights Management Services (RMS).</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Specify the Location of Rights Policy Templates</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>With Windows Server 2008 or Windows Server 2008 R2, rights policy templates can automatically obtain rights policy templates from an AD RMS cluster and keep them up-to-date through an automated scheduled task. For more information about creating this scheduled task, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=93718</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=93718"><maml:summary>http://go.microsoft.com/fwlink/?LinkId=93718</maml:summary></maml:uri></maml:navigationLink>. However, you might need to continue exporting templates to a folder for distributing them manually to clients not running Windows Server 2008 or Windows Server 2008 R2. The location you specify by using the following procedure creates a point from which you can distribute the templates to client computers.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Only distributed rights policy templates are stored in the shared folder. If you are using archived rights policy templates, you must change them to distributed rights policy templates before they can appear in the shared folder.</maml:para></maml:alertSet>

<maml:para>If you are using Microsoft Office 2003 or later as your AD RMS-enabled application, the location where Microsoft Office applications look for the rights policy templates is controlled by the AdminTemplatePath registry key. This registry entry should be configured to point to a local folder where the rights policy templates are stored. For more information about deploying rights policy templates, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=81070</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=81070"></maml:uri></maml:navigationLink>.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To specify the location of rights policy templates</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Create a folder on the server to be used to store the exported rights policy templates.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui>, and then select the <maml:ui>Enable export</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Specify templates file location (UNC)</maml:ui> box, type the location of a shared folder in which to store the rights policy templates for this cluster, in the format \\<maml:replaceable>server_name</maml:replaceable>\<maml:replaceable>share_name</maml:replaceable> or click <maml:ui>Browse</maml:ui> to navigate to the location. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Make sure that the following criteria are met before exporting the rights policy templates:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The AD RMS Service Group must have Write permission on the shared folder.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Shared folders for templates are not created in the core folders that are used by AD RMS, such as the _wmcs folder in the %systemdrive%\inetpub\wwwroot folder.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Make sure that the shared folder is accessible before exporting the rights policy templates to it. Otherwise, you need to clear the <maml:ui>Enable export</maml:ui> box, click <maml:ui>OK</maml:ui>, set the <maml:ui>Enable export</maml:ui> box, type the name of the shared folder again, and then click <maml:ui>OK</maml:ui>. This action forces all rights policy templates to export to the shared folder.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After you export the rights policy templates, make them available to users. Different versions of the AD RMS client and AD RMS-enabled applications have different means of specifying where rights policy templates should be stored on the client computer. Consult the manufacturer of the AD RMS-enabled application to determine how rights policy templates are handled for that application.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Reports - Reports Results Pane</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Statistics Reports</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the number of total accounts, domain accounts, and federated identities certified, or granted a rights account certificate (RAC), by your AD RMS root cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Health Reports</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides information about the overall health of the AD RMS cluster by using a wizard. The System Health report has two views: Request Type Summary and Request Performance Summary.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Troubleshooting Reports</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Assists you in troubleshooting issues with AD RMS licenses by using a wizard.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>To access the System Health and Troubleshooting reports, you must install the Microsoft Report Viewer (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83215</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83215"></maml:uri></maml:navigationLink>).</maml:para>
</maml:alertSet>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Install the AD RMS Client on Earlier Versions of Windows</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Beginning with Windows Vista and Windows Server 2008, the name of the AD RMS client has changed to Active Directory Rights Management Services (AD RMS) client and is integrated into the operating system so that a separate installation is not required. In earlier versions of Windows, the client is named Microsoft Windows Rights Management Services (RMS) client and is available from the Microsoft Download Center as a separate downloadable component. The RMS client can be installed on the Windows 2000, Windows XP, and Windows Server 2003 operating systems.</maml:para>

<maml:para>The RMS client supports three different architectures: x86, x64, and Itanium. The download locations for each version of the RMS client are the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>RMS client (x86 version): <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=76880</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=76880"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>RMS client (x64 version): <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=76882</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=76882"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>RMS client (Itanium version): <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=76884</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=76884"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>The AD RMS client requires little interaction from the system administrator who is administering the client computers. However, in more complex environments, it might be necessary to adjust the default AD RMS client configuration.</maml:para>

<maml:para>For more information about adjusting the default configuration, see <maml:navigationLink><maml:linkText>AD RMS Client Service Discovery</maml:linkText><maml:uri href="mshelp://windows/?id=edab589f-74ea-48d5-a55a-7cb18a65f066"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>AD RMS Client Service Discovery</maml:linkText><maml:uri href="mshelp://windows/?id=edab589f-74ea-48d5-a55a-7cb18a65f066"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Working with the AD RMS Client</maml:linkText><maml:uri href="mshelp://windows/?id=3230bca4-51cb-418f-86ba-bb6539385418"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Security Policies - Cluster Key Password - Cluster Key Password Properties</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Password</maml:para>

<maml:para>Confirm password</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enter the new password used to protect the cluster key. This should be a strong password.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Reset the AD RMS Cluster Key Password</maml:linkText><maml:uri href="mshelp://windows/?id=55a69f4b-da6d-40b5-8673-17fa2fce6e7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Administer AD RMS by Using the Active Directory Rights Management Services console</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When you add a cluster to the Active Directory Rights Management Services console, a connection is made between the console and a server in the cluster that serves as the AD RMS cluster connection point. The other servers in the cluster are joined with that server to create the cluster and are managed together. </maml:para>

<maml:para>To administer AD RMS you must have been granted an Administration role on each server in the AD RMS cluster. For day-to-day operations there are three administration groups identified for AD RMS:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>AD RMS Enterprise Administrators</maml:para>

<maml:para>Members of this group have access to all features in the AD RMS console. During installation of AD RMS, the installing user account is automatically added to this group.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>AD RMS Template Administrators</maml:para>

<maml:para>Members of this group can only access rights policy template administration features in the AD RMS console.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>AD RMS Auditors</maml:para>

<maml:para>Members of this group can only access the reports feature in the AD RMS console.</maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>There is also the AD RMS Service Group. Members of this group act as the AD RMS service account. During the installation of AD RMS, the user account designated as the service account is automatically added to this group.</maml:para>
</maml:alertSet>

<maml:para>In addition to these administrative groups, some features are restricted to users that have additional credentials:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Changing the AD RMS service account.</maml:para>

<maml:para>Performing this task requires that the logged in user account be a member of the AD RMS Enterprise Administrators group and a member of the local administrators group on the server.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Changing the cluster key password</maml:para>

<maml:para>Performing this task requires that the logged on user account be a member of the AD RMS Enterprise Administrators group and a member of the local administrators group on the server.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Registering or changing the service connection point (SCP)</maml:para>

<maml:para>Performing this task requires that the logged in user account be a member of the AD RMS Enterprise Administrators and have permission to change and create object in Active Directory Domain Services (AD DS). For example, a user who is a member of the AD RMS Enterprise Administrators group and the AD DS Enterprise Admins group would have the proper credentials to perform this task.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, <maml:phrase>AD RMS Template Administrators</maml:phrase>, or <maml:phrase>AD RMS Auditors</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To open the Active Directory Rights Management Services console</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start,</maml:ui> point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Rights Management Services</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The AD RMS cluster to which this computer is assigned to is added automatically. If you want to add additional clusters, click <maml:ui>Add Cluster</maml:ui> in the results pane.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add Users to AD RMS Administrative Groups</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>User accounts are added to the AD RMS administrative groups by using Server Manager.</maml:para>
<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>
<maml:procedure><maml:title>To add users to AD RMS administrative groups</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Configuration</maml:ui>, expand <maml:ui>Local Users and Groups</maml:ui>, and then click <maml:ui>Groups</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Double-click the desired group, such as <maml:ui>AD RMS Enterprise Administrators</maml:ui>, <maml:ui>AD RMS Auditors</maml:ui>, or <maml:ui>AD RMS Template Administrators</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Add</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box, type the user name of the account in the form <maml:replaceable>user_name@domain_name</maml:replaceable>, click <maml:ui>OK</maml:ui>, and then click <maml:ui>OK</maml:ui> again.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1-6 for each server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>To reduce administrative overhead, you can add a security group to the AD RMS administrative group in Active Directory Domain Services (AS DS) and add the user accounts to the AD DS group.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Export a Trusted Publishing Domain</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Use the following procedure to export a trusted publishing domain (TPD) to a file.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To export a trusted publishing domain</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console, and then expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Trust Policies </maml:ui>and then click <maml:ui>Trusted Publishing Domains</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>results</maml:ui> pane, select the certificate for the domain you want to export.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Export Trusted Publishing Domain</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Publishing domain file</maml:ui> box, type the name of the publishing domain file you are exporting or click <maml:ui>Save As</maml:ui> to export it to a special location. Make sure you specify the .xml file name extension.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Password </maml:ui>and<maml:ui> Confirm password </maml:ui>boxes, type a strong password that will be used to encrypt the trusted publishing domain file. You need this password to import this file into another AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If this trusted publishing domain file will be imported into versions of Rights Management Services (RMS), click the <maml:ui>Saved as V1 compatible trusted publishing domain file</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Finish</maml:ui> to create the trusted publishing domain file.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add a Trusted Publishing Domain</maml:linkText><maml:uri href="mshelp://windows/?id=71209d16-9e76-4bcf-8276-5e60ed8a4cef"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=f04cf1fc-d07b-481e-a433-cf8e93ab64ba"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Applications - Excluded Application Properties</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Application file name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>File name of the excluded application</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Minimum version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Minimum version of the application</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Maximum version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Maximum version of the application</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Applications</maml:linkText><maml:uri href="mshelp://windows/?id=be22c109-968b-4635-a24d-050a25d4afee"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>User Interface: AD RMS</maml:title><maml:introduction>
<maml:para>The topics in this section are designed to be read while viewing the associated window in the Active Directory Rights Management Services console.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add Cluster - Add Cluster Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=cf19efcd-db3d-4468-8d3c-f6bbb8918133"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - AD RMS Server Cluster Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=6072f26a-2e7a-4926-bf67-f6915cccfa9e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Change AD RMS Service Account Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=9905aecd-a764-4c29-a49e-0a53fbff85c3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Cluster Properties - General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=aa344ab6-67e5-4fd4-af95-153e7e0b2546"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Cluster Properties - Cluster URLs Tab</maml:linkText><maml:uri href="mshelp://windows/?id=568c8990-6120-4c3c-80d8-e7c37a784b94"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Cluster Properties - AD RMS Servers Tab</maml:linkText><maml:uri href="mshelp://windows/?id=a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Cluster Properties - Server Certificate Tab</maml:linkText><maml:uri href="mshelp://windows/?id=a7b8252b-454a-42d6-bed7-46e4459eafb4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Cluster Properties - Proxy Settings Tab</maml:linkText><maml:uri href="mshelp://windows/?id=4ceca4d5-3df2-4d36-ac68-461b7a34c716"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Cluster Properties - Logging Tab</maml:linkText><maml:uri href="mshelp://windows/?id=eae75c44-0844-4756-b560-cbe96825b2de"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Cluster - Cluster Properties - SCP Tab</maml:linkText><maml:uri href="mshelp://windows/?id=40786655-0f0a-4c11-9b21-131171917a93"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trust Policies Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=53f02768-c99c-4188-b2c2-6ccd3c7c6889"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted User Domains - Trusted User Domains Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=74358772-bba0-4390-b83e-0e6aab08619c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted User Domains - Trusted User Domain Certificate</maml:linkText><maml:uri href="mshelp://windows/?id=59b8176f-ec11-494a-aa10-cb0e71b58ee9"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted User Domains - Trusted User Domain Properties</maml:linkText><maml:uri href="mshelp://windows/?id=10fd534d-18d4-46a9-9647-e50d4f95b464"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted User Domains - Import Trusted User Domain Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted Publishing Domains - Trusted Publishing Domains Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=f54901bb-20de-4103-b72b-a74f8e4e0054"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Certificate</maml:linkText><maml:uri href="mshelp://windows/?id=c988e887-9d69-49eb-85aa-c53cf4504090"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Properties</maml:linkText><maml:uri href="mshelp://windows/?id=154f79e2-7107-4138-b87b-2622ed879366"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted Publishing Domains - Import Trusted Publishing Domain Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=55a8adca-ccd6-41c8-a5e2-9a95926623da"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Trusted Publishing Domains - Export Trusted Publishing Domain Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=8e9c43b0-a215-467a-877f-9b75419dd817"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Federated Identity Support - Federated Identity Support Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=e8aad84e-0be9-444a-a460-a4d40f4d2c0f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Policies - Federated Identity Support - Federated Identity Support Properties</maml:linkText><maml:uri href="mshelp://windows/?id=01719c3d-d9f3-4f00-a64e-227b66e13ed6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Policy Templates - Rights Policy Templates Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Policy Templates - Rights Policy Templates Properties</maml:linkText><maml:uri href="mshelp://windows/?id=454ebdbb-6048-4fc3-a011-3fbed9d3d0e2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add Template Identification Page</maml:linkText><maml:uri href="mshelp://windows/?id=9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add User Rights Page</maml:linkText><maml:uri href="mshelp://windows/?id=fd887192-681a-4ebc-a42d-a6be77f75dd4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Rights Policy Template - Specify Expiration Policy Page</maml:linkText><maml:uri href="mshelp://windows/?id=3a6165d2-252b-4407-b62b-75373f274b98"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Extended Policy Page</maml:linkText><maml:uri href="mshelp://windows/?id=97764943-7cfc-423f-aec4-864e2dfdb630"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Revocation Policy Page</maml:linkText><maml:uri href="mshelp://windows/?id=c60ace22-c18e-4f88-9cd4-d82f6ca7e455"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Account Certificate Policies - Rights Account Certificate Policies Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=ba01e655-6a5f-4e6d-881d-4dca57859302"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Standard RAC Tab</maml:linkText><maml:uri href="mshelp://windows/?id=1377e645-ba16-4b00-aba3-3682bc276998"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Temporary RAC Tab</maml:linkText><maml:uri href="mshelp://windows/?id=5c2b2b25-76b4-4ada-9d7b-4ef7a713b686"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Exclusion Policies Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=e95fea7b-b901-4fef-827e-9901abd58e1a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Users - User Exclusion Policies Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=7a14d648-8c0c-4579-a60d-7cf15d2137a5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Users - Exclude User Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=07780424-56b3-4032-932a-36aa3c6b8cbc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Applications - Application Exclusion Policies Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=d2fb938f-c13e-4293-b9df-245b63b6079f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Applications - Exclude Application Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=973f6f34-e1e6-455d-b041-06f0970c6dcb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Applications - Excluded Application Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=9fa2a030-7051-474d-bd71-da6482f9eb10"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Applications - Excluded Application Properties</maml:linkText><maml:uri href="mshelp://windows/?id=930fc9f6-bfd1-4ceb-8eec-7c40c29a4339"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Lockbox - Lockbox Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=71ae6d8f-1b18-402d-bc08-aeef8d097a8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclusion Policies - Lockbox - Lockbox Properties</maml:linkText><maml:uri href="mshelp://windows/?id=a8134792-3c67-4582-bf61-fe6d2e09ac84"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>



<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Security Policies - Security Policies Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=8144f0e6-4968-4d3f-8af9-df23213786bf"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Security Policies - Super Users - Super Users Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=02d8d05b-003e-451e-aa07-f5b47f23f589"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Security Policies - Super Users - Super Users Properties</maml:linkText><maml:uri href="mshelp://windows/?id=cfa7254d-eca7-4238-8a5f-c138d92be441"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Security Policies - Cluster Key Password Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=c89f8c53-a265-4214-9c94-64159759fa5e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Security Policies - Cluster Key Password - Cluster Key Password Properties</maml:linkText><maml:uri href="mshelp://windows/?id=9060ef8e-8367-4d23-abaf-6bfeec7fced7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Security Policies - Decommissioning Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Reports - Reports Results Pane</maml:linkText><maml:uri href="mshelp://windows/?id=8fb70322-3964-4493-99c0-fbfea30d66b6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Applications - Exclude Application Wizard</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Application file name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>File name of the application to be excluded</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Minimum version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Minimum version of the application</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Maximum version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Maximum version of the application</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Applications</maml:linkText><maml:uri href="mshelp://windows/?id=be22c109-968b-4635-a24d-050a25d4afee"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Extended Policy Page</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Enable user to view protected content using a browser add-on</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This option controls whether or not the content can be viewed in a browser that is capable of displaying rights-protected content. Even if this option is selected, the AD RMS-enabled application that created the content must also support viewing of this rights-protected content. If you do not select this option, protected content must be viewed by using the application that created it.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Require a new license key every time content is consumed (disable client-side caching)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This option controls whether or not users must acquire a new use license each time they attempt to consume content that was published by using this rights policy template. If this option is not selected, the client can use a cached version of the use license to consume rights-protected content.</maml:para>

<maml:para>If you select this option, note that it requires users to be connected to the network each time they consume content that was published by using this rights policy template. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>If you would like to specify additional policies for your AD RMS-enabled application, you can specify them here as name-value pairs.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This option allows you to customize a policy based on a specific AD RMS-enabled application. If you select this policy, you must also add the unique name and value pair required by the application to the template.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a New Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=5c3e4dfa-acf1-4497-b57e-327e5be2b2b4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Template</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:para>You can perform the following actions on an existing rights policy template:</maml:para>

<maml:list class="unordered"><maml:listItem><maml:para><maml:phrase>Archive</maml:phrase>. You can make a template unavailable for use by clients to encrypt new content, but the server can continue to use the template to issue use licenses for existing content that was published against the template.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Copy</maml:phrase>. You can duplicate an existing rights policy template. This duplicate can then be modified as needed. </maml:para>
</maml:listItem>
<maml:listItem><maml:para><maml:phrase>View Rights Summary</maml:phrase>. You can see which rights are defined for users and groups in the template.</maml:para>
</maml:listItem>
<maml:listItem><maml:para><maml:phrase>Delete</maml:phrase>. You can delete a template if it is no longer in use. Unlike archiving a template, deleting a template ensures that use licenses are not issued for existing content that was published against the template. </maml:para>
</maml:listItem>
<maml:listItem><maml:para><maml:phrase>View Properties</maml:phrase>. You can modify the settings of an existing rights policy template through its property sheets. All of the settings that were available when the template was created are available for modification. </maml:para>
</maml:listItem>

</maml:list>
</maml:introduction><maml:sections><maml:section><maml:title>Additional references</maml:title>
<maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Archive a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=12db6560-7522-42e4-a98f-8f867c953635"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>View a Summary of User Rights for a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=fab65ea2-4ad4-4d95-82d5-f7a25a08287a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Delete a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=8028ae92-8397-4da3-b4be-5f04ec2532b5"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list></maml:introduction></maml:section></maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Change AD RMS Service Account Wizard</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Current AD RMS service account</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Domain and user name specified for the AD RMS service account</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>New AD RMS service account</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The AD RMS service account must be configured as a domain user account. </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change the AD RMS Service Account</maml:linkText><maml:uri href="mshelp://windows/?id=6ba05e2b-1b49-45c4-9138-6fd9d93ec142"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclude Lockbox Versions</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Lockboxes are used to store a user's private key. If a vulnerability is found in a certain version of a lockbox, a new lockbox is released by Microsoft. You can ensure that clients use a minimum version of the Active Directory Rights Management Services (AD RMS) client software by using the lockbox version associated with the client to exclude the previous versions of the AD RMS client software. When you enable this feature, you specify the latest minimum lockbox version that was signed by the Microsoft Activation Service. You then enable lockbox exclusion on the each AD RMS cluster on which you want it to take effect. All certification and licensing requests are checked to make sure that the lockbox meets the minimum version criteria.</maml:para>

<maml:para>If you have enabled an exclusion based on lockbox version, clients that are using a version of the lockbox software earlier than the specified version cannot acquire rights account certificates (RACs) or use licenses because their requests will be denied. These clients must install a new version of the AD RMS client software to acquire a new lockbox that uses the current version of the software.</maml:para>

<maml:para>If a user who has an excluded lockbox was previously issued licenses for content, the user can still consume that content without acquiring a new lockbox.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To exclude lockbox versions</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Exclusion Policies</maml:ui>, and then select <maml:ui>Lockbox</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Enable Lockbox Exclusion</maml:ui> to exclude lockbox versions. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Change minimum lockbox version</maml:ui>. The <maml:ui>Lockbox</maml:ui> properties sheet opens.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>View the recommended minimum lockbox version</maml:ui> to connect to the Internet and view the minimum lockbox version that is signed by the Microsoft Activation Service. If you do not have an Internet connection on the AD RMS server, you can go directly to the Windows AD RMS Activation Service Web site (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=12995</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=12995"></maml:uri></maml:navigationLink>) and view the minimum lockbox version.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Minimum RM lockbox version</maml:ui> page that appears, copy the version number, and then close your Web browser.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Minimum lockbox version</maml:ui> box, paste the version number, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:procedure><maml:title>To stop excluding lockbox versions</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Exclusion Policies</maml:ui>, and then select <maml:ui>Lockbox</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Disable Lockbox Exclusion</maml:ui> to stop excluding lockbox versions. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enabling Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=5141e060-08ac-4874-98bc-c493658c4c8f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add Template Identification Page</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The Identification page of the rights policy template wizard provides the following information about the template:</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Language</maml:para>
</maml:entry>
<maml:entry>
<maml:para>A template can support multiple languages if your organization has clients in different countries/regions or a diverse set of users that use multiple languages within your organization. The template language defaults to the language used on the first AD RMS server in the cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The name that is displayed to the user and to the administrator when the template is selected. The template can support one name per language.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The explanatory text that is displayed to the user and to the administrator when the template is selected. The template can support one description per language.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a New Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=5c3e4dfa-acf1-4497-b57e-327e5be2b2b4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Applications - Excluded Application Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Properties</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Includes the application name, minimum version, and maximum version. You can modify the application name and the version numbers that make up the exclusion range while the exclusion policy is in effect.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Delete</maml:para>
</maml:entry>
<maml:entry>
<maml:para>If you no longer need to exclude an application, you can delete it from the exclusion list.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Applications</maml:linkText><maml:uri href="mshelp://windows/?id=be22c109-968b-4635-a24d-050a25d4afee"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Specify the Administrative Contact</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The administrative contact is the person or group of persons in your organization that can assist a user in resolving issues with AD RMS. </maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To specify the administrative contact</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and select the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the cluster, and then click <maml:ui>Properties</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>General</maml:ui> tab in the <maml:ui>Administrative contact</maml:ui> area, type the e-mail address of the administrator to contact.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui> to close the properties sheet.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Accounts</maml:linkText><maml:uri href="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclude Users</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can exclude a user account from obtaining use licenses from an Active Directory Rights Management Services (AD RMS) cluster by specifying either the user's e-mail address or the public key string of the rights account certificate (RAC) associated with the user's RAC. </maml:para>

<maml:para>Users who are not allowed to consume rights-protected content but have e-mail accounts in your Active Directory Domain Services (AD DS) forest should be excluded by their e-mail addresses.</maml:para>

<maml:para>If a user is trusted but his or her AD RMS credentials are compromised, you can exclude only the compromised RAC by excluding its public key. When you do this, AD RMS denies new use license requests that involve that RAC. After you exclude a RAC, the next time that user attempts to acquire a use license for new content, the request will be denied. To acquire a use license, the user will have to retrieve a new RAC with a new key pair.</maml:para>

<maml:para>If you need to exclude external users, such as Windows Live ID users, federated users, and users identified by a trusted user domain, who are not part of your AD DS forest, you can also specify a RAC to exclude their public keys.</maml:para>

<maml:para>If you add a user to the exclusion list of the AD RMS root cluster, you should also exclude the user on all licensing-only clusters in your organization. Each AD RMS cluster has independent exclusion lists. </maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To exclude a user</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Exclusion Policies </maml:ui>and then click <maml:ui>Users</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Enable User Exclusion.</maml:ui></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Exclude user</maml:ui>. The <maml:ui>Exclude User Account</maml:ui> wizard appears.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To exclude a user by e-mail address, click the <maml:ui>Use this option for excluding rights account certificates of internal users who have an Active Directory Domain Services account</maml:ui> option,<maml:ui> </maml:ui>and then click <maml:ui>Browse</maml:ui> to browse to a user or group in your Active Directory Domain Services directory or type the e-mail address of the user to be excluded.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To exclude a user by the public key assigned to the user's rights account certificate, click the <maml:ui>Use this option for excluding rights account certificates of external users who do not have an Active Directory Domain Services account</maml:ui> option, and then type the appropriate rights account certificate public key string in the <maml:ui>Public key string</maml:ui> box.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:procedure><maml:title>To stop excluding users</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Exclusion Policies</maml:ui>, and then click <maml:ui>Users</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To disable user exclusion for all user accounts. In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Disable User Exclusion</maml:ui>. All user accounts previously excluded will be able to acquire AD RMS use licenses.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To stop excluding a specific user account. In the results pane, select the excluded user certificate.  </maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Delete</maml:ui>, and then click <maml:ui>Yes</maml:ui> to confirm the removal.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enabling Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=5141e060-08ac-4874-98bc-c493658c4c8f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configuring Rights Policy Templates</maml:title><maml:introduction>
<maml:para>Rights policy templates are configured by using the Active Directory Rights Management Services console. After they are configured, these templates are stored in the configuration database and in an optional shared folder.</maml:para>

<maml:para>This section provides the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=6257f49a-bf8d-4d90-ad04-0918d400068d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Rights Enforcement</maml:linkText><maml:uri href="mshelp://windows/?id=59ebced7-b364-4dcb-bf96-7a0fade8629c"></maml:uri></maml:navigationLink></maml:para></maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Location of Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a New Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=5c3e4dfa-acf1-4497-b57e-327e5be2b2b4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Edit a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=5e480c64-e052-4408-bd1c-716df14b2355"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>View a Summary of User Rights for a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=fab65ea2-4ad4-4d95-82d5-f7a25a08287a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Archive a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=12db6560-7522-42e4-a98f-8f867c953635"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Delete a Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=8028ae92-8397-4da3-b4be-5f04ec2532b5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add New Language to Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=3dea486b-7d3d-4ac7-89d7-da012951f312"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Deploy Rights Policy Templates Through Group Policy</maml:linkText><maml:uri href="mshelp://windows/?id=8dbdc471-ca9f-4c31-9c36-5e5689b3f282"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Deploy Rights Policy Templates Manually</maml:linkText><maml:uri href="mshelp://windows/?id=47c051ea-c776-4a56-ad5c-ec61ed139a17"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Restore Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=2e08964c-fd34-4746-938b-672315aacf48"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Cluster Properties - Server Certificate Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Friendly name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Name of the server licensor certificate (SLC) associated with this cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Hierarchy</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Identifies the certificate hierarchy this cluster belongs to. </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Production—For use by servers in AD RMS clusters that are deployed using released software.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Pre-production—For use by servers in AD RMS clusters deployed by application or service developers in support of a development project that has not yet been released.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Export Certificate</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Exports the SLC to a binary file that can be used for backup or for import by another AD RMS cluster.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export the Server Licensor Certificate</maml:linkText><maml:uri href="mshelp://windows/?id=be7de4f2-7bc1-4704-a046-1a24623b5d7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Enable Certification of Mobile Devices</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>AD RMS can provide rights account certificates (RACs) and use licenses to AD RMS-enabled applications that are running Windows Mobile 6. There are a few things that you should be aware of when configuring mobile services:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Discretionary access control lists (DACLs) on the AD RMS pipelines use the most secure settings by default. You must modify the DACL when using AD RMS mobile services.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Many mobile services use advanced Active Directory Domain Services (AD DS) functionality that is available only if all AD DS domain controllers are running Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. If you are using any mobile services, we recommend that all domain controllers are running Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2, and that both the domain and forest Active Directory functional levels are at least at Windows Server 2003.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>In a default AD RMS installation, the DACL of the AD RMS mobile certification pipeline is restricted, which means an application cannot obtain certificates and licenses for their users. However, if you have an AD RMS-enabled application for these computers, you can enable them to participate in your AD RMS system by configuring the DACLs on the AD RMS mobile certification pipeline.</maml:para>

<maml:para>AD RMS-enabled mobile applications can connect to the AD RMS mobile certification server by using the MobileDeviceCertification.asmx file.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If there is more than one AD RMS server in the AD RMS cluster, the DACL on the mobile certification service must be changed on each server in the cluster.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To enable certification of mobile devices</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Windows Explorer and navigate to the folder where Internet Information Services was installed. By default, the folder path is %systemdrive%\Inetpub\wwwroot\_wmcs\Certification folder. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To enable mobile devices to receive RACs, right-click the <maml:ui>MobileDeviceCertification.asmx</maml:ui> file, and then click <maml:ui>Properties</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Security</maml:ui> tab, click <maml:ui>Add</maml:ui>, and then add the user account object of the AD RMS-enabled mobile application and the <maml:ui>AD RMS Service Group</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Permissions</maml:ui> list for the groups, select the <maml:ui>Allow</maml:ui> check box for both <maml:ui>Read</maml:ui> and <maml:ui>Read &amp; Execute</maml:ui> permissions, and then click <maml:ui>OK</maml:ui>. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If several servers are hosting AD RMS-enabled mobile applications, consider creating a group, adding all of the user objects to this group, and then adding the group to the ACL of the certification pipeline instead.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Restart Internet Information Services by running <maml:computerOutputInline>IISRESET</maml:computerOutputInline> at a command prompt to implement the changes on the DACLs on the Web services. Do this on each server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administering Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Lockbox - Lockbox Properties</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>View recommended minimum lockbox version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This option connects to the Windows AD RMS Activation Service Web site (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=12995</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=12995"></maml:uri></maml:navigationLink>) and displays the current recommended lockbox version number. This number can be used to enable lockbox exclusion.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Minimum lockbox version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This box allows you to set the minimum lockbox version that servers in AD RMS clusters will grant each RAC and use license to AD RMS clients, in the format X.X.X.X, where X is equal to a numeric value.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Lockbox Versions</maml:linkText><maml:uri href="mshelp://windows/?id=9a944ab7-f0d9-4224-97c6-b2543f537827"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Import an SSL Certificate Using Internet Information Services (IIS) Manager</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:para>As a best security practice, AD RMS should be installed with a Secure Sockets Layer (SSL) certificate used for Web communications. A certificate trusted by a certification authority is recommended.</maml:para>

<maml:para>If you decide to use an SSL certificate in your AD RMS installation, you can either add the certificate during the AD RMS installation or import the certificate after installation is complete. To import the certificate after AD RMS is installed, do the following steps:</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To import an SSL certificate using Internet Information Services (IIS) Manager</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Internet Information Services (IIS) Manager</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the local computer, and then double-click <maml:ui>Server Certificates</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Import</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Certificate File (.pfx)</maml:ui> box, type the path to the SSL certificate.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Password</maml:ui>, type the password that was used to create this certificate, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:sections>
<maml:section><maml:title>Additional reference</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Cluster Properties - AD RMS Servers Tab</maml:title><maml:introduction>

</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:para>Because AD RMS is managed on a cluster basis, individual servers do not appear in the Active Directory Rights Management Services console as objects that you can administer. This tab provides a list of all the servers that are members of the AD RMS cluster.</maml:para></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Cluster Properties - General Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Display name for cluster</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Display name of AD RMS cluster</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Actual cluster name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Actual name of AD RMS cluster</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Current Cluster Connection Point</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Name of the server that serves as the cluster connection point. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Administrative Contact</maml:para>
</maml:entry>
<maml:entry>
<maml:para>E-mail address of a person or group who can help users resolve issues with AD RMS.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Administrative Contact</maml:linkText><maml:uri href="mshelp://windows/?id=a171a2ed-a357-4d88-ad4e-e447961bc632"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Security Policies - Decommissioning Results Pane</maml:title><maml:introduction>
<maml:para>When you decommission AD RMS, the behavior of the AD RMS cluster is changed so that it can provide a key that decrypts the rights-protected content that it had previously published. This key allows the content to be saved without AD RMS protection. This can be useful if you have decided to stop using AD RMS protection in your organization.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Decommission AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=e46ee7dd-5acf-45db-b426-101fd6fa958b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Remove the AD RMS Server Role</maml:linkText><maml:uri href="mshelp://windows/?id=786d0acf-6dab-417d-ae39-91450083ddfa"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Check the Password Policy for Your Organization</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:para>When installing an AD RMS cluster, the password used to encrypt the server licensor certificate must conform to the password complexity requirement set forth within your organization.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To check the password complexity requirements in your organization</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a domain controller in the forest where AD RMS should be installed.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Group Policy Management</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand the appropriate forest, expand Domains, and then click the appropriate domain.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Double-click <maml:ui>Default Domain Policy</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Navigate to:</maml:para>

<maml:para>Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Verify that the password you are entering conforms to this password policy.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:sections>
<maml:section><maml:title>Additional reference</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Key Protection and Storage</maml:linkText><maml:uri href="mshelp://windows/?id=db312fba-7c19-4eae-b3b9-18c5d41cc011"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add an Extranet Cluster URL</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The extranet cluster URLs are used by AD RMS clients that are outside of your internal network to connect to the AD RMS cluster for licensing and certification. Be sure to register the URLs in your Domain Name System (DNS), and verify that it is available from the Internet.</maml:para>

<maml:para>If you are adding extranet cluster URLs to an existing AD RMS cluster, new client licensor certificates (CLC) must be obtained by the current AD RMS clients. The extranet cluster URLs are added to the Extranet-License-Acquisition-URL field in the issuance license and used in AD RMS client service discovery.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To add an extranet cluster URL</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and connect to the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the cluster, and then click <maml:ui>Properties.</maml:ui></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the<maml:ui> Cluster URLs</maml:ui> tab. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Extranet cluster URLs</maml:ui> area, click the <maml:ui>Extranet URLs</maml:ui> check box, and then specify the URLs from which you want external users to acquire licenses. You can also select either HTTP or HTTPS. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Apply</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>AD RMS Client Service Discovery</maml:linkText><maml:uri href="mshelp://windows/?id=edab589f-74ea-48d5-a55a-7cb18a65f066"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Removing an AD RMS Cluster</maml:title><maml:introduction>
<maml:para>There can be instances when you need to retire an Active Directory Rights Management Services (AD RMS) server or remove an existing AD RMS cluster entirely. Before you retire a server, you should back up all AD RMS databases that are used by the server, especially the configuration database. </maml:para>

<maml:para>After you back up the databases, you can remove the server. The requirements for removing an AD RMS server depend on the role of the server and topology of the AD RMS installation:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Removing one server from a cluster</maml:phrase>. If the AD RMS server that you want to retire is in a cluster in which other servers in that AD RMS cluster are still active and required, removing an individual AD RMS server from the cluster requires that you unprovision and uninstall AD RMS on the server that you want to retire, and remove the server from the load-balancing rotation. Consult the documentation of the load balancer for instructions about removing a server.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Only servers in the root cluster must be unprovisioned before you uninstall AD RMS. This process is not required for servers that are in licensing-only clusters.</maml:para>
</maml:alertSet>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Retiring a stand-alone server</maml:phrase>. If the AD RMS server to be retired is the only server in that cluster, take the following steps: decommission, unprovision, and uninstall the existing AD RMS server, remove it from the network, and then immediately install and provision AD RMS on the replacement server. Configure the new AD RMS server (this will create a new single-server cluster) and use the same URL and configuration database as the retired AD RMS server. Keep in mind that, until the replacement server is installed and provisioned, users cannot consume rights-protected content that was published by the single-server cluster. </maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>If the AD RMS server that you are replacing uses a hardware or software-based cryptographic service provider (CSP), you must move the key container to the new server before you install and provision AD RMS on it. For information about moving the key container, see the documentation that came with your CSP.</maml:para>
</maml:alertSet>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Replacing an AD RMS installation with another, existing AD RMS installation</maml:phrase>. In some circumstances, you might need to retire an AD RMS installation and replace it with another, existing AD RMS installation, for example, in the case of a company merger where both companies are running AD RMS. In this case, you should export the trusted user domain (TUD) and trusted publishing domain (TPD) from the AD RMS cluster being retired. Import the TUD and TPD into the AD RMS cluster that is still active. Importing the TUD and TPD will ensure that the rights-protected content that was previously protected from the retired AD RMS installation can be consumed in the active cluster.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>When you decommission, unprovision, and uninstall an AD RMS server, the server is removed from the ClusterServer table of the configuration database, and the directory services database is deleted from the database server.</maml:para>

<maml:para>This section contains the following procedures: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Decommission AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=e46ee7dd-5acf-45db-b426-101fd6fa958b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Remove the AD RMS Server Role</maml:linkText><maml:uri href="mshelp://windows/?id=786d0acf-6dab-417d-ae39-91450083ddfa"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitor the AD RMS Message Queue</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>AD RMS logging uses Message Queuing to send events to the logging database. Each server in the AD RMS cluster sends messages to its own message queue. The AD RMS logging service on each server retrieves logging messages from the Message Queuing queue and writes them to the logging database. If your logging database or database server becomes unavailable, or if the AD RMS logging service is stopped, Message Queuing stores the messages in the queue. If you are planning to shut down the logging database or database server temporarily, we recommend that you first stop the AD RMS logging service on every server in the cluster. When you are ready to restart the database server, restart the AD RMS logging service on every server in the AD RMS cluster.</maml:para>

<maml:para>In the default configuration, Message Queuing will store all queued messages up to the limit of the free storage space on the server. If Message Queuing uses all of the available hard disk space, the AD RMS server cannot service client requests.</maml:para>

<maml:para>Membership in the <maml:phrase>AD RMS Enterprise Administrators</maml:phrase> and the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To limit the amount of disk space used for message queuing</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Features</maml:ui>, expand <maml:ui>Message Queuing</maml:ui>, and then click <maml:ui>Private Queues</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the AD RMS logging queue, click <maml:ui>Properties</maml:ui>, select the <maml:ui>Limit message storage to (KB)</maml:ui> check box, and then type the total size, in kilobytes, of all queue messages that can be stored in the queue.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1–6 for all AD RMS servers in the cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing the AD RMS databases</maml:linkText><maml:uri href="mshelp://windows/?id=8dba2e7f-700d-41b1-88a4-7489a6999e7b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Turn on or Turn off Logging</maml:linkText><maml:uri href="mshelp://windows/?id=cdcd00de-abfb-43e9-a247-a462d7b65c54"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Upgrade to AD RMS</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>To upgrade to AD RMS from Rights Management Services (RMS) with Service Pack 1 (SP1) or Service Pack 2 (SP2), do the following steps after upgrading the operating system to Windows Server® 2008 R2:</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure, and the user account must be a member of the System Administrators database role, or equivalent, on the database server.
</maml:para>

<maml:procedure><maml:title>To upgrade to AD RMS</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to the server on which you want to upgrade to AD RMS.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Roles</maml:ui>, and then click <maml:ui>Active Directory Rights Management Services</maml:ui>.</maml:para><maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>An error message might appear when you perform this step. This does not indicate a problem with the upgrade. Click <maml:ui>OK</maml:ui> to continue.
</maml:para></maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, click <maml:ui>Complete Installation of Active Directory Rights Management Services</maml:ui>, and then follow the steps in the upgrade wizard to AD RMS.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>


</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Pre-installation Information for Active Directory Rights Management Services</maml:linkText><maml:uri href="mshelp://windows/?id=878e9550-5966-40f3-862c-7ea309ddb0ed"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Account Certificate Policies - Rights Account Certificate Policies Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Validity Period for Standard RACs</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Interval that a standard RAC is valid. The default is 365 days. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Validity Period for Temporary RACs</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Interval that a temporary RAC is valid. The default is 15 minutes. </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Specify the Rights Account Certificate Validity Duration</maml:linkText><maml:uri href="mshelp://windows/?id=c8b196f6-6099-4f20-bf85-5fd3d2faa31e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Authenticate Clients Using Smart Cards</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>If you are using smart cards in your organization to provide additional security and control over user credentials, users can now use those smart cards with authentication credentials to obtain rights account certificates (RACs) and use licenses from servers in the AD RMS cluster.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The steps in this procedure assume that a Secure Sockets Layer (SSL) certificate has already been installed. For more information about adding SSL, see <maml:navigationLink><maml:linkText>Import an SSL Certificate Using Internet Information Services (IIS) Manager</maml:linkText><maml:uri href="mshelp://windows/?id=a928c435-77a8-49fe-b08e-bfdc6bcc1fa7"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To add Client Certificate Mapping Authentication role service</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager. Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Roles</maml:ui>, and then click <maml:ui>Web Server (IIS)</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane under <maml:ui>Role Services</maml:ui>, click <maml:ui>Add Role Services</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Client Certificate Mapping Authentication </maml:ui>check box, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Install</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When the role service is added, click <maml:ui>Close</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Next, configure the authentication method in IIS:</maml:para>

<maml:procedure><maml:title>To configure the authentication method in IIS</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Internet Information Services (IIS) Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand the server name.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane of the server <maml:ui>Home</maml:ui> page, double-click <maml:ui>Authentication</maml:ui> to open the <maml:ui>Authentication</maml:ui> page.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane of the <maml:ui>Authentication </maml:ui>page, right-click <maml:ui>AD Client Certificate Authentication</maml:ui>, and then click <maml:ui>Enable</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Close IIS Manager.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Finally, enable client authentication for the Web site that is hosting AD RMS:</maml:para>

<maml:procedure><maml:title>To enable client authentication on a Web site hosting AD RMS</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Internet Information Services (IIS) Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand the server name.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Sites</maml:ui>, and then expand the Web site that is hosting AD RMS. By default, the Web site name is <maml:ui>Default Web site</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>_wmcs</maml:ui>, right-click either the <maml:ui>certification</maml:ui> virtual directory (to support RACs or the <maml:ui>licensing</maml:ui> virtual directory (to support use licenses), and then click <maml:ui>Switch to Content View</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane of the <maml:ui>Content</maml:ui> <maml:ui>View</maml:ui>, right-click <maml:ui>certification.asmx</maml:ui> or <maml:ui>license.asmx</maml:ui> as appropriate, and then choose <maml:ui>Switch to Features View</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane on the <maml:ui>Home</maml:ui> page, double-click <maml:ui>SSL Settings</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Choose the appropriate <maml:ui>Client certificates</maml:ui> setting (<maml:ui>Accept</maml:ui> or <maml:ui>Require</maml:ui>). You should accept client certificates if you want clients to have the option to supply authentication credentials by using either a smart card certificate or a user name and password. You should require client certificates if you want only clients with client-side certificates such as smart cards to be able to connect to the service. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Apply</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you want to use client authentication for both certification and licensing, repeat this procedure but select the alternate virtual directory the second time.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Close IIS Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1–10 for every server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Next, you need to force the authentication method to use Client Certificate Mapping Authentication for the AD RMS cluster.</maml:para>

<maml:procedure><maml:title>To force the client authentication method in the applicationhost.config file</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To open an elevated Command Prompt window, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, right-click <maml:ui>Command Prompt</maml:ui>, and then click <maml:ui>Run as administrator</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Navigate to %windir%\system32\inetsrv\config.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type <maml:userInput>notepad applicationhost.config</maml:userInput>, and then press ENTER.</maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>You should make a backup copy of this file before making changes.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Go to the section similar to &lt;location path="Default Web Site/_wmcs/certification/certification.asmx"&gt; section of the applicationhost.config file.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The location of the file above depends on the file or virtual directory that where you are trying to enforce client certificate mapping.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you want to allow smart card authentication in addition to Windows authentication, do the following:</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Change:</maml:para>

<maml:para>&lt;access sslFlags="Ssl, SslNegotiateCert, SslRequireCert, Ssl128" /&gt; </maml:para>

<maml:para>To: </maml:para>

<maml:para>&lt;access sslFlags="Ssl, SslNegotiateCert, Ssl128" /&gt;</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Add a new line under &lt;windowsAuthentication enabled="true" /&gt;, and then type: </maml:para>

<maml:para><maml:userInput>&lt;clientCertificateMappingAuthentication enabled="true" /&gt;</maml:userInput></maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you want to allow only smart card authentication, do the following. Ensure that SSL client authentication with Internet Information Services is required.</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Add a new line under &lt;windowsAuthentication enabled="true" /&gt;, and then type:</maml:para>

<maml:para><maml:userInput>&lt;clientCertificateMappingAuthentication enabled="true" /&gt;</maml:userInput></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Change:</maml:para>

<maml:para>&lt;windowsAuthentication enabled="true" /&gt;</maml:para>

<maml:para>To:</maml:para>

<maml:para>&lt;windowsAuthentication enabled="false" /&gt;</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>File</maml:ui>, click <maml:ui>Save</maml:ui>, and then close Notepad.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In the command prompt window, type <maml:computerOutputInline>iisreset</maml:computerOutputInline>, and then press ENTER.</maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Running iisreset from a command prompt will restart the services associated with Internet Information Services.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1–5 for every server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>After these settings have been configured, a user who attempts to open rights-protected content published by this AD RMS cluster is prompted to provide authentication credentials before the cluster provides the user with a RAC or use license.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administering Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Import an SSL Certificate Using Internet Information Services (IIS) Manager</maml:linkText><maml:uri href="mshelp://windows/?id=a928c435-77a8-49fe-b08e-bfdc6bcc1fa7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclude Applications</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can specify the version of an AD RMS-enabled application that all licensing requests are checked against. Application exclusion stamps every use license with a condition that the license can bind only to the rights-protected content for which it is issued if the application that is requesting the license is not on the excluded list.</maml:para>

<maml:para>This can be useful, for example, when an enterprise deploys an update for an AD RMS-enabled application. System administrators can use their usual mechanism to cause client computers to install the update. They can then set application exclusion policies that are defined by using the version information of the application. This exclusion policy restricts AD RMS from issuing licenses to clients that are running previous versions of the software. </maml:para>

<maml:para>As with other types of exclusion, you must configure application exclusion on each cluster for which you want it to take effect.</maml:para>

<maml:para>When you apply this exclusion policy on your cluster, clients cannot use the excluded application to request and bind new use licenses to rights-protected content. However, clients can continue to use the excluded application to consume previously licensed files.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To exclude applications</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Exclusion Policies</maml:ui>, and then click <maml:ui>Applications</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Enable Application Exclusion</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Exclude Application</maml:ui>. The <maml:ui>Exclude Application</maml:ui> wizard appears.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Application file name</maml:ui>, type the file name and file name extension (such as example.exe) of the application or component to be excluded.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Minimum version</maml:ui>, type the minimum version number (in the format <maml:replaceable>x</maml:replaceable>.<maml:replaceable>x</maml:replaceable>.<maml:replaceable>x</maml:replaceable>.<maml:replaceable>x</maml:replaceable>) of the application that is not allowed to decrypt rights-protected content.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Maximum version</maml:ui>, type the maximum version (in the format <maml:replaceable>x</maml:replaceable>.<maml:replaceable>x</maml:replaceable>.<maml:replaceable>x</maml:replaceable>.<maml:replaceable>x</maml:replaceable>) of the application that is not allowed to decrypt rights-protected content.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Finish</maml:ui>.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>AD RMS requires the application version to be specified in a 4-digit period-delimited format (#.#.#.# ). However, some applications specify their application version with 2-digit or 3-digit period-delimited numbers. In this case, you should append a .0 as appropriate to make the version number match the format required by AD RMS.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:procedure><maml:title>To stop excluding applications</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Exclusion Policies</maml:ui>, and then click <maml:ui>Applications</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To disable all application exclusions, in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Disable Application Exclusion</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To disable a specific application exclusion, in the results pane, select the excluded application.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Delete</maml:ui>, and then click <maml:ui>Yes</maml:ui> to confirm the removal.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enabling Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=5141e060-08ac-4874-98bc-c493658c4c8f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Export the Server Licensor Certificate</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Server licensor certificates (SLCs) are exported to be used in establishing trusted publishing domains and trusted user domains.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To export the server licensor certificate to a file</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, select the AD RMS cluster whose certificate you want to export.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the cluster name, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Server Certificate </maml:ui>tab, click <maml:ui>Export Certificate.</maml:ui></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The <maml:ui>Export Certificate As</maml:ui> dialog box appears. We recommend that you modify the .bin file name to include the name of your server, such as AD RMS_Cluster1_LicensorCert.bin.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Specify the location where the SLC certificate should be saved, and then click <maml:ui>Save</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=58dedefe-49d0-4b2e-b673-bfaa513fc70e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administering Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Revocation Policy Page</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Location where the revocation list is published (URL or UNC)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a path to the revocation list. You can make the revocation list available by using a Web service that can be accessed by using a URL. When a client computer attempts to open rights-protected content that requires a revocation list, the AD RMS-enabled application first queries the local computer for the revocation list and, if the revocation list is not found or is outdated, the application attempts to connect to the URL that is specified in the template properties.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Refresh interval for revocation list (days)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides the number of days that a revocation list is valid. If the revocation list downloaded to the client computer is older than the time that is specified, a new revocation list is downloaded.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>File containing public key corresponding to the signed revocation list</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides both the path of the public key whose corresponding private key is used to sign the revocation list.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a New Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=5c3e4dfa-acf1-4497-b57e-327e5be2b2b4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configure the Access Control List on the GroupExpansion Folder</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The following procedure describes how to set the access control list (ACL) on the GroupExpansion folder and the GroupExpansion.asmx file, assuming that there are only the two forests (Forest1 and Forest2) in the organization. If you have more than two forests, repeat the procedure as necessary to configure the ACLs on all the servers in the Active Directory Rights Management Services (AD RMS) cluster.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To set the ACL on the GroupExpansion folder and GroupExpansion.asmx file</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server of your AD RMS cluster in <maml:replaceable>Forest1</maml:replaceable>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, and then click <maml:ui>Computer</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Navigate to the <maml:replaceable>%systemdrive%</maml:replaceable><maml:ui>\inetpub\wwwroot\_wmcs</maml:ui> folder.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click <maml:ui>GroupExpansion</maml:ui> folder, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Security</maml:ui> tab, and then click <maml:ui>Edit</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Add</maml:ui>, add the AD RMS service account from <maml:replaceable>Forest2</maml:replaceable>, for example, <maml:replaceable>Forest2\ADRmsServiceAccount</maml:replaceable>, and then click <maml:ui>OK</maml:ui> to close the dialog box. Continue to click <maml:ui>OK</maml:ui> until all of the open dialog boxes are closed.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1–7 for the GroupExpansion.asmx file located in the GroupExpansion folder.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>At a command prompt, type <maml:computerOutputInline>iisreset</maml:computerOutputInline>, and then press ENTER to restart Internet Information Services.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring AD RMS Across Forests</maml:linkText><maml:uri href="mshelp://windows/?id=f1f3f842-b742-49a7-8724-04706368fcac"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Security Policies - Cluster Key Password Results Pane</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Change cluster key password</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Use this option to reset the cluster key password only if the key protection method is AD RMS centrally managed. If you reset the cluster key password, you must reset the cluster key password on every AD RMS server in the cluster. If you do not, those servers will be unable to decrypt the server key in the configuration database.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Reset the AD RMS Cluster Key Password</maml:linkText><maml:uri href="mshelp://windows/?id=55a69f4b-da6d-40b5-8673-17fa2fce6e7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Key Protection and Storage</maml:linkText><maml:uri href="mshelp://windows/?id=db312fba-7c19-4eae-b3b9-18c5d41cc011"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Specify the Rights Account Certificate Validity Duration</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can specify the validity periods for both standard and temporary rights account certificates (RACs). By default, a standard RAC is valid for 365 days and a temporary RAC is valid for 15 minutes. After the end of these periods, users must acquire new certificates when they attempt to acquire publishing or use licenses. The manner in which the RAC is renewed depends on the AD RMS-enabled application. In some cases, it might be transparent; in others, the user might need to actively submit a request.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you are using Active Directory Federation Services (AD FS) with AD RMS, the rights account certificate validity duration is specified in <maml:ui>Federated Identity Support</maml:ui>. For more information, see <maml:navigationLink><maml:linkText>Configure Federated Identity Support Settings</maml:linkText><maml:uri href="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To specify the Rights Account Certificate Validity Duration for standard certificates</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, select <maml:ui>Rights Account Certificate Policies</maml:ui>, and then click <maml:ui>Change standard RAC validity period</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Standard RAC</maml:ui> tab, in <maml:ui>Standard RAC validity period</maml:ui>, type the number of days that standard RACs are to be valid, and then click <maml:ui>OK</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:procedure><maml:title>To specify the Rights Account Certificate Validity Duration for temporary certificates</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, select <maml:ui>Rights Account</maml:ui> <maml:ui>Certificate Policies </maml:ui>and then click <maml:ui>Change temporary RAC validity period</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Temporary RAC</maml:ui> tab, in <maml:ui>Temporary RAC validity period</maml:ui>, type the number of minutes that temporary RACs are to be valid, and then click <maml:ui>OK</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=58dedefe-49d0-4b2e-b673-bfaa513fc70e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administering Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure Federated Identity Support Settings</maml:linkText><maml:uri href="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configure Federated Identity Support Settings</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Once enabled, Federated Identity Support allows user accounts to use credentials established by a federated trust relationship through Active Directory Federation Services (AD FS) as a basis for obtaining a rights account certificate (RAC) from an AD RMS cluster. This is an alternative to setting up trusted publishing domains or trusted user domains between entities that have previously established trust infrastructures, such that in most cases the cluster is supporting both users that are inside of the organization and users from a partner organization. </maml:para>

<maml:para>When rights account certificates (RACs) are issued from a federated identity, the standard rights account certificate validity period does not apply. Instead, the RAC validity period is specified in the <maml:ui>Federated Identity Support</maml:ui> setting. Users with federated identities do not use temporary rights account certificates.</maml:para>

<maml:para>By default, federated trust relationships are not transitive. When a federated trust relationship is established between two organizations, any AD RMS trusted user domains that are established in either organization are not automatically trusted by the other organization. However, when you are importing a Trusted User Domain, there is an option to trust federated users of the imported domain.</maml:para>

<maml:para>Great care should be taken when allowing proxy addresses through a federated trust. If you allow proxy addresses through federation, it is possible for a malicious user to spoof an authorized user's credentials and access the user's rights-protected content. If proxy addresses through federation is a requirement of your organization, you should implement a claims transformation module that will examine a proxy address from a federated user and make sure that it matches the forest in which the request originated. The option to allow a proxy address from a federated user is turned off by default in the Active Directory Rights Management Services console.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To enable and configure federated identity support settings </maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the <maml:ui>Active Directory Rights Management Services </maml:ui>console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Trust Policies</maml:ui>, and then click <maml:ui>Federated Identity Support</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Enable Federated Identity Support</maml:ui> to enable Federated Identity Support.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Active Directory Federation Service Policies</maml:ui> tab, in <maml:ui>Federated Identity Certificate validity period</maml:ui>, type the number of days that federated rights account certificates are to be valid.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Federated Identity Certificate Service URL</maml:ui>, provide the location of the root cluster that will provide RACs to external users. If the default is selected, users will attempt to obtain a RAC from the AD RMS cluster that published the content.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring AD RMS Across Forests</maml:linkText><maml:uri href="mshelp://windows/?id=f1f3f842-b742-49a7-8724-04706368fcac"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Certificate</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Export Trusted Publishing Domain</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Export a server licensor certificate (SLC) to a file that can be imported into another AD RMS cluster as a trusted publishing domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Properties</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Configure the properties of the selected trusted publishing domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Delete</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Stop trusting publishing domains. You cannot remove the core trusted publishing domain, which is the name of the AD RMS cluster by default.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted User Domains - Import Trusted User Domain Wizard</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Trusted user domain file</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Path to the trusted user domain file to be imported</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Display name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Name for the trusted user domain that will be displayed in the Active Directory Rights Management Services console</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Turn on or Turn off Logging</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can turn on and turn off logging for the current cluster from the <maml:ui>Logging </maml:ui>tab of the cluster properties sheet in the Active Directory Rights Management Services snap-in. Turning off logging stops the Active Directory Rights Management Services (AD RMS) Web services from sending data to the logging message queue.</maml:para>

<maml:para>AD RMS logs are sent to the database server by Message Queuing. If a connection to the database server is not present, Message Queuing stores the logs in a local cache until connectivity is restored. The first time you enable logging, you should make sure that the AD RMS server has a connection to the database server and that the database service is started. If Message Queuing cannot deliver the logs to the logging database, it keeps the data in a queue on the hard disk of the AD RMS server. It continues to do this until all of the storage space on the server is full. When there is no disk space is left on the server, Message Queuing will stop. AD RMS does not display an error in this condition, because the feature is meant to support logging during times when the connection to the database server is interrupted.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To turn on logging or turn off logging</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to a server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console, and select the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the cluster name, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Logging </maml:ui>tab, and then do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To turn logging on, select the <maml:ui>Enable Logging</maml:ui> check box. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To turn logging off, clear the <maml:ui>Enable Logging</maml:ui> check box.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1-5 for each server in the AD RMS cluster.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>If you are using Microsoft SQL Server as your database server, you can verify that the logs are being written to the database:</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group and the <maml:phrase>System Administrators</maml:phrase> database role on the database server hosting the AD RMS configuration database, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To verify that the logs are being written to the database</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to the database server hosting the AD RMS logging database.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In SQL Server Enterprise Manager, expand <maml:ui>Databases,</maml:ui> and then expand the AD RMS logging database.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Tables</maml:ui>, right-click <maml:ui>ServiceRequest</maml:ui>, and then click <maml:ui>Open table - return all rows</maml:ui>. If log files are being created, you will see one or more rows in this table.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing the AD RMS databases</maml:linkText><maml:uri href="mshelp://windows/?id=8dba2e7f-700d-41b1-88a4-7489a6999e7b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add Cluster - Add Cluster Wizard</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Connection protocol</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This area defines how the console will communicate with the AD RMS cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>URI scheme</maml:para>

<maml:para>Port number</maml:para>
</maml:entry>
<maml:entry>
<maml:para>If you have enabled SSL, select <maml:ui>HTTPS</maml:ui> in the <maml:ui>URI Scheme</maml:ui> box. </maml:para>

<maml:para>If you configured IIS with a different port than port 80 (for http) or port 443 (for https), specify the port number in the <maml:ui>Port number</maml:ui> box.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Connect to</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This area identifies whether you are connecting to an AD RMS cluster on the local computer or on another computer on the network, or another AD RMS cluster. If you are connecting to another computer, type the fully qualified domain name or IP address in the <maml:ui>Remote computer</maml:ui> box. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Connect as</maml:para>
</maml:entry>
<maml:entry>
<maml:para>If the currently logged-on user account does not have the required permissions to modify settings on the cluster, you can specify a different user name and password.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administer AD RMS by Using the Active Directory Rights Management Services console</maml:linkText><maml:uri href="mshelp://windows/?id=9145546f-a8ef-45b3-ab98-3e2c8bc1ef33"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Security Policies - Super Users - Super Users Properties</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Super user group</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The e-mail address of the Active Directory Domain Services (AD DS) super users universal group, which is in the same forest in which AD RMS is installed.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>As a security best practice, the AD DS group assigned as the AD RMS super users group should be an AD DS restricted group.</maml:para>
</maml:alertSet>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set up a Super Users Group</maml:linkText><maml:uri href="mshelp://windows/?id=50714cdb-7e30-4844-a2f0-55ef651eef7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Applications - Application Exclusion Policies Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>AD RMS-enabled applications can be excluded by their file name and version number. You do this to make sure that users install a newer version of an application when it becomes available. </maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Applications</maml:linkText><maml:uri href="mshelp://windows/?id=be22c109-968b-4635-a24d-050a25d4afee"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding AD RMS Key Protection and Storage</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can protect the AD RMS cluster key by using a hardware- or software-based cryptographic service provider (CSP) or by storing the cluster key in the AD RMS configuration database. A hardware-based CSP stores the cluster key in a hardware device. </maml:para>

<maml:para>As a best security practice, we recommend using a hardware-based CSP to protect the AD RMS cluster key. When using AD RMS to centrally manage the cluster key from the AD RMS configuration database, you should use a strong cluster key password. If you are upgrading from RMS to AD RMS and using a hardware-based CSP, ensure that the drivers are compatible with Windows Server 2008 R2 before proceeding with the upgrade.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If there are multiple servers in the AD RMS cluster and you are using either a software- or hardware-based CSP to protect the cluster key, you must manually move the cluster key to the other computers before installing AD RMS. Consult the CSP documentation for procedures on moving the cluster key.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Pre-installation Information for Active Directory Rights Management Services</maml:linkText><maml:uri href="mshelp://windows/?id=878e9550-5966-40f3-862c-7ea309ddb0ed"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=58dedefe-49d0-4b2e-b673-bfaa513fc70e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Decommission AD RMS</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Before you remove the Active Directory Rights Management Services (AD RMS) role from a server, you should first decommission AD RMS. When you decommission AD RMS, the behavior of the AD RMS cluster is changed such that it can now provide a key that decrypts the rights-protected content that it had previously published. This key allows the content to be saved without AD RMS protection. This can be useful if you have decided to stop using AD RMS protection in your organization, or still need the information.</maml:para>

<maml:para>You should enable decommissioning on each server in the cluster long enough for users to have the opportunity to save their content without AD RMS protection and for your network and system administrators to disable any AD RMS-enabled clients from using the service.</maml:para>

<maml:para>After you enable decommissioning, the Active Directory Rights Management console will only show the <maml:ui>Decommissioning server information</maml:ui> page in the results pane; no further administration is supported. </maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>When you decommission a server, it cannot be restored to its previous AD RMS configuration. This process cannot be reversed. Once you have decommissioned AD RMS, you must completely remove AD RMS by using Server Manager before you attempt to install another instance of AD RMS.</maml:para>
</maml:alertSet>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To decommission AD RMS</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Log on to the server on which you want to decommission AD RMS. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Modify the access control list (ACL) on the decommissioning.asmx file by granting the <maml:ui>Everyone</maml:ui> group Read &amp; Execute permissions. The default location for this file is %systemdrive%\inetpub\wwwroot\_wmcs\decommission.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the <maml:ui>Active Directory Rights Management Services </maml:ui>console and add the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand the AD RMS cluster, expand <maml:ui>Security Policies</maml:ui>, and then select <maml:ui>Decommissioning</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Enable Decommissioning </maml:ui>option in the <maml:ui>Actions</maml:ui> pane. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Decommission</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When prompted, click <maml:ui>Yes</maml:ui> to confirm that you want to permanently decommission the AD RMS installation.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat steps 1–7 for all AD RMS servers in the cluster.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Inform your users that you are decommissioning the AD RMS installation and advise them to connect to the cluster to save their content without AD RMS protection. Alternatively, you could delegate a trusted person to decrypt all rights-protected content by temporarily adding that person to the AD RMS super users group.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After you believe that all of the content is unprotected and saved, you should export the server licensor certificate, and then uninstall AD RMS from the server.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Removing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=ae904fc1-9a96-4dec-adf8-43aa8c3b89f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export the Server Licensor Certificate</maml:linkText><maml:uri href="mshelp://windows/?id=be7de4f2-7bc1-4704-a046-1a24623b5d7a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Change AD RMS Proxy Settings</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>If you control access to resources outside of the local forest by a Web proxy server, you might need to configure AD RMS to use the proxy in some scenarios. Situations that require this are the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>You are supporting Microsoft Rights Management Services (RMS) version 1.0 clients in your organization that do not have Internet connectivity.</maml:para>

<maml:para>RMS version 1.0 clients must be activated by Microsoft over the Internet prior to the first use. The RMS version 1.0 clients attempts to have the AD RMS cluster proxy the activation request, but if the AD RMS cluster does not respond, the client then tries to obtain the credentials directly through an Internet connection on the local computer, if one is available. In RMS with Service Pack 1 (SP1) and later, AD RMS client computer activation over the Internet is no longer required.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You are trusting rights account certificates (RACs) from Windows Live ID users. </maml:para>

<maml:para>When you select to trust Windows Live ID sites and services as one of your trusted user domains, the AD RMS cluster needs to be able to validate the user against Windows Live ID sites and services. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You have multiple forests in your organization that are separated by a Web proxy server and you have established trusts across those forests. </maml:para>

<maml:para>This is similar to the scenario with Windows Live ID in that the registry of user accounts that the AD RMS cluster must validate against is behind the Web proxy server. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>If your AD RMS cluster does not need to negotiate a connection through a proxy server, you do not need to configure these settings. If the proxy server authenticates users before allowing outbound access, you must provide a user account that AD RMS can use when challenged for credentials by the proxy server.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To change the AD RMS Proxy settings</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console, right-click the AD RMS cluster, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the<maml:ui> Proxy Settings</maml:ui> tab, and then select the <maml:ui>This cluster uses a proxy server to access external networks</maml:ui> box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Address</maml:ui> box, type the IP address or DNS name of the proxy server that you want to use.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Port</maml:ui> box, type the port number that the proxy server uses to connect to the Internet.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you do not use the proxy server to connect to local resources, select the <maml:ui>Bypass proxy server for local addresses</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you have addresses that should not be using the proxy server at all, type them in the <maml:ui>Do not use proxy server for address beginning with</maml:ui> box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If appropriate, select the <maml:ui>This proxy server requires authentication</maml:ui> check box.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>In <maml:ui>Authentication type</maml:ui>, choose the appropriate authentication type from the list: <maml:ui>Basic</maml:ui>, <maml:ui>Digest</maml:ui>, or <maml:ui>Integrated Windows</maml:ui>. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In the <maml:ui>User name </maml:ui>box, type the user name that should be supplied in response to the challenge from the proxy server. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In the <maml:ui>Password </maml:ui>and<maml:ui> Confirm password </maml:ui>boxes, type the password that should be supplied in response to the challenge from the proxy server. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If your proxy server uses Integrated Windows authentication, in the <maml:ui>Domain</maml:ui> box, type the domain to which the user belongs. </maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Deploying an AD RMS Licensing-only Cluster</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The following steps in this checklist describe the tasks required to deploy an Active Directory Rights Management Services (AD RMS) licensing-only cluster.</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Assign a secure sockets layer (SSL) certificate to the Web site that will be hosting the AD RMS cluster.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Install and configure the AD RMS licensing-only cluster. A root AD RMS cluster must already be present in the AD DS forest before you can install the licensing-only cluster.</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>During the installation, choose the <maml:ui>Create a new AD RMS cluster</maml:ui> option.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Enter the name of the computer that will host the AD RMS licensing-only configuration database and the database instance name.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Select the type of key protection to be used for the licensing-only cluster. If you choose to have AD RMS centrally manage the keys, enter the AD RMS cluster key password. If you are using a cryptographic service provider (CSP) to protect the cluster key, create a new key pair or use an existing key pair.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Enter a service account to be used for the licensing-only cluster.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Choose the appropriate Web site where AD RMS should be installed.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Enter the cluster name to be used for the new licensing-only cluster and type the appropriate port number. By default, the port number is 80 if configuring for HTTP and 443 for configuring HTTPS.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Enter a friendly name for the new AD RMS cluster.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
</maml:list>

<maml:para>For detailed instructions about setting up a licensing-only AD RMS cluster in a test environment, see Deploying and Active Directory Rights Management Services Licensing-only Cluster Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=72141</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=72141"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction><maml:sections><maml:section><maml:title>Additional reference</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:section></maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Federated Identity Support - Federated Identity Support Results Pane</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Federated Identity certificate validity period (days)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays the number of days a rights account certificate (RAC) is valid once it is issued to federated identities.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Federated Identity certificate service URL</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays the URL of the federated resource partner that all federated identity certification requests will go to. When this value is not set, the certification request is handled by the AD RMS cluster.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Allow proxy email address</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays whether or not proxy e-mail addresses are allowed to consume rights-protected content.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Change Federated Identity Support</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click this link to change AD RMS federated identity support options.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclusion Policies - Exclusion Policies Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>AD RMS is designed to help prevent disclosure of information to unauthorized users. One of the risks inherent in a certificate and license based system is that the certificates or licenses might be compromised and thus provide rights to an unauthorized user. Exclusion policies prevent users, applications, and lockboxes from acquiring certificates and licenses from servers in the cluster. Exclusion policies are different from revocation lists in that revocation affects previously granted licenses and certificates from being able to be used to decrypt rights-protected content.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enabling Exclusion Policies</maml:linkText><maml:uri href="mshelp://windows/?id=5141e060-08ac-4874-98bc-c493658c4c8f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding AD RMS Across Forests</maml:title><maml:introduction>
<maml:para>If you are deploying AD RMS in an environment with multiple Active Directory Domain Services (AD DS) forests, you need to determine what support might be required for users or groups who are outside of the forest in which AD RMS is deployed. AD RMS uses AD DS to identify users and distribution groups. When an organization’s AD DS deployment includes multiple forests, AD RMS uses AD DS contact objects to obtain the identities of users and groups that are part of a different forest than the AD RMS cluster. The problem is that user or group objects from other forests do not typically have representative objects that are in the forest where AD RMS resides. If you intend to use AD RMS to restrict permissions to users or groups who are from other forests, you need to configure your Active Directory forest appropriately to allow group expansion to occur across forests. </maml:para>

<maml:para>You can implement group expansion support across forests for AD RMS in two ways: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Deploy an AD RMS cluster into the forest where the groups are defined, and where it will be used to expand the membership of these groups. AD DS Universal groups should be used so that the group membership is replicated to every global catalog server in the forest. Schema extensions must exist in forests that contain contact objects that allow the schema extensions to point back to the forests that contain the actual objects. If schema extensions are not used, client registry overrides are required.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Synchronize group definitions among forests to allow the local AD RMS installation to determine the complete group membership for any user. If the user who is requesting a use license has a Windows account in a separate forest, there also must be a contact object in the local forest to represent that user’s group membership.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring AD RMS Across Forests</maml:linkText><maml:uri href="mshelp://windows/?id=f1f3f842-b742-49a7-8724-04706368fcac"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=f04cf1fc-d07b-481e-a433-cf8e93ab64ba"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Cluster - Cluster Properties - Logging Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Enable logging</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enables and disables AD RMS logging.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Logging database</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Name of the logging database.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Logging service name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Name of the Windows service on the AD RMS server that sends logging messages to the logging database. By default, this service is named ADRmsLoggingService.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Logging queue name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Name of the Message Queuing queue on the AD RMS server that holds messages before they are sent to the logging database.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Turn on or Turn off Logging</maml:linkText><maml:uri href="mshelp://windows/?id=cdcd00de-abfb-43e9-a247-a462d7b65c54"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>AD RMS Client Service Discovery</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Active Directory Rights Management Services (AD RMS) client service discovery is the method by which the AD RMS client discovers an AD RMS cluster. There are three ways in which this can occur:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Active Directory Domain Services (AD DS) service connection point (SCP) automatic service discovery. This is the recommended way to deploy an AD RMS environment. In this scenario, an SCP is created in the Active Directory forest where the AD RMS cluster is installed. When the AD RMS client attempts user activation on the computer, it queries the SCP to find the AD RMS cluster and download the rights account certificate (RAC). With automatic service discovery, no additional configuration is required on the AD RMS client.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>AD RMS client registry overrides. In complex AD RMS deployment topologies, more specific control of the AD RMS client is required. For versions of the Rights Management Services (RMS) client running on Windows XP, Windows 2000, or Windows Server 2003, these overrides are required for topologies where multiple Active Directory forests are deployed. Another example of where client registry overrides can be used is to support extranet users. In these cases, client registry overrides are created on the AD RMS client to force either certification or licensing of rights-protected content from an AD RMS cluster that is different from the one published in the SCP. The AD RMS client registry overrides used to override the SCP are created in:</maml:para>

<maml:para><maml:phrase>HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM\ServiceLocation</maml:phrase>.</maml:para>

<maml:para>The client registry override keys are the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Activation. This key is used to override the default AD RMS certification service that is configured in the SCP. The syntax for this key is http(s)://<maml:replaceable>&lt;your cluster&gt;</maml:replaceable>/_wmcs/certification where &lt;<maml:replaceable>your cluster</maml:replaceable>&gt; is the URL of the root cluster that should be used for certification.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>EnterprisePublishing. This key is used to override the default AD RMS licensing service to which the AD RMS client connects. The syntax for this key is http(s)://<maml:replaceable>&lt;your cluster&gt;</maml:replaceable>/_wmcs/licensing where &lt;<maml:replaceable>your cluster</maml:replaceable>&gt; is the URL of the licensing-only cluster.</maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The client registry overrides are configured as registry keys. The value of these registry keys should be added to the default entry of the registry key of type REG_SZ.</maml:para>
</maml:alertSet>

<maml:list class="unordered">
<maml:listItem>
<maml:para>If the AD RMS client computer is connecting by using a federated trust, you must configure the federation home realm. The registry key is:</maml:para>

<maml:para><maml:phrase>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDRM\Federation</maml:phrase></maml:para>

<maml:para>Within this registry key create an registry entry named FederationHomeRealm of type REG_SZ. The value of this registry entry is the federation service URI.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>

<maml:listItem>
<maml:para>Examine issuance license for extranet URLs. The last method for AD RMS client service discovery is by means of the issuance license. When rights-protected content is published, the intranet as well as the extranet licensing service URLs are added to the issuance license. When an AD RMS client opens the rights-protected content for the first time and the other methods of service discovery are not available, the client can retrieve the licensing URLs from the issuance license.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Working with the AD RMS Client</maml:linkText><maml:uri href="mshelp://windows/?id=3230bca4-51cb-418f-86ba-bb6539385418"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure Federated Identity Support Settings</maml:linkText><maml:uri href="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding AD RMS Trust Policies</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can add trust policies so that AD RMS can process licensing requests for content that was rights-protected by a different AD RMS cluster. You can define trust policies as follows:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Trusted user domains</maml:phrase>. The addition of a trusted user domain allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Trusted publishing domains</maml:phrase>. The addition of a trusted publishing domain allows one AD RMS cluster to issue use licenses against publishing licenses that were issued by a different AD RMS cluster. You add a trusted publishing domain by importing the server licensor certificate and private key of the server to trust. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Windows Live ID</maml:phrase>. Setting up a trust with Microsoft’s online RMS service allows an AD RMS user to send rights-protected content to a user with a Windows Live ID. The Windows Live ID user will be able to consume rights-protected content from the AD RMS cluster that has trusted Microsoft’s online RMS service, but the Windows Live ID user will not be able to create content that is rights-protected by the AD RMS cluster.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Federated trust</maml:phrase>. Establishing a federated trust between two forests is done by using Active Directory Federation Services. This is useful if one forest does not have AD RMS installed, but its users need to consume rights-protected content from another forest. For more information about setting up federation support in AD RMS, see <maml:navigationLink><maml:linkText>Configure Federated Identity Support Settings</maml:linkText><maml:uri href="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure Federated Identity Support Settings</maml:linkText><maml:uri href="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configuring AD RMS Across Forests</maml:title><maml:introduction>
<maml:para>The procedures in this section are designed to help you configure AD RMS across Active Directory forests.</maml:para>

<maml:para>This section contains the following topics:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Across Forests</maml:linkText><maml:uri href="mshelp://windows/?id=ea711929-0b07-4098-8738-89ef537c26e7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure the Access Control List on the GroupExpansion Folder</maml:linkText><maml:uri href="mshelp://windows/?id=c64715bc-3d85-47b2-b543-5b97640303b3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Export a Trusted User Domain</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Trusted user domains (TUDs) enable an AD RMS cluster to provide licenses to users whose rights account certificate (RAC) was granted by another server in a AD RMS cluster. Exporting a TUD and importing it into another AD RMS cluster allows the cluster to process requests for use licenses from users whose rights account certificates (RACs) are in a different cluster.</maml:para>

<maml:para>Membership in the local <maml:phrase>AD RMS Enterprise Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To export a trusted user domain</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console, and then expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand <maml:ui>Trust Policies </maml:ui>and then click <maml:ui>Trusted User Domains.</maml:ui></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Export Trusted User Domain</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The <maml:ui>Save As</maml:ui> dialog box appears. We recommend that you modify the .bin file name to include the name of your server, such as ADRMS_Cluster1_LicensorCert.bin.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Save</maml:ui> to save the file with the name and location you specified. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add a Trusted User Domain</maml:linkText><maml:uri href="mshelp://windows/?id=59c802d0-3982-432c-b06f-3e148dca0166"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Establishing Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Policies - Trusted Publishing Domains - Trusted Publishing Domains Results Pane</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>A trusted publishing domain allows one AD RMS cluster to issue use licenses against publishing licenses that were issued by a different AD RMS cluster. You add a trusted publishing domain by importing the server licensor certificate and private key of the server to trust.</maml:para>

<maml:para>The Trusted Publishing Domains results pane lists the trusted publishing domains for the cluster.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Export a Trusted Publishing Domain</maml:linkText><maml:uri href="mshelp://windows/?id=930d4692-3345-423c-99ac-63d21b12d94d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add a Trusted Publishing Domain</maml:linkText><maml:uri href="mshelp://windows/?id=71209d16-9e76-4bcf-8276-5e60ed8a4cef"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding AD RMS Trust Policies</maml:linkText><maml:uri href="mshelp://windows/?id=f04cf1fc-d07b-481e-a433-cf8e93ab64ba"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Active Directory Rights Management Services</maml:title><maml:introduction>
<maml:para>Active Directory Rights Management Services (AD RMS) for the Windows Server 2008 R2 operating system is information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use, both online and offline, and inside and outside of the firewall. AD RMS is designed for organizations that need to protect sensitive and proprietary information such as financial reports, product specifications, customer data, and confidential e-mail messages. AD RMS augments an organization's security strategy by providing protection of information through persistent usage policies (also known as usage rights and conditions), which remain with the information no matter where it is moved. AD RMS persistently protects any binary format of data, so the usage rights remain with the information rather than the rights merely residing on an organization's network. This also enables usage rights to be enforced after the information is accessed by an authorized recipient, both online and offline, and inside and outside of the organization. AD RMS helps protect information through persistent usage policies by establishing the following essential elements:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Trusted entities. </maml:phrase>Organizations can specify the entities, including individuals, groups of users, computers, and applications that are trusted participants in an AD RMS system. By establishing trusted entities, AD RMS can help protect information by enabling access only to properly trusted participants. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Usage rights and conditions.</maml:phrase> Organizations and individuals can assign usage rights and conditions that define how a specific trusted entity can use rights-protected content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire. Organizations can exclude applications and entities from accessing the rights-protected content.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Encryption.</maml:phrase> Encryption is the process by which data is locked by using electronic keys. AD RMS encrypts information, making access conditional on the successful validation of the trusted entities. Once information is locked, only trusted entities that were granted usage rights under the specified conditions (if any) can unlock or decrypt the information in an AD RMS-enabled application or browser. The defined usage rights and conditions will then be enforced by the application. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>This on-line Help system provides information to assist you in accomplishing these administrative tasks by using the Active Directory Rights Management Services console. Review the following topics to learn more about working with your AD RMS cluster.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Active Directory Rights Management Services Overview</maml:linkText><maml:uri href="mshelp://windows/?id=74272acc-0f2d-4dc2-876f-15b156a0b4e0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Pre-installation Information for Active Directory Rights Management Services</maml:linkText><maml:uri href="mshelp://windows/?id=878e9550-5966-40f3-862c-7ea309ddb0ed"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying a Single-Server Installation</maml:linkText><maml:uri href="mshelp://windows/?id=4f757264-290e-4661-ba07-83912325efbd"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying AD RMS in an Extranet</maml:linkText><maml:uri href="mshelp://windows/?id=74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying AD RMS in an Organization with Users in Multiple Forests</maml:linkText><maml:uri href="mshelp://windows/?id=1f1d0032-1e8c-4e5a-b438-cfa01fe82228"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying an AD RMS Licensing-only Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=e605e743-a4cb-416b-becd-c7240d0b0449"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Deploying AD RMS with AD FS</maml:linkText><maml:uri href="mshelp://windows/?id=05c98626-7880-44e7-821f-753bd88526ca"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=73829489-45f1-415b-90ab-061a263d1ef6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Removing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=ae904fc1-9a96-4dec-adf8-43aa8c3b89f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Working with the AD RMS Client</maml:linkText><maml:uri href="mshelp://windows/?id=3230bca4-51cb-418f-86ba-bb6539385418"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=789533a5-50c5-435d-b06a-37db0ab5666e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: AD RMS</maml:linkText><maml:uri href="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
<maml:para>You can configure and manage AD RMS by using either the Windows interface or Windows PowerShell. These Help topics describe methods for using the Windows interface. For more information about using Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>. </maml:para>

<maml:para>For more information about planning, deploying, and troubleshooting AD RMS, see the Active Directory Rights Management Services TechCenter. (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=80907</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=80907"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>View a Summary of User Rights for a Rights Policy Template</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The summary of user rights lets you compare the rights granted to users and groups by a specific template without opening the rights policy template properties.</maml:para>
<maml:para>Membership in the local <maml:phrase>AD RMS Template Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure.</maml:para>
<maml:procedure><maml:title>To view a summary of user rights for a rights policy template</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Active Directory Rights Management Services console and expand the AD RMS cluster. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Rights Policy Templates</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, select the template for which you want to view rights.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>View Rights Summary</maml:ui>. The rights for each user and group specified for the template are displayed for your review. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To view the user rights for another rights policy template, repeat steps 3 and 4.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections><maml:section><maml:title>Additional considerations</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para>You can also perform the task described in this procedure by using Windows PowerShell. For more information about Windows PowerShell for AD RMS, see <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136806</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136806"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configuring Rights Policy Templates</maml:linkText><maml:uri href="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add User Rights Page</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Users and rights</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Contains the users or groups, specified by their e-mail address, that are granted rights by this template. The accounts must be present in Active Directory Domain Services with the associated e-mail attribute.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Rights for &lt;users&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Each user or group has a set of rights that are defined for that entity in the rights policy template. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Grant owner (author) full control right with no expiration</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Select this check box if you do not want the author of the rights-protected document to have an expiration date.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Rights request URL</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This URL can be configured to grant user requests for additional rights.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a New Rights Policy Template</maml:linkText><maml:uri href="mshelp://windows/?id=5c3e4dfa-acf1-4497-b57e-327e5be2b2b4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configure Windows Firewall</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The Windows Firewall is a host-based firewall application that is installed and turned on by default in Windows Server 2008 R2. If you want to use the functionality of the Windows Firewall within your Active Directory Rights Management Services (AD RMS) infrastructure, you must create a few firewall exceptions. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>This topic only discusses the firewall exceptions that are specific to AD RMS. Sometimes additional exceptions need to be made for other applications.</maml:para>
</maml:alertSet>

<maml:para>The following table shows the port exceptions that should be made on each AD RMS server in the cluster. It is not necessary to open both ports at the same time. For HTTP transmission, you should only open TCP port 80. If your AD RMS environment is using Secure Sockets Layer (SSL) or HTTPS, you should only open TCP port 443. The default port for SSL is TCP port 443. If your organization is using a port number for SSL other than the default, you should use that port instead.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>When AD RMS is installed, the appropriate exception described in the following table is created and enabled automatically.</maml:para>
</maml:alertSet>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Port Exception</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>TCP 80</maml:para>
</maml:entry>
<maml:entry>
<maml:para>HTTP</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>TCP 443</maml:para>
</maml:entry>
<maml:entry>
<maml:para>HTTPS or SSL communication</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>If there is more than one server in the AD RMS cluster, or the AD RMS database server is not on the AD RMS in a single-server deployment, the following port exceptions should be created on the database server that is hosting the AD RMS databases. This table assumes that you are using Microsoft SQL Server 2005 or later.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Port Exception</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>TCP 1433</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Default Microsoft SQL Server listening port</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>TCP 445</maml:para>
</maml:entry>
<maml:entry>
<maml:para>SQL Server Named Pipes (used for provisioning the AD RMS server)</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>In addition to creating these port exceptions, special considerations should be taken when configuring the firewall scope. Unless your AD RMS environment is used in an extranet scenario, you should restrict all traffic to your organization's network. If your AD RMS environment needs to be available to client computers outside of your organization's network, you should allow any computer on the Internet to connect to only TCP port 443 or TCP port 80.</maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>In an AD RMS environment, TCP port 445 is used to provision an AD RMS server, but this port is also the file sharing port for all computers that are running Microsoft Windows 2000 or later. Unless you have a specific need for other computers on your network to have access to this port, you should restrict the scope so that only the AD RMS cluster has access to TCP port 445 on the AD RMS database server.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional reference</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Installing an AD RMS Cluster</maml:linkText><maml:uri href="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="rms_help" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="© 2005 Microsoft Corporation. All rights reserved." Title="Active Directory Rights Management Services" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
	<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
		<IncludeFile File="rms_help.H1F" />
	</CompilerOptions>
	<TOCDef File="rms_help.H1T" Id="rms_help_TOC" />
	<VTopicDef File="rms_help.H1V" />
	<KeywordIndexDef File="rms_help_AssetId.H1K" />
	<KeywordIndexDef File="rms_help_BestBet.H1K" />
	<KeywordIndexDef File="rms_help_LinkTerm.H1K" />
	<KeywordIndexDef File="rms_help_SubjectTerm.H1K" />
	<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
	<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
	<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
	<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
	<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
	<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
	<File Url="assets\01719c3d-d9f3-4f00-a64e-227b66e13ed6.xml" />
	<File Url="assets\02d8d05b-003e-451e-aa07-f5b47f23f589.xml" />
	<File Url="assets\05c98626-7880-44e7-821f-753bd88526ca.xml" />
	<File Url="assets\07567fd0-68bf-4f59-9916-b8cafacaf04e.xml" />
	<File Url="assets\07780424-56b3-4032-932a-36aa3c6b8cbc.xml" />
	<File Url="assets\10fd534d-18d4-46a9-9647-e50d4f95b464.xml" />
	<File Url="assets\12db6560-7522-42e4-a98f-8f867c953635.xml" />
	<File Url="assets\1377e645-ba16-4b00-aba3-3682bc276998.xml" />
	<File Url="assets\154f79e2-7107-4138-b87b-2622ed879366.xml" />
	<File Url="assets\1bc393b9-5ce9-4950-acae-63a463ccfc36.xml" />
	<File Url="assets\1f1d0032-1e8c-4e5a-b438-cfa01fe82228.xml" />
	<File Url="assets\24ae01a6-a2c2-4f29-b16b-528565a83644.xml" />
	<File Url="assets\2a37646d-7011-40dd-a503-7cfdab162764.xml" />
	<File Url="assets\2e08964c-fd34-4746-938b-672315aacf48.xml" />
	<File Url="assets\2eecbdb1-9e09-4a46-bf34-3a2978313461.xml" />
	<File Url="assets\3230bca4-51cb-418f-86ba-bb6539385418.xml" />
	<File Url="assets\390c4d53-2a07-4207-af9a-401f916a9328.xml" />
	<File Url="assets\3a612201-7302-419b-86b2-3bde6d448d4e.xml" />
	<File Url="assets\3a6165d2-252b-4407-b62b-75373f274b98.xml" />
	<File Url="assets\3dea486b-7d3d-4ac7-89d7-da012951f312.xml" />
	<File Url="assets\3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d.xml" />
	<File Url="assets\3f1d6d09-4e85-4ad9-83ff-a8720b5441d6.xml" />
	<File Url="assets\40786655-0f0a-4c11-9b21-131171917a93.xml" />
	<File Url="assets\454ebdbb-6048-4fc3-a011-3fbed9d3d0e2.xml" />
	<File Url="assets\47c051ea-c776-4a56-ad5c-ec61ed139a17.xml" />
	<File Url="assets\4ceca4d5-3df2-4d36-ac68-461b7a34c716.xml" />
	<File Url="assets\4f757264-290e-4661-ba07-83912325efbd.xml" />
	<File Url="assets\50714cdb-7e30-4844-a2f0-55ef651eef7a.xml" />
	<File Url="assets\5141e060-08ac-4874-98bc-c493658c4c8f.xml" />
	<File Url="assets\53f02768-c99c-4188-b2c2-6ccd3c7c6889.xml" />
	<File Url="assets\55a69f4b-da6d-40b5-8673-17fa2fce6e7a.xml" />
	<File Url="assets\55a8adca-ccd6-41c8-a5e2-9a95926623da.xml" />
	<File Url="assets\568c8990-6120-4c3c-80d8-e7c37a784b94.xml" />
	<File Url="assets\58dedefe-49d0-4b2e-b673-bfaa513fc70e.xml" />
	<File Url="assets\59b8176f-ec11-494a-aa10-cb0e71b58ee9.xml" />
	<File Url="assets\59c802d0-3982-432c-b06f-3e148dca0166.xml" />
	<File Url="assets\59ebced7-b364-4dcb-bf96-7a0fade8629c.xml" />
	<File Url="assets\5c2b2b25-76b4-4ada-9d7b-4ef7a713b686.xml" />
	<File Url="assets\5c3e4dfa-acf1-4497-b57e-327e5be2b2b4.xml" />
	<File Url="assets\5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b.xml" />
	<File Url="assets\5e480c64-e052-4408-bd1c-716df14b2355.xml" />
	<File Url="assets\5eb527a9-34d8-464f-9735-e7dcd2613ffc.xml" />
	<File Url="assets\6072f26a-2e7a-4926-bf67-f6915cccfa9e.xml" />
	<File Url="assets\6257f49a-bf8d-4d90-ad04-0918d400068d.xml" />
	<File Url="assets\636a447d-35f0-4e6f-a8b2-0a1bf279d1de.xml" />
	<File Url="assets\67d89efe-28f6-422e-b0e3-e85da40a04f0.xml" />
	<File Url="assets\6ba05e2b-1b49-45c4-9138-6fd9d93ec142.xml" />
	<File Url="assets\71209d16-9e76-4bcf-8276-5e60ed8a4cef.xml" />
	<File Url="assets\71ae6d8f-1b18-402d-bc08-aeef8d097a8e.xml" />
	<File Url="assets\73829489-45f1-415b-90ab-061a263d1ef6.xml" />
	<File Url="assets\74272acc-0f2d-4dc2-876f-15b156a0b4e0.xml" />
	<File Url="assets\74358772-bba0-4390-b83e-0e6aab08619c.xml" />
	<File Url="assets\74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea.xml" />
	<File Url="assets\786d0acf-6dab-417d-ae39-91450083ddfa.xml" />
	<File Url="assets\789533a5-50c5-435d-b06a-37db0ab5666e.xml" />
	<File Url="assets\7a14d648-8c0c-4579-a60d-7cf15d2137a5.xml" />
	<File Url="assets\7cbdc6af-bd44-44ee-ae26-0d71318c9796.xml" />
	<File Url="assets\8028ae92-8397-4da3-b4be-5f04ec2532b5.xml" />
	<File Url="assets\8144f0e6-4968-4d3f-8af9-df23213786bf.xml" />
	<File Url="assets\838c46d3-e87a-445f-9ed5-9ba515f7ead2.xml" />
	<File Url="assets\878e9550-5966-40f3-862c-7ea309ddb0ed.xml" />
	<File Url="assets\8dba2e7f-700d-41b1-88a4-7489a6999e7b.xml" />
	<File Url="assets\8dbdc471-ca9f-4c31-9c36-5e5689b3f282.xml" />
	<File Url="assets\8e9c43b0-a215-467a-877f-9b75419dd817.xml" />
	<File Url="assets\8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8.xml" />
	<File Url="assets\8fb70322-3964-4493-99c0-fbfea30d66b6.xml" />
	<File Url="assets\90411fff-1651-43df-8b41-ea16b62da222.xml" />
	<File Url="assets\9060ef8e-8367-4d23-abaf-6bfeec7fced7.xml" />
	<File Url="assets\9145546f-a8ef-45b3-ab98-3e2c8bc1ef33.xml" />
	<File Url="assets\9210fa30-ce12-468a-9f16-506868e2aa4b.xml" />
	<File Url="assets\930d4692-3345-423c-99ac-63d21b12d94d.xml" />
	<File Url="assets\930fc9f6-bfd1-4ceb-8eec-7c40c29a4339.xml" />
	<File Url="assets\965c27f8-52cf-442f-9f95-dfbd7782fe8e.xml" />
	<File Url="assets\973f6f34-e1e6-455d-b041-06f0970c6dcb.xml" />
	<File Url="assets\97764943-7cfc-423f-aec4-864e2dfdb630.xml" />
	<File Url="assets\97c4a2bc-3885-4523-8b67-16e748d4dce8.xml" />
	<File Url="assets\9905aecd-a764-4c29-a49e-0a53fbff85c3.xml" />
	<File Url="assets\9a944ab7-f0d9-4224-97c6-b2543f537827.xml" />
	<File Url="assets\9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784.xml" />
	<File Url="assets\9fa2a030-7051-474d-bd71-da6482f9eb10.xml" />
	<File Url="assets\a171a2ed-a357-4d88-ad4e-e447961bc632.xml" />
	<File Url="assets\a21692e9-ce39-4fbb-90a3-11d676d5633e.xml" />
	<File Url="assets\a42680fa-2855-40d9-8e2c-74f72793ca24.xml" />
	<File Url="assets\a7b8252b-454a-42d6-bed7-46e4459eafb4.xml" />
	<File Url="assets\a7cca614-3146-437e-be39-0f8b8952b491.xml" />
	<File Url="assets\a8134792-3c67-4582-bf61-fe6d2e09ac84.xml" />
	<File Url="assets\a928c435-77a8-49fe-b08e-bfdc6bcc1fa7.xml" />
	<File Url="assets\a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4.xml" />
	<File Url="assets\aa344ab6-67e5-4fd4-af95-153e7e0b2546.xml" />
	<File Url="assets\aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f.xml" />
	<File Url="assets\ac2ec246-dd17-4c72-bf55-8a0c13efac4f.xml" />
	<File Url="assets\ae03d1a8-dd14-4750-ae4e-679dad59c8fc.xml" />
	<File Url="assets\ae904fc1-9a96-4dec-adf8-43aa8c3b89f0.xml" />
	<File Url="assets\b67a40b0-f954-4f55-a047-f82dd62be796.xml" />
	<File Url="assets\b8c24098-9f3b-4ba1-a34c-21e9308814c2.xml" />
	<File Url="assets\ba01e655-6a5f-4e6d-881d-4dca57859302.xml" />
	<File Url="assets\bd8266b9-ea5c-48d9-b1b2-0577154f7c9c.xml" />
	<File Url="assets\be22c109-968b-4635-a24d-050a25d4afee.xml" />
	<File Url="assets\be7de4f2-7bc1-4704-a046-1a24623b5d7a.xml" />
	<File Url="assets\c60ace22-c18e-4f88-9cd4-d82f6ca7e455.xml" />
	<File Url="assets\c64715bc-3d85-47b2-b543-5b97640303b3.xml" />
	<File Url="assets\c89f8c53-a265-4214-9c94-64159759fa5e.xml" />
	<File Url="assets\c8b196f6-6099-4f20-bf85-5fd3d2faa31e.xml" />
	<File Url="assets\c941ad6b-6184-4859-bd79-dc6d309a5109.xml" />
	<File Url="assets\c988e887-9d69-49eb-85aa-c53cf4504090.xml" />
	<File Url="assets\cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd.xml" />
	<File Url="assets\cdcd00de-abfb-43e9-a247-a462d7b65c54.xml" />
	<File Url="assets\cf19efcd-db3d-4468-8d3c-f6bbb8918133.xml" />
	<File Url="assets\cfa7254d-eca7-4238-8a5f-c138d92be441.xml" />
	<File Url="assets\d2fb938f-c13e-4293-b9df-245b63b6079f.xml" />
	<File Url="assets\db312fba-7c19-4eae-b3b9-18c5d41cc011.xml" />
	<File Url="assets\e46ee7dd-5acf-45db-b426-101fd6fa958b.xml" />
	<File Url="assets\e4ca2b0c-cbb2-4c52-9023-47e484b991e5.xml" />
	<File Url="assets\e605e743-a4cb-416b-becd-c7240d0b0449.xml" />
	<File Url="assets\e8aad84e-0be9-444a-a460-a4d40f4d2c0f.xml" />
	<File Url="assets\e95fea7b-b901-4fef-827e-9901abd58e1a.xml" />
	<File Url="assets\ea711929-0b07-4098-8738-89ef537c26e7.xml" />
	<File Url="assets\eae75c44-0844-4756-b560-cbe96825b2de.xml" />
	<File Url="assets\edab589f-74ea-48d5-a55a-7cb18a65f066.xml" />
	<File Url="assets\f04cf1fc-d07b-481e-a433-cf8e93ab64ba.xml" />
	<File Url="assets\f1f3f842-b742-49a7-8724-04706368fcac.xml" />
	<File Url="assets\f43dcb03-6e23-491a-87b0-67d541575923.xml" />
	<File Url="assets\f54901bb-20de-4103-b72b-a74f8e4e0054.xml" />
	<File Url="assets\f80253cf-2112-4b7d-8e97-509e49a9345a.xml" />
	<File Url="assets\fab65ea2-4ad4-4d95-82d5-f7a25a08287a.xml" />
	<File Url="assets\fd887192-681a-4ebc-a42d-a6be77f75dd4.xml" />
	<File Url="assets\fef73389-43c8-4b45-bf48-4e1682d89838.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
	<Vtopic Url="assets\01719c3d-d9f3-4f00-a64e-227b66e13ed6.xml" RLTitle="Trust Policies - Federated Identity Support - Federated Identity Support Properties">
		<Attr Name="assetid" Value="01719c3d-d9f3-4f00-a64e-227b66e13ed6" />
		<Keyword Index="AssetId" Term="01719c3d-d9f3-4f00-a64e-227b66e13ed6" />
		<Keyword Index="AssetId" Term="01719c3d-d9f3-4f00-a64e-227b66e13ed61033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="01719c3d-d9f3-4f00-a64e-227b66e13ed6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\02d8d05b-003e-451e-aa07-f5b47f23f589.xml" RLTitle="Security Policies - Super Users - Super Users Results Pane">
		<Attr Name="assetid" Value="02d8d05b-003e-451e-aa07-f5b47f23f589" />
		<Keyword Index="AssetId" Term="02d8d05b-003e-451e-aa07-f5b47f23f589" />
		<Keyword Index="AssetId" Term="02d8d05b-003e-451e-aa07-f5b47f23f5891033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="02d8d05b-003e-451e-aa07-f5b47f23f589" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\05c98626-7880-44e7-821f-753bd88526ca.xml" RLTitle="Checklist: Deploying AD RMS with AD FS">
		<Attr Name="assetid" Value="05c98626-7880-44e7-821f-753bd88526ca" />
		<Keyword Index="AssetId" Term="05c98626-7880-44e7-821f-753bd88526ca" />
		<Keyword Index="AssetId" Term="05c98626-7880-44e7-821f-753bd88526ca1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="05c98626-7880-44e7-821f-753bd88526ca" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\07567fd0-68bf-4f59-9916-b8cafacaf04e.xml" RLTitle="Use Windows Live ID to Establish RACs for Users">
		<Attr Name="assetid" Value="07567fd0-68bf-4f59-9916-b8cafacaf04e" />
		<Keyword Index="AssetId" Term="07567fd0-68bf-4f59-9916-b8cafacaf04e" />
		<Keyword Index="AssetId" Term="07567fd0-68bf-4f59-9916-b8cafacaf04e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="07567fd0-68bf-4f59-9916-b8cafacaf04e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\07780424-56b3-4032-932a-36aa3c6b8cbc.xml" RLTitle="Exclusion Policies - Users - Exclude User Wizard">
		<Attr Name="assetid" Value="07780424-56b3-4032-932a-36aa3c6b8cbc" />
		<Keyword Index="AssetId" Term="07780424-56b3-4032-932a-36aa3c6b8cbc" />
		<Keyword Index="AssetId" Term="07780424-56b3-4032-932a-36aa3c6b8cbc1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="07780424-56b3-4032-932a-36aa3c6b8cbc" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\10fd534d-18d4-46a9-9647-e50d4f95b464.xml" RLTitle="Trust Policies - Trusted User Domains - Trusted User Domain Properties">
		<Attr Name="assetid" Value="10fd534d-18d4-46a9-9647-e50d4f95b464" />
		<Keyword Index="AssetId" Term="10fd534d-18d4-46a9-9647-e50d4f95b464" />
		<Keyword Index="AssetId" Term="10fd534d-18d4-46a9-9647-e50d4f95b4641033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="10fd534d-18d4-46a9-9647-e50d4f95b464" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\12db6560-7522-42e4-a98f-8f867c953635.xml" RLTitle="Archive a Rights Policy Template">
		<Attr Name="assetid" Value="12db6560-7522-42e4-a98f-8f867c953635" />
		<Keyword Index="AssetId" Term="12db6560-7522-42e4-a98f-8f867c953635" />
		<Keyword Index="AssetId" Term="12db6560-7522-42e4-a98f-8f867c9536351033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="12db6560-7522-42e4-a98f-8f867c953635" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1377e645-ba16-4b00-aba3-3682bc276998.xml" RLTitle="Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Standard RAC Tab">
		<Attr Name="assetid" Value="1377e645-ba16-4b00-aba3-3682bc276998" />
		<Keyword Index="AssetId" Term="1377e645-ba16-4b00-aba3-3682bc276998" />
		<Keyword Index="AssetId" Term="1377e645-ba16-4b00-aba3-3682bc2769981033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1377e645-ba16-4b00-aba3-3682bc276998" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\154f79e2-7107-4138-b87b-2622ed879366.xml" RLTitle="Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Properties">
		<Attr Name="assetid" Value="154f79e2-7107-4138-b87b-2622ed879366" />
		<Keyword Index="AssetId" Term="154f79e2-7107-4138-b87b-2622ed879366" />
		<Keyword Index="AssetId" Term="154f79e2-7107-4138-b87b-2622ed8793661033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="154f79e2-7107-4138-b87b-2622ed879366" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1bc393b9-5ce9-4950-acae-63a463ccfc36.xml" RLTitle="Join an AD RMS Server to an Existing Cluster">
		<Attr Name="assetid" Value="1bc393b9-5ce9-4950-acae-63a463ccfc36" />
		<Keyword Index="AssetId" Term="1bc393b9-5ce9-4950-acae-63a463ccfc36" />
		<Keyword Index="AssetId" Term="1bc393b9-5ce9-4950-acae-63a463ccfc361033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1bc393b9-5ce9-4950-acae-63a463ccfc36" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1f1d0032-1e8c-4e5a-b438-cfa01fe82228.xml" RLTitle="Checklist: Deploying AD RMS in an Organization with Users in Multiple Forests">
		<Attr Name="assetid" Value="1f1d0032-1e8c-4e5a-b438-cfa01fe82228" />
		<Keyword Index="AssetId" Term="1f1d0032-1e8c-4e5a-b438-cfa01fe82228" />
		<Keyword Index="AssetId" Term="1f1d0032-1e8c-4e5a-b438-cfa01fe822281033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1f1d0032-1e8c-4e5a-b438-cfa01fe82228" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\24ae01a6-a2c2-4f29-b16b-528565a83644.xml" RLTitle="Install AD RMS Server Role">
		<Attr Name="assetid" Value="24ae01a6-a2c2-4f29-b16b-528565a83644" />
		<Keyword Index="AssetId" Term="24ae01a6-a2c2-4f29-b16b-528565a83644" />
		<Keyword Index="AssetId" Term="24ae01a6-a2c2-4f29-b16b-528565a836441033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="24ae01a6-a2c2-4f29-b16b-528565a83644" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2a37646d-7011-40dd-a503-7cfdab162764.xml" RLTitle="Register a Service Connection Point">
		<Attr Name="assetid" Value="2a37646d-7011-40dd-a503-7cfdab162764" />
		<Keyword Index="AssetId" Term="2a37646d-7011-40dd-a503-7cfdab162764" />
		<Keyword Index="AssetId" Term="2a37646d-7011-40dd-a503-7cfdab1627641033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2a37646d-7011-40dd-a503-7cfdab162764" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2e08964c-fd34-4746-938b-672315aacf48.xml" RLTitle="Restore Rights Policy Templates">
		<Attr Name="assetid" Value="2e08964c-fd34-4746-938b-672315aacf48" />
		<Keyword Index="AssetId" Term="2e08964c-fd34-4746-938b-672315aacf48" />
		<Keyword Index="AssetId" Term="2e08964c-fd34-4746-938b-672315aacf481033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2e08964c-fd34-4746-938b-672315aacf48" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2eecbdb1-9e09-4a46-bf34-3a2978313461.xml" RLTitle="Understanding AD RMS User Accounts">
		<Attr Name="assetid" Value="2eecbdb1-9e09-4a46-bf34-3a2978313461" />
		<Keyword Index="AssetId" Term="2eecbdb1-9e09-4a46-bf34-3a2978313461" />
		<Keyword Index="AssetId" Term="2eecbdb1-9e09-4a46-bf34-3a29783134611033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2eecbdb1-9e09-4a46-bf34-3a2978313461" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3230bca4-51cb-418f-86ba-bb6539385418.xml" RLTitle="Working with the AD RMS Client">
		<Attr Name="assetid" Value="3230bca4-51cb-418f-86ba-bb6539385418" />
		<Keyword Index="AssetId" Term="3230bca4-51cb-418f-86ba-bb6539385418" />
		<Keyword Index="AssetId" Term="3230bca4-51cb-418f-86ba-bb65393854181033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3230bca4-51cb-418f-86ba-bb6539385418" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\390c4d53-2a07-4207-af9a-401f916a9328.xml" RLTitle="Understanding AD RMS Clusters">
		<Attr Name="assetid" Value="390c4d53-2a07-4207-af9a-401f916a9328" />
		<Keyword Index="AssetId" Term="390c4d53-2a07-4207-af9a-401f916a9328" />
		<Keyword Index="AssetId" Term="390c4d53-2a07-4207-af9a-401f916a93281033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="390c4d53-2a07-4207-af9a-401f916a9328" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3a612201-7302-419b-86b2-3bde6d448d4e.xml" RLTitle="Understanding AD RMS Exclusion Policies">
		<Attr Name="assetid" Value="3a612201-7302-419b-86b2-3bde6d448d4e" />
		<Keyword Index="AssetId" Term="3a612201-7302-419b-86b2-3bde6d448d4e" />
		<Keyword Index="AssetId" Term="3a612201-7302-419b-86b2-3bde6d448d4e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3a612201-7302-419b-86b2-3bde6d448d4e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3a6165d2-252b-4407-b62b-75373f274b98.xml" RLTitle="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Rights Policy Template - Specify Expiration Policy Page">
		<Attr Name="assetid" Value="3a6165d2-252b-4407-b62b-75373f274b98" />
		<Keyword Index="AssetId" Term="3a6165d2-252b-4407-b62b-75373f274b98" />
		<Keyword Index="AssetId" Term="3a6165d2-252b-4407-b62b-75373f274b981033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3a6165d2-252b-4407-b62b-75373f274b98" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3dea486b-7d3d-4ac7-89d7-da012951f312.xml" RLTitle="Add New Language to Rights Policy Template">
		<Attr Name="assetid" Value="3dea486b-7d3d-4ac7-89d7-da012951f312" />
		<Keyword Index="AssetId" Term="3dea486b-7d3d-4ac7-89d7-da012951f312" />
		<Keyword Index="AssetId" Term="3dea486b-7d3d-4ac7-89d7-da012951f3121033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3dea486b-7d3d-4ac7-89d7-da012951f312" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d.xml" RLTitle="Rights Policy Templates - Rights Policy Templates Results Pane">
		<Attr Name="assetid" Value="3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d" />
		<Keyword Index="AssetId" Term="3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d" />
		<Keyword Index="AssetId" Term="3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3f1d6d09-4e85-4ad9-83ff-a8720b5441d6.xml" RLTitle="Installing an AD RMS Cluster">
		<Attr Name="assetid" Value="3f1d6d09-4e85-4ad9-83ff-a8720b5441d6" />
		<Keyword Index="AssetId" Term="3f1d6d09-4e85-4ad9-83ff-a8720b5441d6" />
		<Keyword Index="AssetId" Term="3f1d6d09-4e85-4ad9-83ff-a8720b5441d61033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3f1d6d09-4e85-4ad9-83ff-a8720b5441d6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\40786655-0f0a-4c11-9b21-131171917a93.xml" RLTitle="Cluster - Cluster Properties - SCP Tab">
		<Attr Name="assetid" Value="40786655-0f0a-4c11-9b21-131171917a93" />
		<Keyword Index="AssetId" Term="40786655-0f0a-4c11-9b21-131171917a93" />
		<Keyword Index="AssetId" Term="40786655-0f0a-4c11-9b21-131171917a931033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="40786655-0f0a-4c11-9b21-131171917a93" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\454ebdbb-6048-4fc3-a011-3fbed9d3d0e2.xml" RLTitle="Rights Policy Templates - Rights Policy Templates Properties">
		<Attr Name="assetid" Value="454ebdbb-6048-4fc3-a011-3fbed9d3d0e2" />
		<Keyword Index="AssetId" Term="454ebdbb-6048-4fc3-a011-3fbed9d3d0e2" />
		<Keyword Index="AssetId" Term="454ebdbb-6048-4fc3-a011-3fbed9d3d0e21033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="454ebdbb-6048-4fc3-a011-3fbed9d3d0e2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\47c051ea-c776-4a56-ad5c-ec61ed139a17.xml" RLTitle="Deploy Rights Policy Templates Manually">
		<Attr Name="assetid" Value="47c051ea-c776-4a56-ad5c-ec61ed139a17" />
		<Keyword Index="AssetId" Term="47c051ea-c776-4a56-ad5c-ec61ed139a17" />
		<Keyword Index="AssetId" Term="47c051ea-c776-4a56-ad5c-ec61ed139a171033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="47c051ea-c776-4a56-ad5c-ec61ed139a17" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\4ceca4d5-3df2-4d36-ac68-461b7a34c716.xml" RLTitle="Cluster - Cluster Properties - Proxy Settings Tab">
		<Attr Name="assetid" Value="4ceca4d5-3df2-4d36-ac68-461b7a34c716" />
		<Keyword Index="AssetId" Term="4ceca4d5-3df2-4d36-ac68-461b7a34c716" />
		<Keyword Index="AssetId" Term="4ceca4d5-3df2-4d36-ac68-461b7a34c7161033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="4ceca4d5-3df2-4d36-ac68-461b7a34c716" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\4f757264-290e-4661-ba07-83912325efbd.xml" RLTitle="Checklist: Deploying a Single-Server Installation">
		<Attr Name="assetid" Value="4f757264-290e-4661-ba07-83912325efbd" />
		<Keyword Index="AssetId" Term="4f757264-290e-4661-ba07-83912325efbd" />
		<Keyword Index="AssetId" Term="4f757264-290e-4661-ba07-83912325efbd1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="4f757264-290e-4661-ba07-83912325efbd" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\50714cdb-7e30-4844-a2f0-55ef651eef7a.xml" RLTitle="Set up a Super Users Group">
		<Attr Name="assetid" Value="50714cdb-7e30-4844-a2f0-55ef651eef7a" />
		<Keyword Index="AssetId" Term="50714cdb-7e30-4844-a2f0-55ef651eef7a" />
		<Keyword Index="AssetId" Term="50714cdb-7e30-4844-a2f0-55ef651eef7a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="50714cdb-7e30-4844-a2f0-55ef651eef7a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5141e060-08ac-4874-98bc-c493658c4c8f.xml" RLTitle="Enabling Exclusion Policies">
		<Attr Name="assetid" Value="5141e060-08ac-4874-98bc-c493658c4c8f" />
		<Keyword Index="AssetId" Term="5141e060-08ac-4874-98bc-c493658c4c8f" />
		<Keyword Index="AssetId" Term="5141e060-08ac-4874-98bc-c493658c4c8f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5141e060-08ac-4874-98bc-c493658c4c8f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\53f02768-c99c-4188-b2c2-6ccd3c7c6889.xml" RLTitle="Trust Policies - Trust Policies Results Pane">
		<Attr Name="assetid" Value="53f02768-c99c-4188-b2c2-6ccd3c7c6889" />
		<Keyword Index="AssetId" Term="53f02768-c99c-4188-b2c2-6ccd3c7c6889" />
		<Keyword Index="AssetId" Term="53f02768-c99c-4188-b2c2-6ccd3c7c68891033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="53f02768-c99c-4188-b2c2-6ccd3c7c6889" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\55a69f4b-da6d-40b5-8673-17fa2fce6e7a.xml" RLTitle="Reset the AD RMS Cluster Key Password">
		<Attr Name="assetid" Value="55a69f4b-da6d-40b5-8673-17fa2fce6e7a" />
		<Keyword Index="AssetId" Term="55a69f4b-da6d-40b5-8673-17fa2fce6e7a" />
		<Keyword Index="AssetId" Term="55a69f4b-da6d-40b5-8673-17fa2fce6e7a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="55a69f4b-da6d-40b5-8673-17fa2fce6e7a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\55a8adca-ccd6-41c8-a5e2-9a95926623da.xml" RLTitle="Trust Policies - Trusted Publishing Domains - Import Trusted Publishing Domain Wizard">
		<Attr Name="assetid" Value="55a8adca-ccd6-41c8-a5e2-9a95926623da" />
		<Keyword Index="AssetId" Term="55a8adca-ccd6-41c8-a5e2-9a95926623da" />
		<Keyword Index="AssetId" Term="55a8adca-ccd6-41c8-a5e2-9a95926623da1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="55a8adca-ccd6-41c8-a5e2-9a95926623da" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\568c8990-6120-4c3c-80d8-e7c37a784b94.xml" RLTitle="Cluster - Cluster Properties - Cluster URLs Tab">
		<Attr Name="assetid" Value="568c8990-6120-4c3c-80d8-e7c37a784b94" />
		<Keyword Index="AssetId" Term="568c8990-6120-4c3c-80d8-e7c37a784b94" />
		<Keyword Index="AssetId" Term="568c8990-6120-4c3c-80d8-e7c37a784b941033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="568c8990-6120-4c3c-80d8-e7c37a784b94" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\58dedefe-49d0-4b2e-b673-bfaa513fc70e.xml" RLTitle="Understanding AD RMS Certificates">
		<Attr Name="assetid" Value="58dedefe-49d0-4b2e-b673-bfaa513fc70e" />
		<Keyword Index="AssetId" Term="58dedefe-49d0-4b2e-b673-bfaa513fc70e" />
		<Keyword Index="AssetId" Term="58dedefe-49d0-4b2e-b673-bfaa513fc70e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="58dedefe-49d0-4b2e-b673-bfaa513fc70e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\59b8176f-ec11-494a-aa10-cb0e71b58ee9.xml" RLTitle="Trust Policies - Trusted User Domains - Trusted User Domain Certificate">
		<Attr Name="assetid" Value="59b8176f-ec11-494a-aa10-cb0e71b58ee9" />
		<Keyword Index="AssetId" Term="59b8176f-ec11-494a-aa10-cb0e71b58ee9" />
		<Keyword Index="AssetId" Term="59b8176f-ec11-494a-aa10-cb0e71b58ee91033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="59b8176f-ec11-494a-aa10-cb0e71b58ee9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\59c802d0-3982-432c-b06f-3e148dca0166.xml" RLTitle="Add a Trusted User Domain">
		<Attr Name="assetid" Value="59c802d0-3982-432c-b06f-3e148dca0166" />
		<Keyword Index="AssetId" Term="59c802d0-3982-432c-b06f-3e148dca0166" />
		<Keyword Index="AssetId" Term="59c802d0-3982-432c-b06f-3e148dca01661033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="59c802d0-3982-432c-b06f-3e148dca0166" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\59ebced7-b364-4dcb-bf96-7a0fade8629c.xml" RLTitle="Understanding Rights Enforcement">
		<Attr Name="assetid" Value="59ebced7-b364-4dcb-bf96-7a0fade8629c" />
		<Keyword Index="AssetId" Term="59ebced7-b364-4dcb-bf96-7a0fade8629c" />
		<Keyword Index="AssetId" Term="59ebced7-b364-4dcb-bf96-7a0fade8629c1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="59ebced7-b364-4dcb-bf96-7a0fade8629c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5c2b2b25-76b4-4ada-9d7b-4ef7a713b686.xml" RLTitle="Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Temporary RAC Tab">
		<Attr Name="assetid" Value="5c2b2b25-76b4-4ada-9d7b-4ef7a713b686" />
		<Keyword Index="AssetId" Term="5c2b2b25-76b4-4ada-9d7b-4ef7a713b686" />
		<Keyword Index="AssetId" Term="5c2b2b25-76b4-4ada-9d7b-4ef7a713b6861033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5c2b2b25-76b4-4ada-9d7b-4ef7a713b686" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5c3e4dfa-acf1-4497-b57e-327e5be2b2b4.xml" RLTitle="Create a New Rights Policy Template">
		<Attr Name="assetid" Value="5c3e4dfa-acf1-4497-b57e-327e5be2b2b4" />
		<Keyword Index="AssetId" Term="5c3e4dfa-acf1-4497-b57e-327e5be2b2b4" />
		<Keyword Index="AssetId" Term="5c3e4dfa-acf1-4497-b57e-327e5be2b2b41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5c3e4dfa-acf1-4497-b57e-327e5be2b2b4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b.xml" RLTitle="Configuring Accounts">
		<Attr Name="assetid" Value="5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b" />
		<Keyword Index="AssetId" Term="5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b" />
		<Keyword Index="AssetId" Term="5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5e480c64-e052-4408-bd1c-716df14b2355.xml" RLTitle="Edit a Rights Policy Template">
		<Attr Name="assetid" Value="5e480c64-e052-4408-bd1c-716df14b2355" />
		<Keyword Index="AssetId" Term="5e480c64-e052-4408-bd1c-716df14b2355" />
		<Keyword Index="AssetId" Term="5e480c64-e052-4408-bd1c-716df14b23551033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5e480c64-e052-4408-bd1c-716df14b2355" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5eb527a9-34d8-464f-9735-e7dcd2613ffc.xml" RLTitle="Administering Certificates">
		<Attr Name="assetid" Value="5eb527a9-34d8-464f-9735-e7dcd2613ffc" />
		<Keyword Index="AssetId" Term="5eb527a9-34d8-464f-9735-e7dcd2613ffc" />
		<Keyword Index="AssetId" Term="5eb527a9-34d8-464f-9735-e7dcd2613ffc1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5eb527a9-34d8-464f-9735-e7dcd2613ffc" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6072f26a-2e7a-4926-bf67-f6915cccfa9e.xml" RLTitle="Cluster - AD RMS Server Cluster Results Pane">
		<Attr Name="assetid" Value="6072f26a-2e7a-4926-bf67-f6915cccfa9e" />
		<Keyword Index="AssetId" Term="6072f26a-2e7a-4926-bf67-f6915cccfa9e" />
		<Keyword Index="AssetId" Term="6072f26a-2e7a-4926-bf67-f6915cccfa9e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6072f26a-2e7a-4926-bf67-f6915cccfa9e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6257f49a-bf8d-4d90-ad04-0918d400068d.xml" RLTitle="Understanding Rights Policy Templates">
		<Attr Name="assetid" Value="6257f49a-bf8d-4d90-ad04-0918d400068d" />
		<Keyword Index="AssetId" Term="6257f49a-bf8d-4d90-ad04-0918d400068d" />
		<Keyword Index="AssetId" Term="6257f49a-bf8d-4d90-ad04-0918d400068d1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6257f49a-bf8d-4d90-ad04-0918d400068d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\636a447d-35f0-4e6f-a8b2-0a1bf279d1de.xml" RLTitle="Enable support for Kerberos authentication">
		<Attr Name="assetid" Value="636a447d-35f0-4e6f-a8b2-0a1bf279d1de" />
		<Keyword Index="AssetId" Term="636a447d-35f0-4e6f-a8b2-0a1bf279d1de" />
		<Keyword Index="AssetId" Term="636a447d-35f0-4e6f-a8b2-0a1bf279d1de1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="636a447d-35f0-4e6f-a8b2-0a1bf279d1de" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\67d89efe-28f6-422e-b0e3-e85da40a04f0.xml" RLTitle="Establishing Trust Policies">
		<Attr Name="assetid" Value="67d89efe-28f6-422e-b0e3-e85da40a04f0" />
		<Keyword Index="AssetId" Term="67d89efe-28f6-422e-b0e3-e85da40a04f0" />
		<Keyword Index="AssetId" Term="67d89efe-28f6-422e-b0e3-e85da40a04f01033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="67d89efe-28f6-422e-b0e3-e85da40a04f0" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6ba05e2b-1b49-45c4-9138-6fd9d93ec142.xml" RLTitle="Change the AD RMS Service Account">
		<Attr Name="assetid" Value="6ba05e2b-1b49-45c4-9138-6fd9d93ec142" />
		<Keyword Index="AssetId" Term="6ba05e2b-1b49-45c4-9138-6fd9d93ec142" />
		<Keyword Index="AssetId" Term="6ba05e2b-1b49-45c4-9138-6fd9d93ec1421033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6ba05e2b-1b49-45c4-9138-6fd9d93ec142" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\71209d16-9e76-4bcf-8276-5e60ed8a4cef.xml" RLTitle="Add a Trusted Publishing Domain">
		<Attr Name="assetid" Value="71209d16-9e76-4bcf-8276-5e60ed8a4cef" />
		<Keyword Index="AssetId" Term="71209d16-9e76-4bcf-8276-5e60ed8a4cef" />
		<Keyword Index="AssetId" Term="71209d16-9e76-4bcf-8276-5e60ed8a4cef1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="71209d16-9e76-4bcf-8276-5e60ed8a4cef" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\71ae6d8f-1b18-402d-bc08-aeef8d097a8e.xml" RLTitle="Exclusion Policies - Lockbox - Lockbox Results Pane">
		<Attr Name="assetid" Value="71ae6d8f-1b18-402d-bc08-aeef8d097a8e" />
		<Keyword Index="AssetId" Term="71ae6d8f-1b18-402d-bc08-aeef8d097a8e" />
		<Keyword Index="AssetId" Term="71ae6d8f-1b18-402d-bc08-aeef8d097a8e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="71ae6d8f-1b18-402d-bc08-aeef8d097a8e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\73829489-45f1-415b-90ab-061a263d1ef6.xml" RLTitle="Configuring an AD RMS Cluster">
		<Attr Name="assetid" Value="73829489-45f1-415b-90ab-061a263d1ef6" />
		<Keyword Index="AssetId" Term="73829489-45f1-415b-90ab-061a263d1ef6" />
		<Keyword Index="AssetId" Term="73829489-45f1-415b-90ab-061a263d1ef61033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="73829489-45f1-415b-90ab-061a263d1ef6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\74272acc-0f2d-4dc2-876f-15b156a0b4e0.xml" RLTitle="Active Directory Rights Management Services Overview">
		<Attr Name="assetid" Value="74272acc-0f2d-4dc2-876f-15b156a0b4e0" />
		<Keyword Index="AssetId" Term="74272acc-0f2d-4dc2-876f-15b156a0b4e0" />
		<Keyword Index="AssetId" Term="74272acc-0f2d-4dc2-876f-15b156a0b4e01033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="Windows Longhorn Server" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="ProductEvaluation" />
		<Attr Name="Description" Value="An overview of Active Directory Rights Management Services." />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_RightsManagement" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_RightsManagementServices" />
		<Attr Name="updatedDate" Value="2007/05/03" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="74272acc-0f2d-4dc2-876f-15b156a0b4e0" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\74358772-bba0-4390-b83e-0e6aab08619c.xml" RLTitle="Trust Policies - Trusted User Domains - Trusted User Domains Results Pane">
		<Attr Name="assetid" Value="74358772-bba0-4390-b83e-0e6aab08619c" />
		<Keyword Index="AssetId" Term="74358772-bba0-4390-b83e-0e6aab08619c" />
		<Keyword Index="AssetId" Term="74358772-bba0-4390-b83e-0e6aab08619c1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="74358772-bba0-4390-b83e-0e6aab08619c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea.xml" RLTitle="Checklist: Deploying AD RMS in an Extranet">
		<Attr Name="assetid" Value="74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea" />
		<Keyword Index="AssetId" Term="74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea" />
		<Keyword Index="AssetId" Term="74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\786d0acf-6dab-417d-ae39-91450083ddfa.xml" RLTitle="Remove the AD RMS Server Role">
		<Attr Name="assetid" Value="786d0acf-6dab-417d-ae39-91450083ddfa" />
		<Keyword Index="AssetId" Term="786d0acf-6dab-417d-ae39-91450083ddfa" />
		<Keyword Index="AssetId" Term="786d0acf-6dab-417d-ae39-91450083ddfa1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="786d0acf-6dab-417d-ae39-91450083ddfa" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\789533a5-50c5-435d-b06a-37db0ab5666e.xml" RLTitle="Resources for AD RMS">
		<Attr Name="assetid" Value="789533a5-50c5-435d-b06a-37db0ab5666e" />
		<Keyword Index="AssetId" Term="789533a5-50c5-435d-b06a-37db0ab5666e" />
		<Keyword Index="AssetId" Term="789533a5-50c5-435d-b06a-37db0ab5666e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="789533a5-50c5-435d-b06a-37db0ab5666e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\7a14d648-8c0c-4579-a60d-7cf15d2137a5.xml" RLTitle="Exclusion Policies - Users - User Exclusion Policies Results Pane">
		<Attr Name="assetid" Value="7a14d648-8c0c-4579-a60d-7cf15d2137a5" />
		<Keyword Index="AssetId" Term="7a14d648-8c0c-4579-a60d-7cf15d2137a5" />
		<Keyword Index="AssetId" Term="7a14d648-8c0c-4579-a60d-7cf15d2137a51033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="7a14d648-8c0c-4579-a60d-7cf15d2137a5" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\7cbdc6af-bd44-44ee-ae26-0d71318c9796.xml" RLTitle="Enable Certification of Server Services">
		<Attr Name="assetid" Value="7cbdc6af-bd44-44ee-ae26-0d71318c9796" />
		<Keyword Index="AssetId" Term="7cbdc6af-bd44-44ee-ae26-0d71318c9796" />
		<Keyword Index="AssetId" Term="7cbdc6af-bd44-44ee-ae26-0d71318c97961033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="7cbdc6af-bd44-44ee-ae26-0d71318c9796" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8028ae92-8397-4da3-b4be-5f04ec2532b5.xml" RLTitle="Delete a Rights Policy Template">
		<Attr Name="assetid" Value="8028ae92-8397-4da3-b4be-5f04ec2532b5" />
		<Keyword Index="AssetId" Term="8028ae92-8397-4da3-b4be-5f04ec2532b5" />
		<Keyword Index="AssetId" Term="8028ae92-8397-4da3-b4be-5f04ec2532b51033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8028ae92-8397-4da3-b4be-5f04ec2532b5" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8144f0e6-4968-4d3f-8af9-df23213786bf.xml" RLTitle="Security Policies - Security Policies Results Pane">
		<Attr Name="assetid" Value="8144f0e6-4968-4d3f-8af9-df23213786bf" />
		<Keyword Index="AssetId" Term="8144f0e6-4968-4d3f-8af9-df23213786bf" />
		<Keyword Index="AssetId" Term="8144f0e6-4968-4d3f-8af9-df23213786bf1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8144f0e6-4968-4d3f-8af9-df23213786bf" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\838c46d3-e87a-445f-9ed5-9ba515f7ead2.xml" RLTitle="Understanding the AD RMS Databases">
		<Attr Name="assetid" Value="838c46d3-e87a-445f-9ed5-9ba515f7ead2" />
		<Keyword Index="AssetId" Term="838c46d3-e87a-445f-9ed5-9ba515f7ead2" />
		<Keyword Index="AssetId" Term="838c46d3-e87a-445f-9ed5-9ba515f7ead21033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="838c46d3-e87a-445f-9ed5-9ba515f7ead2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\878e9550-5966-40f3-862c-7ea309ddb0ed.xml" RLTitle="Pre-installation Information for Active Directory Rights Management Services">
		<Attr Name="assetid" Value="878e9550-5966-40f3-862c-7ea309ddb0ed" />
		<Keyword Index="AssetId" Term="878e9550-5966-40f3-862c-7ea309ddb0ed" />
		<Keyword Index="AssetId" Term="878e9550-5966-40f3-862c-7ea309ddb0ed1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="Windows Longhorn Server" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="Description" Value="Pre-installation information for Active Directory Rights Management Services, including system requirements and pre-deployment considerations." />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_RightsManagement" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_RightsManagementServices" />
		<Attr Name="updatedDate" Value="2007/04/25" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="878e9550-5966-40f3-862c-7ea309ddb0ed" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8dba2e7f-700d-41b1-88a4-7489a6999e7b.xml" RLTitle="Managing the AD RMS databases">
		<Attr Name="assetid" Value="8dba2e7f-700d-41b1-88a4-7489a6999e7b" />
		<Keyword Index="AssetId" Term="8dba2e7f-700d-41b1-88a4-7489a6999e7b" />
		<Keyword Index="AssetId" Term="8dba2e7f-700d-41b1-88a4-7489a6999e7b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8dba2e7f-700d-41b1-88a4-7489a6999e7b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8dbdc471-ca9f-4c31-9c36-5e5689b3f282.xml" RLTitle="Deploy Rights Policy Templates Through Group Policy">
		<Attr Name="assetid" Value="8dbdc471-ca9f-4c31-9c36-5e5689b3f282" />
		<Keyword Index="AssetId" Term="8dbdc471-ca9f-4c31-9c36-5e5689b3f282" />
		<Keyword Index="AssetId" Term="8dbdc471-ca9f-4c31-9c36-5e5689b3f2821033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="updatedDate" Value="2008/01/28" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8dbdc471-ca9f-4c31-9c36-5e5689b3f282" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8e9c43b0-a215-467a-877f-9b75419dd817.xml" RLTitle="Trust Policies - Trusted Publishing Domains - Export Trusted Publishing Domain Wizard">
		<Attr Name="assetid" Value="8e9c43b0-a215-467a-877f-9b75419dd817" />
		<Keyword Index="AssetId" Term="8e9c43b0-a215-467a-877f-9b75419dd817" />
		<Keyword Index="AssetId" Term="8e9c43b0-a215-467a-877f-9b75419dd8171033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8e9c43b0-a215-467a-877f-9b75419dd817" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8.xml" RLTitle="Specify the Location of Rights Policy Templates">
		<Attr Name="assetid" Value="8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8" />
		<Keyword Index="AssetId" Term="8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8" />
		<Keyword Index="AssetId" Term="8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b81033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8fb70322-3964-4493-99c0-fbfea30d66b6.xml" RLTitle="Reports - Reports Results Pane">
		<Attr Name="assetid" Value="8fb70322-3964-4493-99c0-fbfea30d66b6" />
		<Keyword Index="AssetId" Term="8fb70322-3964-4493-99c0-fbfea30d66b6" />
		<Keyword Index="AssetId" Term="8fb70322-3964-4493-99c0-fbfea30d66b61033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8fb70322-3964-4493-99c0-fbfea30d66b6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\90411fff-1651-43df-8b41-ea16b62da222.xml" RLTitle="Install the AD RMS Client on Earlier Versions of Windows">
		<Attr Name="assetid" Value="90411fff-1651-43df-8b41-ea16b62da222" />
		<Keyword Index="AssetId" Term="90411fff-1651-43df-8b41-ea16b62da222" />
		<Keyword Index="AssetId" Term="90411fff-1651-43df-8b41-ea16b62da2221033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="90411fff-1651-43df-8b41-ea16b62da222" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9060ef8e-8367-4d23-abaf-6bfeec7fced7.xml" RLTitle="Security Policies - Cluster Key Password - Cluster Key Password Properties">
		<Attr Name="assetid" Value="9060ef8e-8367-4d23-abaf-6bfeec7fced7" />
		<Keyword Index="AssetId" Term="9060ef8e-8367-4d23-abaf-6bfeec7fced7" />
		<Keyword Index="AssetId" Term="9060ef8e-8367-4d23-abaf-6bfeec7fced71033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9060ef8e-8367-4d23-abaf-6bfeec7fced7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9145546f-a8ef-45b3-ab98-3e2c8bc1ef33.xml" RLTitle="Administer AD RMS by Using the Active Directory Rights Management Services console">
		<Attr Name="assetid" Value="9145546f-a8ef-45b3-ab98-3e2c8bc1ef33" />
		<Keyword Index="AssetId" Term="9145546f-a8ef-45b3-ab98-3e2c8bc1ef33" />
		<Keyword Index="AssetId" Term="9145546f-a8ef-45b3-ab98-3e2c8bc1ef331033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9145546f-a8ef-45b3-ab98-3e2c8bc1ef33" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9210fa30-ce12-468a-9f16-506868e2aa4b.xml" RLTitle="Add Users to AD RMS Administrative Groups">
		<Attr Name="assetid" Value="9210fa30-ce12-468a-9f16-506868e2aa4b" />
		<Keyword Index="AssetId" Term="9210fa30-ce12-468a-9f16-506868e2aa4b" />
		<Keyword Index="AssetId" Term="9210fa30-ce12-468a-9f16-506868e2aa4b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9210fa30-ce12-468a-9f16-506868e2aa4b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\930d4692-3345-423c-99ac-63d21b12d94d.xml" RLTitle="Export a Trusted Publishing Domain">
		<Attr Name="assetid" Value="930d4692-3345-423c-99ac-63d21b12d94d" />
		<Keyword Index="AssetId" Term="930d4692-3345-423c-99ac-63d21b12d94d" />
		<Keyword Index="AssetId" Term="930d4692-3345-423c-99ac-63d21b12d94d1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="930d4692-3345-423c-99ac-63d21b12d94d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\930fc9f6-bfd1-4ceb-8eec-7c40c29a4339.xml" RLTitle="Exclusion Policies - Applications - Excluded Application Properties">
		<Attr Name="assetid" Value="930fc9f6-bfd1-4ceb-8eec-7c40c29a4339" />
		<Keyword Index="AssetId" Term="930fc9f6-bfd1-4ceb-8eec-7c40c29a4339" />
		<Keyword Index="AssetId" Term="930fc9f6-bfd1-4ceb-8eec-7c40c29a43391033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="930fc9f6-bfd1-4ceb-8eec-7c40c29a4339" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\965c27f8-52cf-442f-9f95-dfbd7782fe8e.xml" RLTitle="User Interface: AD RMS">
		<Attr Name="assetid" Value="965c27f8-52cf-442f-9f95-dfbd7782fe8e" />
		<Keyword Index="AssetId" Term="965c27f8-52cf-442f-9f95-dfbd7782fe8e" />
		<Keyword Index="AssetId" Term="965c27f8-52cf-442f-9f95-dfbd7782fe8e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="965c27f8-52cf-442f-9f95-dfbd7782fe8e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\973f6f34-e1e6-455d-b041-06f0970c6dcb.xml" RLTitle="Exclusion Policies - Applications - Exclude Application Wizard">
		<Attr Name="assetid" Value="973f6f34-e1e6-455d-b041-06f0970c6dcb" />
		<Keyword Index="AssetId" Term="973f6f34-e1e6-455d-b041-06f0970c6dcb" />
		<Keyword Index="AssetId" Term="973f6f34-e1e6-455d-b041-06f0970c6dcb1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="973f6f34-e1e6-455d-b041-06f0970c6dcb" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\97764943-7cfc-423f-aec4-864e2dfdb630.xml" RLTitle="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Extended Policy Page">
		<Attr Name="assetid" Value="97764943-7cfc-423f-aec4-864e2dfdb630" />
		<Keyword Index="AssetId" Term="97764943-7cfc-423f-aec4-864e2dfdb630" />
		<Keyword Index="AssetId" Term="97764943-7cfc-423f-aec4-864e2dfdb6301033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="97764943-7cfc-423f-aec4-864e2dfdb630" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\97c4a2bc-3885-4523-8b67-16e748d4dce8.xml" RLTitle="Rights Policy Templates - Template">
		<Attr Name="assetid" Value="97c4a2bc-3885-4523-8b67-16e748d4dce8" />
		<Keyword Index="AssetId" Term="97c4a2bc-3885-4523-8b67-16e748d4dce8" />
		<Keyword Index="AssetId" Term="97c4a2bc-3885-4523-8b67-16e748d4dce81033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="97c4a2bc-3885-4523-8b67-16e748d4dce8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9905aecd-a764-4c29-a49e-0a53fbff85c3.xml" RLTitle="Cluster - Change AD RMS Service Account Wizard">
		<Attr Name="assetid" Value="9905aecd-a764-4c29-a49e-0a53fbff85c3" />
		<Keyword Index="AssetId" Term="9905aecd-a764-4c29-a49e-0a53fbff85c3" />
		<Keyword Index="AssetId" Term="9905aecd-a764-4c29-a49e-0a53fbff85c31033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9905aecd-a764-4c29-a49e-0a53fbff85c3" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9a944ab7-f0d9-4224-97c6-b2543f537827.xml" RLTitle="Exclude Lockbox Versions">
		<Attr Name="assetid" Value="9a944ab7-f0d9-4224-97c6-b2543f537827" />
		<Keyword Index="AssetId" Term="9a944ab7-f0d9-4224-97c6-b2543f537827" />
		<Keyword Index="AssetId" Term="9a944ab7-f0d9-4224-97c6-b2543f5378271033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9a944ab7-f0d9-4224-97c6-b2543f537827" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784.xml" RLTitle="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add Template Identification Page">
		<Attr Name="assetid" Value="9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784" />
		<Keyword Index="AssetId" Term="9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784" />
		<Keyword Index="AssetId" Term="9bb3ab14-5e36-4d4e-bb5a-a4d3078f87841033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9fa2a030-7051-474d-bd71-da6482f9eb10.xml" RLTitle="Exclusion Policies - Applications - Excluded Application Results Pane">
		<Attr Name="assetid" Value="9fa2a030-7051-474d-bd71-da6482f9eb10" />
		<Keyword Index="AssetId" Term="9fa2a030-7051-474d-bd71-da6482f9eb10" />
		<Keyword Index="AssetId" Term="9fa2a030-7051-474d-bd71-da6482f9eb101033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9fa2a030-7051-474d-bd71-da6482f9eb10" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a171a2ed-a357-4d88-ad4e-e447961bc632.xml" RLTitle="Specify the Administrative Contact">
		<Attr Name="assetid" Value="a171a2ed-a357-4d88-ad4e-e447961bc632" />
		<Keyword Index="AssetId" Term="a171a2ed-a357-4d88-ad4e-e447961bc632" />
		<Keyword Index="AssetId" Term="a171a2ed-a357-4d88-ad4e-e447961bc6321033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a171a2ed-a357-4d88-ad4e-e447961bc632" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a21692e9-ce39-4fbb-90a3-11d676d5633e.xml" RLTitle="Exclude Users">
		<Attr Name="assetid" Value="a21692e9-ce39-4fbb-90a3-11d676d5633e" />
		<Keyword Index="AssetId" Term="a21692e9-ce39-4fbb-90a3-11d676d5633e" />
		<Keyword Index="AssetId" Term="a21692e9-ce39-4fbb-90a3-11d676d5633e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a21692e9-ce39-4fbb-90a3-11d676d5633e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a42680fa-2855-40d9-8e2c-74f72793ca24.xml" RLTitle="Configuring Rights Policy Templates">
		<Attr Name="assetid" Value="a42680fa-2855-40d9-8e2c-74f72793ca24" />
		<Keyword Index="AssetId" Term="a42680fa-2855-40d9-8e2c-74f72793ca24" />
		<Keyword Index="AssetId" Term="a42680fa-2855-40d9-8e2c-74f72793ca241033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a42680fa-2855-40d9-8e2c-74f72793ca24" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a7b8252b-454a-42d6-bed7-46e4459eafb4.xml" RLTitle="Cluster - Cluster Properties - Server Certificate Tab">
		<Attr Name="assetid" Value="a7b8252b-454a-42d6-bed7-46e4459eafb4" />
		<Keyword Index="AssetId" Term="a7b8252b-454a-42d6-bed7-46e4459eafb4" />
		<Keyword Index="AssetId" Term="a7b8252b-454a-42d6-bed7-46e4459eafb41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a7b8252b-454a-42d6-bed7-46e4459eafb4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a7cca614-3146-437e-be39-0f8b8952b491.xml" RLTitle="Enable Certification of Mobile Devices">
		<Attr Name="assetid" Value="a7cca614-3146-437e-be39-0f8b8952b491" />
		<Keyword Index="AssetId" Term="a7cca614-3146-437e-be39-0f8b8952b491" />
		<Keyword Index="AssetId" Term="a7cca614-3146-437e-be39-0f8b8952b4911033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a7cca614-3146-437e-be39-0f8b8952b491" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a8134792-3c67-4582-bf61-fe6d2e09ac84.xml" RLTitle="Exclusion Policies - Lockbox - Lockbox Properties">
		<Attr Name="assetid" Value="a8134792-3c67-4582-bf61-fe6d2e09ac84" />
		<Keyword Index="AssetId" Term="a8134792-3c67-4582-bf61-fe6d2e09ac84" />
		<Keyword Index="AssetId" Term="a8134792-3c67-4582-bf61-fe6d2e09ac841033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a8134792-3c67-4582-bf61-fe6d2e09ac84" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a928c435-77a8-49fe-b08e-bfdc6bcc1fa7.xml" RLTitle="Import an SSL Certificate Using Internet Information Services (IIS) Manager">
		<Attr Name="assetid" Value="a928c435-77a8-49fe-b08e-bfdc6bcc1fa7" />
		<Keyword Index="AssetId" Term="a928c435-77a8-49fe-b08e-bfdc6bcc1fa7" />
		<Keyword Index="AssetId" Term="a928c435-77a8-49fe-b08e-bfdc6bcc1fa71033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a928c435-77a8-49fe-b08e-bfdc6bcc1fa7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4.xml" RLTitle="Cluster - Cluster Properties - AD RMS Servers Tab">
		<Attr Name="assetid" Value="a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4" />
		<Keyword Index="AssetId" Term="a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4" />
		<Keyword Index="AssetId" Term="a9ea1ac8-d183-46fe-9188-dff5d0b3b4b41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\aa344ab6-67e5-4fd4-af95-153e7e0b2546.xml" RLTitle="Cluster - Cluster Properties - General Tab">
		<Attr Name="assetid" Value="aa344ab6-67e5-4fd4-af95-153e7e0b2546" />
		<Keyword Index="AssetId" Term="aa344ab6-67e5-4fd4-af95-153e7e0b2546" />
		<Keyword Index="AssetId" Term="aa344ab6-67e5-4fd4-af95-153e7e0b25461033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="aa344ab6-67e5-4fd4-af95-153e7e0b2546" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f.xml" RLTitle="Security Policies - Decommissioning Results Pane">
		<Attr Name="assetid" Value="aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f" />
		<Keyword Index="AssetId" Term="aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f" />
		<Keyword Index="AssetId" Term="aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ac2ec246-dd17-4c72-bf55-8a0c13efac4f.xml" RLTitle="Check the Password Policy for Your Organization">
		<Attr Name="assetid" Value="ac2ec246-dd17-4c72-bf55-8a0c13efac4f" />
		<Keyword Index="AssetId" Term="ac2ec246-dd17-4c72-bf55-8a0c13efac4f" />
		<Keyword Index="AssetId" Term="ac2ec246-dd17-4c72-bf55-8a0c13efac4f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="updatedDate" Value="2008/01/28" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ac2ec246-dd17-4c72-bf55-8a0c13efac4f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ae03d1a8-dd14-4750-ae4e-679dad59c8fc.xml" RLTitle="Add an Extranet Cluster URL">
		<Attr Name="assetid" Value="ae03d1a8-dd14-4750-ae4e-679dad59c8fc" />
		<Keyword Index="AssetId" Term="ae03d1a8-dd14-4750-ae4e-679dad59c8fc" />
		<Keyword Index="AssetId" Term="ae03d1a8-dd14-4750-ae4e-679dad59c8fc1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ae03d1a8-dd14-4750-ae4e-679dad59c8fc" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ae904fc1-9a96-4dec-adf8-43aa8c3b89f0.xml" RLTitle="Removing an AD RMS Cluster">
		<Attr Name="assetid" Value="ae904fc1-9a96-4dec-adf8-43aa8c3b89f0" />
		<Keyword Index="AssetId" Term="ae904fc1-9a96-4dec-adf8-43aa8c3b89f0" />
		<Keyword Index="AssetId" Term="ae904fc1-9a96-4dec-adf8-43aa8c3b89f01033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ae904fc1-9a96-4dec-adf8-43aa8c3b89f0" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\b67a40b0-f954-4f55-a047-f82dd62be796.xml" RLTitle="Monitor the AD RMS Message Queue">
		<Attr Name="assetid" Value="b67a40b0-f954-4f55-a047-f82dd62be796" />
		<Keyword Index="AssetId" Term="b67a40b0-f954-4f55-a047-f82dd62be796" />
		<Keyword Index="AssetId" Term="b67a40b0-f954-4f55-a047-f82dd62be7961033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="b67a40b0-f954-4f55-a047-f82dd62be796" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\b8c24098-9f3b-4ba1-a34c-21e9308814c2.xml" RLTitle="Upgrade to AD RMS">
		<Attr Name="assetid" Value="b8c24098-9f3b-4ba1-a34c-21e9308814c2" />
		<Keyword Index="AssetId" Term="b8c24098-9f3b-4ba1-a34c-21e9308814c2" />
		<Keyword Index="AssetId" Term="b8c24098-9f3b-4ba1-a34c-21e9308814c21033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="updatedDate" Value="2008/01/28" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="b8c24098-9f3b-4ba1-a34c-21e9308814c2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ba01e655-6a5f-4e6d-881d-4dca57859302.xml" RLTitle="Rights Account Certificate Policies - Rights Account Certificate Policies Results Pane">
		<Attr Name="assetid" Value="ba01e655-6a5f-4e6d-881d-4dca57859302" />
		<Keyword Index="AssetId" Term="ba01e655-6a5f-4e6d-881d-4dca57859302" />
		<Keyword Index="AssetId" Term="ba01e655-6a5f-4e6d-881d-4dca578593021033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ba01e655-6a5f-4e6d-881d-4dca57859302" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\bd8266b9-ea5c-48d9-b1b2-0577154f7c9c.xml" RLTitle="Authenticate Clients Using Smart Cards">
		<Attr Name="assetid" Value="bd8266b9-ea5c-48d9-b1b2-0577154f7c9c" />
		<Keyword Index="AssetId" Term="bd8266b9-ea5c-48d9-b1b2-0577154f7c9c" />
		<Keyword Index="AssetId" Term="bd8266b9-ea5c-48d9-b1b2-0577154f7c9c1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="bd8266b9-ea5c-48d9-b1b2-0577154f7c9c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\be22c109-968b-4635-a24d-050a25d4afee.xml" RLTitle="Exclude Applications">
		<Attr Name="assetid" Value="be22c109-968b-4635-a24d-050a25d4afee" />
		<Keyword Index="AssetId" Term="be22c109-968b-4635-a24d-050a25d4afee" />
		<Keyword Index="AssetId" Term="be22c109-968b-4635-a24d-050a25d4afee1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="be22c109-968b-4635-a24d-050a25d4afee" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\be7de4f2-7bc1-4704-a046-1a24623b5d7a.xml" RLTitle="Export the Server Licensor Certificate">
		<Attr Name="assetid" Value="be7de4f2-7bc1-4704-a046-1a24623b5d7a" />
		<Keyword Index="AssetId" Term="be7de4f2-7bc1-4704-a046-1a24623b5d7a" />
		<Keyword Index="AssetId" Term="be7de4f2-7bc1-4704-a046-1a24623b5d7a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="be7de4f2-7bc1-4704-a046-1a24623b5d7a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c60ace22-c18e-4f88-9cd4-d82f6ca7e455.xml" RLTitle="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Revocation Policy Page">
		<Attr Name="assetid" Value="c60ace22-c18e-4f88-9cd4-d82f6ca7e455" />
		<Keyword Index="AssetId" Term="c60ace22-c18e-4f88-9cd4-d82f6ca7e455" />
		<Keyword Index="AssetId" Term="c60ace22-c18e-4f88-9cd4-d82f6ca7e4551033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c60ace22-c18e-4f88-9cd4-d82f6ca7e455" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c64715bc-3d85-47b2-b543-5b97640303b3.xml" RLTitle="Configure the Access Control List on the GroupExpansion Folder">
		<Attr Name="assetid" Value="c64715bc-3d85-47b2-b543-5b97640303b3" />
		<Keyword Index="AssetId" Term="c64715bc-3d85-47b2-b543-5b97640303b3" />
		<Keyword Index="AssetId" Term="c64715bc-3d85-47b2-b543-5b97640303b31033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c64715bc-3d85-47b2-b543-5b97640303b3" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c89f8c53-a265-4214-9c94-64159759fa5e.xml" RLTitle="Security Policies - Cluster Key Password Results Pane">
		<Attr Name="assetid" Value="c89f8c53-a265-4214-9c94-64159759fa5e" />
		<Keyword Index="AssetId" Term="c89f8c53-a265-4214-9c94-64159759fa5e" />
		<Keyword Index="AssetId" Term="c89f8c53-a265-4214-9c94-64159759fa5e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c89f8c53-a265-4214-9c94-64159759fa5e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c8b196f6-6099-4f20-bf85-5fd3d2faa31e.xml" RLTitle="Specify the Rights Account Certificate Validity Duration">
		<Attr Name="assetid" Value="c8b196f6-6099-4f20-bf85-5fd3d2faa31e" />
		<Keyword Index="AssetId" Term="c8b196f6-6099-4f20-bf85-5fd3d2faa31e" />
		<Keyword Index="AssetId" Term="c8b196f6-6099-4f20-bf85-5fd3d2faa31e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c8b196f6-6099-4f20-bf85-5fd3d2faa31e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c941ad6b-6184-4859-bd79-dc6d309a5109.xml" RLTitle="Configure Federated Identity Support Settings">
		<Attr Name="assetid" Value="c941ad6b-6184-4859-bd79-dc6d309a5109" />
		<Keyword Index="AssetId" Term="c941ad6b-6184-4859-bd79-dc6d309a5109" />
		<Keyword Index="AssetId" Term="c941ad6b-6184-4859-bd79-dc6d309a51091033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c941ad6b-6184-4859-bd79-dc6d309a5109" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c988e887-9d69-49eb-85aa-c53cf4504090.xml" RLTitle="Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Certificate">
		<Attr Name="assetid" Value="c988e887-9d69-49eb-85aa-c53cf4504090" />
		<Keyword Index="AssetId" Term="c988e887-9d69-49eb-85aa-c53cf4504090" />
		<Keyword Index="AssetId" Term="c988e887-9d69-49eb-85aa-c53cf45040901033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c988e887-9d69-49eb-85aa-c53cf4504090" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd.xml" RLTitle="Trust Policies - Trusted User Domains - Import Trusted User Domain Wizard">
		<Attr Name="assetid" Value="cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd" />
		<Keyword Index="AssetId" Term="cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd" />
		<Keyword Index="AssetId" Term="cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cdcd00de-abfb-43e9-a247-a462d7b65c54.xml" RLTitle="Turn on or Turn off Logging">
		<Attr Name="assetid" Value="cdcd00de-abfb-43e9-a247-a462d7b65c54" />
		<Keyword Index="AssetId" Term="cdcd00de-abfb-43e9-a247-a462d7b65c54" />
		<Keyword Index="AssetId" Term="cdcd00de-abfb-43e9-a247-a462d7b65c541033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cdcd00de-abfb-43e9-a247-a462d7b65c54" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cf19efcd-db3d-4468-8d3c-f6bbb8918133.xml" RLTitle="Add Cluster - Add Cluster Wizard">
		<Attr Name="assetid" Value="cf19efcd-db3d-4468-8d3c-f6bbb8918133" />
		<Keyword Index="AssetId" Term="cf19efcd-db3d-4468-8d3c-f6bbb8918133" />
		<Keyword Index="AssetId" Term="cf19efcd-db3d-4468-8d3c-f6bbb89181331033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cf19efcd-db3d-4468-8d3c-f6bbb8918133" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cfa7254d-eca7-4238-8a5f-c138d92be441.xml" RLTitle="Security Policies - Super Users - Super Users Properties">
		<Attr Name="assetid" Value="cfa7254d-eca7-4238-8a5f-c138d92be441" />
		<Keyword Index="AssetId" Term="cfa7254d-eca7-4238-8a5f-c138d92be441" />
		<Keyword Index="AssetId" Term="cfa7254d-eca7-4238-8a5f-c138d92be4411033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cfa7254d-eca7-4238-8a5f-c138d92be441" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\d2fb938f-c13e-4293-b9df-245b63b6079f.xml" RLTitle="Exclusion Policies - Applications - Application Exclusion Policies Results Pane">
		<Attr Name="assetid" Value="d2fb938f-c13e-4293-b9df-245b63b6079f" />
		<Keyword Index="AssetId" Term="d2fb938f-c13e-4293-b9df-245b63b6079f" />
		<Keyword Index="AssetId" Term="d2fb938f-c13e-4293-b9df-245b63b6079f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="d2fb938f-c13e-4293-b9df-245b63b6079f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\db312fba-7c19-4eae-b3b9-18c5d41cc011.xml" RLTitle="Understanding AD RMS Key Protection and Storage">
		<Attr Name="assetid" Value="db312fba-7c19-4eae-b3b9-18c5d41cc011" />
		<Keyword Index="AssetId" Term="db312fba-7c19-4eae-b3b9-18c5d41cc011" />
		<Keyword Index="AssetId" Term="db312fba-7c19-4eae-b3b9-18c5d41cc0111033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="db312fba-7c19-4eae-b3b9-18c5d41cc011" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e46ee7dd-5acf-45db-b426-101fd6fa958b.xml" RLTitle="Decommission AD RMS">
		<Attr Name="assetid" Value="e46ee7dd-5acf-45db-b426-101fd6fa958b" />
		<Keyword Index="AssetId" Term="e46ee7dd-5acf-45db-b426-101fd6fa958b" />
		<Keyword Index="AssetId" Term="e46ee7dd-5acf-45db-b426-101fd6fa958b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e46ee7dd-5acf-45db-b426-101fd6fa958b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e4ca2b0c-cbb2-4c52-9023-47e484b991e5.xml" RLTitle="Change AD RMS Proxy Settings">
		<Attr Name="assetid" Value="e4ca2b0c-cbb2-4c52-9023-47e484b991e5" />
		<Keyword Index="AssetId" Term="e4ca2b0c-cbb2-4c52-9023-47e484b991e5" />
		<Keyword Index="AssetId" Term="e4ca2b0c-cbb2-4c52-9023-47e484b991e51033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e4ca2b0c-cbb2-4c52-9023-47e484b991e5" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e605e743-a4cb-416b-becd-c7240d0b0449.xml" RLTitle="Checklist: Deploying an AD RMS Licensing-only Cluster">
		<Attr Name="assetid" Value="e605e743-a4cb-416b-becd-c7240d0b0449" />
		<Keyword Index="AssetId" Term="e605e743-a4cb-416b-becd-c7240d0b0449" />
		<Keyword Index="AssetId" Term="e605e743-a4cb-416b-becd-c7240d0b04491033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e605e743-a4cb-416b-becd-c7240d0b0449" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e8aad84e-0be9-444a-a460-a4d40f4d2c0f.xml" RLTitle="Trust Policies - Federated Identity Support - Federated Identity Support Results Pane">
		<Attr Name="assetid" Value="e8aad84e-0be9-444a-a460-a4d40f4d2c0f" />
		<Keyword Index="AssetId" Term="e8aad84e-0be9-444a-a460-a4d40f4d2c0f" />
		<Keyword Index="AssetId" Term="e8aad84e-0be9-444a-a460-a4d40f4d2c0f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e8aad84e-0be9-444a-a460-a4d40f4d2c0f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e95fea7b-b901-4fef-827e-9901abd58e1a.xml" RLTitle="Exclusion Policies - Exclusion Policies Results Pane">
		<Attr Name="assetid" Value="e95fea7b-b901-4fef-827e-9901abd58e1a" />
		<Keyword Index="AssetId" Term="e95fea7b-b901-4fef-827e-9901abd58e1a" />
		<Keyword Index="AssetId" Term="e95fea7b-b901-4fef-827e-9901abd58e1a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e95fea7b-b901-4fef-827e-9901abd58e1a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ea711929-0b07-4098-8738-89ef537c26e7.xml" RLTitle="Understanding AD RMS Across Forests">
		<Attr Name="assetid" Value="ea711929-0b07-4098-8738-89ef537c26e7" />
		<Keyword Index="AssetId" Term="ea711929-0b07-4098-8738-89ef537c26e7" />
		<Keyword Index="AssetId" Term="ea711929-0b07-4098-8738-89ef537c26e71033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ea711929-0b07-4098-8738-89ef537c26e7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\eae75c44-0844-4756-b560-cbe96825b2de.xml" RLTitle="Cluster - Cluster Properties - Logging Tab">
		<Attr Name="assetid" Value="eae75c44-0844-4756-b560-cbe96825b2de" />
		<Keyword Index="AssetId" Term="eae75c44-0844-4756-b560-cbe96825b2de" />
		<Keyword Index="AssetId" Term="eae75c44-0844-4756-b560-cbe96825b2de1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="eae75c44-0844-4756-b560-cbe96825b2de" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\edab589f-74ea-48d5-a55a-7cb18a65f066.xml" RLTitle="AD RMS Client Service Discovery">
		<Attr Name="assetid" Value="edab589f-74ea-48d5-a55a-7cb18a65f066" />
		<Keyword Index="AssetId" Term="edab589f-74ea-48d5-a55a-7cb18a65f066" />
		<Keyword Index="AssetId" Term="edab589f-74ea-48d5-a55a-7cb18a65f0661033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="edab589f-74ea-48d5-a55a-7cb18a65f066" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f04cf1fc-d07b-481e-a433-cf8e93ab64ba.xml" RLTitle="Understanding AD RMS Trust Policies">
		<Attr Name="assetid" Value="f04cf1fc-d07b-481e-a433-cf8e93ab64ba" />
		<Keyword Index="AssetId" Term="f04cf1fc-d07b-481e-a433-cf8e93ab64ba" />
		<Keyword Index="AssetId" Term="f04cf1fc-d07b-481e-a433-cf8e93ab64ba1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f04cf1fc-d07b-481e-a433-cf8e93ab64ba" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f1f3f842-b742-49a7-8724-04706368fcac.xml" RLTitle="Configuring AD RMS Across Forests">
		<Attr Name="assetid" Value="f1f3f842-b742-49a7-8724-04706368fcac" />
		<Keyword Index="AssetId" Term="f1f3f842-b742-49a7-8724-04706368fcac" />
		<Keyword Index="AssetId" Term="f1f3f842-b742-49a7-8724-04706368fcac1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f1f3f842-b742-49a7-8724-04706368fcac" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f43dcb03-6e23-491a-87b0-67d541575923.xml" RLTitle="Export a Trusted User Domain">
		<Attr Name="assetid" Value="f43dcb03-6e23-491a-87b0-67d541575923" />
		<Keyword Index="AssetId" Term="f43dcb03-6e23-491a-87b0-67d541575923" />
		<Keyword Index="AssetId" Term="f43dcb03-6e23-491a-87b0-67d5415759231033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f43dcb03-6e23-491a-87b0-67d541575923" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f54901bb-20de-4103-b72b-a74f8e4e0054.xml" RLTitle="Trust Policies - Trusted Publishing Domains - Trusted Publishing Domains Results Pane">
		<Attr Name="assetid" Value="f54901bb-20de-4103-b72b-a74f8e4e0054" />
		<Keyword Index="AssetId" Term="f54901bb-20de-4103-b72b-a74f8e4e0054" />
		<Keyword Index="AssetId" Term="f54901bb-20de-4103-b72b-a74f8e4e00541033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f54901bb-20de-4103-b72b-a74f8e4e0054" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f80253cf-2112-4b7d-8e97-509e49a9345a.xml" RLTitle="Active Directory Rights Management Services">
		<Attr Name="assetid" Value="f80253cf-2112-4b7d-8e97-509e49a9345a" />
		<Keyword Index="AssetId" Term="f80253cf-2112-4b7d-8e97-509e49a9345a" />
		<Keyword Index="AssetId" Term="f80253cf-2112-4b7d-8e97-509e49a9345a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f80253cf-2112-4b7d-8e97-509e49a9345a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\fab65ea2-4ad4-4d95-82d5-f7a25a08287a.xml" RLTitle="View a Summary of User Rights for a Rights Policy Template">
		<Attr Name="assetid" Value="fab65ea2-4ad4-4d95-82d5-f7a25a08287a" />
		<Keyword Index="AssetId" Term="fab65ea2-4ad4-4d95-82d5-f7a25a08287a" />
		<Keyword Index="AssetId" Term="fab65ea2-4ad4-4d95-82d5-f7a25a08287a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="fab65ea2-4ad4-4d95-82d5-f7a25a08287a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\fd887192-681a-4ebc-a42d-a6be77f75dd4.xml" RLTitle="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add User Rights Page">
		<Attr Name="assetid" Value="fd887192-681a-4ebc-a42d-a6be77f75dd4" />
		<Keyword Index="AssetId" Term="fd887192-681a-4ebc-a42d-a6be77f75dd4" />
		<Keyword Index="AssetId" Term="fd887192-681a-4ebc-a42d-a6be77f75dd41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="fd887192-681a-4ebc-a42d-a6be77f75dd4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\fef73389-43c8-4b45-bf48-4e1682d89838.xml" RLTitle="Configure Windows Firewall">
		<Attr Name="assetid" Value="fef73389-43c8-4b45-bf48-4e1682d89838" />
		<Keyword Index="AssetId" Term="fef73389-43c8-4b45-bf48-4e1682d89838" />
		<Keyword Index="AssetId" Term="fef73389-43c8-4b45-bf48-4e1682d898381033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="Description" Value="Product help for Active Directory Rights Management Services" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1717" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="fef73389-43c8-4b45-bf48-4e1682d89838" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="rms_help_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
	<HelpTOCNode Url="mshelp://windows/?tocid=864f370f-3745-4d82-b03e-953c19edd440" Title="">
		<HelpTOCNode Url="mshelp://windows/?id=f80253cf-2112-4b7d-8e97-509e49a9345a" Title="Active Directory Rights Management Services">
			<HelpTOCNode Url="mshelp://windows/?id=74272acc-0f2d-4dc2-876f-15b156a0b4e0" Title="Active Directory Rights Management Services Overview" />
			<HelpTOCNode Url="mshelp://windows/?id=878e9550-5966-40f3-862c-7ea309ddb0ed" Title="Pre-installation Information for Active Directory Rights Management Services" />
			<HelpTOCNode Url="mshelp://windows/?id=4f757264-290e-4661-ba07-83912325efbd" Title="Checklist: Deploying a Single-Server Installation" />
			<HelpTOCNode Url="mshelp://windows/?id=74aa74aa-8e3d-4cb5-9dcc-a561ce0cf4ea" Title="Checklist: Deploying AD RMS in an Extranet" />
			<HelpTOCNode Url="mshelp://windows/?id=1f1d0032-1e8c-4e5a-b438-cfa01fe82228" Title="Checklist: Deploying AD RMS in an Organization with Users in Multiple Forests" />
			<HelpTOCNode Url="mshelp://windows/?id=e605e743-a4cb-416b-becd-c7240d0b0449" Title="Checklist: Deploying an AD RMS Licensing-only Cluster" />
			<HelpTOCNode Url="mshelp://windows/?id=05c98626-7880-44e7-821f-753bd88526ca" Title="Checklist: Deploying AD RMS with AD FS" />
			<HelpTOCNode Url="mshelp://windows/?id=3f1d6d09-4e85-4ad9-83ff-a8720b5441d6" Title="Installing an AD RMS Cluster">
				<HelpTOCNode Url="mshelp://windows/?id=390c4d53-2a07-4207-af9a-401f916a9328" Title="Understanding AD RMS Clusters" />
				<HelpTOCNode Url="mshelp://windows/?id=db312fba-7c19-4eae-b3b9-18c5d41cc011" Title="Understanding AD RMS Key Protection and Storage" />
				<HelpTOCNode Url="mshelp://windows/?id=24ae01a6-a2c2-4f29-b16b-528565a83644" Title="Install AD RMS Server Role" />
				<HelpTOCNode Url="mshelp://windows/?id=b8c24098-9f3b-4ba1-a34c-21e9308814c2" Title="Upgrade to AD RMS" />
				<HelpTOCNode Url="mshelp://windows/?id=1bc393b9-5ce9-4950-acae-63a463ccfc36" Title="Join an AD RMS Server to an Existing Cluster" />
				<HelpTOCNode Url="mshelp://windows/?id=9145546f-a8ef-45b3-ab98-3e2c8bc1ef33" Title="Administer AD RMS by Using the Active Directory Rights Management Services console" />
				<HelpTOCNode Url="mshelp://windows/?id=e4ca2b0c-cbb2-4c52-9023-47e484b991e5" Title="Change AD RMS Proxy Settings" />
				<HelpTOCNode Url="mshelp://windows/?id=ae03d1a8-dd14-4750-ae4e-679dad59c8fc" Title="Add an Extranet Cluster URL" />
				<HelpTOCNode Url="mshelp://windows/?id=2a37646d-7011-40dd-a503-7cfdab162764" Title="Register a Service Connection Point" />
				<HelpTOCNode Url="mshelp://windows/?id=fef73389-43c8-4b45-bf48-4e1682d89838" Title="Configure Windows Firewall" />
				<HelpTOCNode Url="mshelp://windows/?id=ac2ec246-dd17-4c72-bf55-8a0c13efac4f" Title="Check the Password Policy for Your Organization" />
				<HelpTOCNode Url="mshelp://windows/?id=a928c435-77a8-49fe-b08e-bfdc6bcc1fa7" Title="Import an SSL Certificate Using Internet Information Services (IIS) Manager" />
				<HelpTOCNode Url="mshelp://windows/?id=636a447d-35f0-4e6f-a8b2-0a1bf279d1de" Title="Enable support for Kerberos authentication" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=73829489-45f1-415b-90ab-061a263d1ef6" Title="Configuring an AD RMS Cluster">
				<HelpTOCNode Url="mshelp://windows/?id=5eb527a9-34d8-464f-9735-e7dcd2613ffc" Title="Administering Certificates">
					<HelpTOCNode Url="mshelp://windows/?id=58dedefe-49d0-4b2e-b673-bfaa513fc70e" Title="Understanding AD RMS Certificates" />
					<HelpTOCNode Url="mshelp://windows/?id=be7de4f2-7bc1-4704-a046-1a24623b5d7a" Title="Export the Server Licensor Certificate" />
					<HelpTOCNode Url="mshelp://windows/?id=c8b196f6-6099-4f20-bf85-5fd3d2faa31e" Title="Specify the Rights Account Certificate Validity Duration" />
					<HelpTOCNode Url="mshelp://windows/?id=a7cca614-3146-437e-be39-0f8b8952b491" Title="Enable Certification of Mobile Devices" />
					<HelpTOCNode Url="mshelp://windows/?id=7cbdc6af-bd44-44ee-ae26-0d71318c9796" Title="Enable Certification of Server Services" />
					<HelpTOCNode Url="mshelp://windows/?id=bd8266b9-ea5c-48d9-b1b2-0577154f7c9c" Title="Authenticate Clients Using Smart Cards" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=5141e060-08ac-4874-98bc-c493658c4c8f" Title="Enabling Exclusion Policies">
					<HelpTOCNode Url="mshelp://windows/?id=3a612201-7302-419b-86b2-3bde6d448d4e" Title="Understanding AD RMS Exclusion Policies" />
					<HelpTOCNode Url="mshelp://windows/?id=a21692e9-ce39-4fbb-90a3-11d676d5633e" Title="Exclude Users" />
					<HelpTOCNode Url="mshelp://windows/?id=be22c109-968b-4635-a24d-050a25d4afee" Title="Exclude Applications" />
					<HelpTOCNode Url="mshelp://windows/?id=9a944ab7-f0d9-4224-97c6-b2543f537827" Title="Exclude Lockbox Versions" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=67d89efe-28f6-422e-b0e3-e85da40a04f0" Title="Establishing Trust Policies">
					<HelpTOCNode Url="mshelp://windows/?id=f04cf1fc-d07b-481e-a433-cf8e93ab64ba" Title="Understanding AD RMS Trust Policies" />
					<HelpTOCNode Url="mshelp://windows/?id=c941ad6b-6184-4859-bd79-dc6d309a5109" Title="Configure Federated Identity Support Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=59c802d0-3982-432c-b06f-3e148dca0166" Title="Add a Trusted User Domain" />
					<HelpTOCNode Url="mshelp://windows/?id=f43dcb03-6e23-491a-87b0-67d541575923" Title="Export a Trusted User Domain" />
					<HelpTOCNode Url="mshelp://windows/?id=71209d16-9e76-4bcf-8276-5e60ed8a4cef" Title="Add a Trusted Publishing Domain" />
					<HelpTOCNode Url="mshelp://windows/?id=930d4692-3345-423c-99ac-63d21b12d94d" Title="Export a Trusted Publishing Domain" />
					<HelpTOCNode Url="mshelp://windows/?id=07567fd0-68bf-4f59-9916-b8cafacaf04e" Title="Use Windows Live ID to Establish RACs for Users" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=8dba2e7f-700d-41b1-88a4-7489a6999e7b" Title="Managing the AD RMS databases">
					<HelpTOCNode Url="mshelp://windows/?id=838c46d3-e87a-445f-9ed5-9ba515f7ead2" Title="Understanding the AD RMS Databases" />
					<HelpTOCNode Url="mshelp://windows/?id=cdcd00de-abfb-43e9-a247-a462d7b65c54" Title="Turn on or Turn off Logging" />
					<HelpTOCNode Url="mshelp://windows/?id=b67a40b0-f954-4f55-a047-f82dd62be796" Title="Monitor the AD RMS Message Queue" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=5d3a2ead-319e-49e7-a1b4-e3f69a1a4f1b" Title="Configuring Accounts">
					<HelpTOCNode Url="mshelp://windows/?id=2eecbdb1-9e09-4a46-bf34-3a2978313461" Title="Understanding AD RMS User Accounts" />
					<HelpTOCNode Url="mshelp://windows/?id=9210fa30-ce12-468a-9f16-506868e2aa4b" Title="Add Users to AD RMS Administrative Groups" />
					<HelpTOCNode Url="mshelp://windows/?id=50714cdb-7e30-4844-a2f0-55ef651eef7a" Title="Set up a Super Users Group" />
					<HelpTOCNode Url="mshelp://windows/?id=55a69f4b-da6d-40b5-8673-17fa2fce6e7a" Title="Reset the AD RMS Cluster Key Password" />
					<HelpTOCNode Url="mshelp://windows/?id=6ba05e2b-1b49-45c4-9138-6fd9d93ec142" Title="Change the AD RMS Service Account" />
					<HelpTOCNode Url="mshelp://windows/?id=a171a2ed-a357-4d88-ad4e-e447961bc632" Title="Specify the Administrative Contact" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=a42680fa-2855-40d9-8e2c-74f72793ca24" Title="Configuring Rights Policy Templates">
					<HelpTOCNode Url="mshelp://windows/?id=6257f49a-bf8d-4d90-ad04-0918d400068d" Title="Understanding Rights Policy Templates" />
					<HelpTOCNode Url="mshelp://windows/?id=59ebced7-b364-4dcb-bf96-7a0fade8629c" Title="Understanding Rights Enforcement" />
					<HelpTOCNode Url="mshelp://windows/?id=8f3d1dbf-efd9-4055-b2b6-747e6b0bb3b8" Title="Specify the Location of Rights Policy Templates" />
					<HelpTOCNode Url="mshelp://windows/?id=5c3e4dfa-acf1-4497-b57e-327e5be2b2b4" Title="Create a New Rights Policy Template" />
					<HelpTOCNode Url="mshelp://windows/?id=5e480c64-e052-4408-bd1c-716df14b2355" Title="Edit a Rights Policy Template" />
					<HelpTOCNode Url="mshelp://windows/?id=fab65ea2-4ad4-4d95-82d5-f7a25a08287a" Title="View a Summary of User Rights for a Rights Policy Template" />
					<HelpTOCNode Url="mshelp://windows/?id=12db6560-7522-42e4-a98f-8f867c953635" Title="Archive a Rights Policy Template" />
					<HelpTOCNode Url="mshelp://windows/?id=8028ae92-8397-4da3-b4be-5f04ec2532b5" Title="Delete a Rights Policy Template" />
					<HelpTOCNode Url="mshelp://windows/?id=3dea486b-7d3d-4ac7-89d7-da012951f312" Title="Add New Language to Rights Policy Template" />
					<HelpTOCNode Url="mshelp://windows/?id=8dbdc471-ca9f-4c31-9c36-5e5689b3f282" Title="Deploy Rights Policy Templates Through Group Policy" />
					<HelpTOCNode Url="mshelp://windows/?id=47c051ea-c776-4a56-ad5c-ec61ed139a17" Title="Deploy Rights Policy Templates Manually" />
					<HelpTOCNode Url="mshelp://windows/?id=2e08964c-fd34-4746-938b-672315aacf48" Title="Restore Rights Policy Templates" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=f1f3f842-b742-49a7-8724-04706368fcac" Title="Configuring AD RMS Across Forests">
					<HelpTOCNode Url="mshelp://windows/?id=ea711929-0b07-4098-8738-89ef537c26e7" Title="Understanding AD RMS Across Forests" />
					<HelpTOCNode Url="mshelp://windows/?id=c64715bc-3d85-47b2-b543-5b97640303b3" Title="Configure the Access Control List on the GroupExpansion Folder" />
				</HelpTOCNode>
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=ae904fc1-9a96-4dec-adf8-43aa8c3b89f0" Title="Removing an AD RMS Cluster">
				<HelpTOCNode Url="mshelp://windows/?id=e46ee7dd-5acf-45db-b426-101fd6fa958b" Title="Decommission AD RMS" />
				<HelpTOCNode Url="mshelp://windows/?id=786d0acf-6dab-417d-ae39-91450083ddfa" Title="Remove the AD RMS Server Role" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=3230bca4-51cb-418f-86ba-bb6539385418" Title="Working with the AD RMS Client">
				<HelpTOCNode Url="mshelp://windows/?id=90411fff-1651-43df-8b41-ea16b62da222" Title="Install the AD RMS Client on Earlier Versions of Windows" />
				<HelpTOCNode Url="mshelp://windows/?id=edab589f-74ea-48d5-a55a-7cb18a65f066" Title="AD RMS Client Service Discovery" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=789533a5-50c5-435d-b06a-37db0ab5666e" Title="Resources for AD RMS" />
			<HelpTOCNode Url="mshelp://windows/?id=965c27f8-52cf-442f-9f95-dfbd7782fe8e" Title="User Interface: AD RMS">
				<HelpTOCNode Url="mshelp://windows/?id=cf19efcd-db3d-4468-8d3c-f6bbb8918133" Title="Add Cluster - Add Cluster Wizard" />
				<HelpTOCNode Url="mshelp://windows/?id=6072f26a-2e7a-4926-bf67-f6915cccfa9e" Title="Cluster - AD RMS Server Cluster Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=9905aecd-a764-4c29-a49e-0a53fbff85c3" Title="Cluster - Change AD RMS Service Account Wizard" />
				<HelpTOCNode Url="mshelp://windows/?id=aa344ab6-67e5-4fd4-af95-153e7e0b2546" Title="Cluster - Cluster Properties - General Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=568c8990-6120-4c3c-80d8-e7c37a784b94" Title="Cluster - Cluster Properties - Cluster URLs Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=a9ea1ac8-d183-46fe-9188-dff5d0b3b4b4" Title="Cluster - Cluster Properties - AD RMS Servers Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=a7b8252b-454a-42d6-bed7-46e4459eafb4" Title="Cluster - Cluster Properties - Server Certificate Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=4ceca4d5-3df2-4d36-ac68-461b7a34c716" Title="Cluster - Cluster Properties - Proxy Settings Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=eae75c44-0844-4756-b560-cbe96825b2de" Title="Cluster - Cluster Properties - Logging Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=40786655-0f0a-4c11-9b21-131171917a93" Title="Cluster - Cluster Properties - SCP Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=53f02768-c99c-4188-b2c2-6ccd3c7c6889" Title="Trust Policies - Trust Policies Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=74358772-bba0-4390-b83e-0e6aab08619c" Title="Trust Policies - Trusted User Domains - Trusted User Domains Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=59b8176f-ec11-494a-aa10-cb0e71b58ee9" Title="Trust Policies - Trusted User Domains - Trusted User Domain Certificate" />
				<HelpTOCNode Url="mshelp://windows/?id=10fd534d-18d4-46a9-9647-e50d4f95b464" Title="Trust Policies - Trusted User Domains - Trusted User Domain Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=cb1c69b1-78a9-47a6-a19f-14b97f2a0fdd" Title="Trust Policies - Trusted User Domains - Import Trusted User Domain Wizard" />
				<HelpTOCNode Url="mshelp://windows/?id=f54901bb-20de-4103-b72b-a74f8e4e0054" Title="Trust Policies - Trusted Publishing Domains - Trusted Publishing Domains Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=c988e887-9d69-49eb-85aa-c53cf4504090" Title="Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Certificate" />
				<HelpTOCNode Url="mshelp://windows/?id=154f79e2-7107-4138-b87b-2622ed879366" Title="Trust Policies - Trusted Publishing Domains - Trusted Publishing Domain Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=55a8adca-ccd6-41c8-a5e2-9a95926623da" Title="Trust Policies - Trusted Publishing Domains - Import Trusted Publishing Domain Wizard" />
				<HelpTOCNode Url="mshelp://windows/?id=8e9c43b0-a215-467a-877f-9b75419dd817" Title="Trust Policies - Trusted Publishing Domains - Export Trusted Publishing Domain Wizard" />
				<HelpTOCNode Url="mshelp://windows/?id=e8aad84e-0be9-444a-a460-a4d40f4d2c0f" Title="Trust Policies - Federated Identity Support - Federated Identity Support Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=01719c3d-d9f3-4f00-a64e-227b66e13ed6" Title="Trust Policies - Federated Identity Support - Federated Identity Support Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=3df6f6bc-5bdf-41b8-adaf-77b5d83f0b9d" Title="Rights Policy Templates - Rights Policy Templates Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=454ebdbb-6048-4fc3-a011-3fbed9d3d0e2" Title="Rights Policy Templates - Rights Policy Templates Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=97c4a2bc-3885-4523-8b67-16e748d4dce8" Title="Rights Policy Templates - Template" />
				<HelpTOCNode Url="mshelp://windows/?id=9bb3ab14-5e36-4d4e-bb5a-a4d3078f8784" Title="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add Template Identification Page" />
				<HelpTOCNode Url="mshelp://windows/?id=fd887192-681a-4ebc-a42d-a6be77f75dd4" Title="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Add User Rights Page" />
				<HelpTOCNode Url="mshelp://windows/?id=3a6165d2-252b-4407-b62b-75373f274b98" Title="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Rights Policy Template - Specify Expiration Policy Page" />
				<HelpTOCNode Url="mshelp://windows/?id=97764943-7cfc-423f-aec4-864e2dfdb630" Title="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Extended Policy Page" />
				<HelpTOCNode Url="mshelp://windows/?id=c60ace22-c18e-4f88-9cd4-d82f6ca7e455" Title="Rights Policy Templates - Create Distributed Rights Policy Template Wizard - Specify Revocation Policy Page" />
				<HelpTOCNode Url="mshelp://windows/?id=ba01e655-6a5f-4e6d-881d-4dca57859302" Title="Rights Account Certificate Policies - Rights Account Certificate Policies Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=1377e645-ba16-4b00-aba3-3682bc276998" Title="Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Standard RAC Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=5c2b2b25-76b4-4ada-9d7b-4ef7a713b686" Title="Rights Account Certificate Policies - Rights Account Certificate Policies Properties - Temporary RAC Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=e95fea7b-b901-4fef-827e-9901abd58e1a" Title="Exclusion Policies - Exclusion Policies Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=7a14d648-8c0c-4579-a60d-7cf15d2137a5" Title="Exclusion Policies - Users - User Exclusion Policies Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=07780424-56b3-4032-932a-36aa3c6b8cbc" Title="Exclusion Policies - Users - Exclude User Wizard" />
				<HelpTOCNode Url="mshelp://windows/?id=d2fb938f-c13e-4293-b9df-245b63b6079f" Title="Exclusion Policies - Applications - Application Exclusion Policies Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=973f6f34-e1e6-455d-b041-06f0970c6dcb" Title="Exclusion Policies - Applications - Exclude Application Wizard" />
				<HelpTOCNode Url="mshelp://windows/?id=9fa2a030-7051-474d-bd71-da6482f9eb10" Title="Exclusion Policies - Applications - Excluded Application Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=930fc9f6-bfd1-4ceb-8eec-7c40c29a4339" Title="Exclusion Policies - Applications - Excluded Application Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=71ae6d8f-1b18-402d-bc08-aeef8d097a8e" Title="Exclusion Policies - Lockbox - Lockbox Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=a8134792-3c67-4582-bf61-fe6d2e09ac84" Title="Exclusion Policies - Lockbox - Lockbox Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=8144f0e6-4968-4d3f-8af9-df23213786bf" Title="Security Policies - Security Policies Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=02d8d05b-003e-451e-aa07-f5b47f23f589" Title="Security Policies - Super Users - Super Users Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=cfa7254d-eca7-4238-8a5f-c138d92be441" Title="Security Policies - Super Users - Super Users Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=c89f8c53-a265-4214-9c94-64159759fa5e" Title="Security Policies - Cluster Key Password Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=9060ef8e-8367-4d23-abaf-6bfeec7fced7" Title="Security Policies - Cluster Key Password - Cluster Key Password Properties" />
				<HelpTOCNode Url="mshelp://windows/?id=aa50cfaf-7f3a-4ca3-8dab-2143433f3a4f" Title="Security Policies - Decommissioning Results Pane" />
				<HelpTOCNode Url="mshelp://windows/?id=8fb70322-3964-4493-99c0-fbfea30d66b6" Title="Reports - Reports Results Pane" />
			</HelpTOCNode>
		</HelpTOCNode>
	</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> }uUP!7VG{?`ݺn#\KHḄT$RTDKH7<;40>:yGBb8h!6,r?LAB6A.hTV	@T.0b.H/>zc„j>3Ȁ:͎R/L<G[Uԣ:|{?z]|G[aNYilr	.V!esx]m9|,>pjlllrEv;}in8g>wg{wiww9+^N;/atsN3];ts٫L6N?oN_z6.MXC\~c`߹%~aV{wgɦx9|9{Vu|_y⼲ݰk];V
8{ָg\N];4l;Μf.wihWY-ANMo!w`ß/i5_^f;_;n#r
wo$`g/t/΍mm99gFywѽ<SUv_TW_r\9#ts/W	ru90y9ne.sN]=:y0{n5v㽣/};?ak95O{w6`VM9uο9_-a\oeku._ro=98ow`ܻw;@yzawsr9;ZrY}%/9=m9?N3\g:w4彳N/\=_N!zrxsir]t9'rt9}LwHIJsr9Wү947[Nwi˶xsq|P9Ny1Zr3rz\9k4xsxsu9ms;r3K./:r{9崳o[Nu9ynxߗ#.9YsN{];943/i٪u=,7/Hr[ߨ':t7o+-sgN}#}~պo_<-M~t+?ugb?Y{{2in@Shixx7~y';-w'?yީ^ލw~yکVf~k"2A)<WWyWfen{fy\_vҏpox.է.pݗs]lfb[}زޯ'Lq'9~_m\[<-7q
x#c28̿k	ݎ2wN{\{8wD{
'!wtqݞmEt_tEN ?(5.9rjN]M-MNɩS1OfʏmjuW9V_pnwVcֿbv5,w0nz <GZ9ҩ95ׂ1͚+Pnݵ^:zL^6ϱtj^ٛ㛫ƹ=9t};c:wvclcõQcqj_clX=a
׋?CMN<ujϳW믎DwirϣbHtJWnŮ雮銮؊꣮ꊮXvuW\V|uW+ֺ++5׽w˖qޜ=.ﯽ.ǯú_}_}_}u_j=jMՓٍ>=9ګ5Ww5i_ׁ_׃4j7_7kv=qh6=h7Fyp<|C<NAyxm1Z?@?~=A#fz܃:ctY~OL{݃qzcʴi{=A\v{
c:o=~gs~A{x1{h=;H}m/<x;xD?.m>>j~oDxp0Oc[w҇ڬcx}HAӇDP?P<`yA6Z\<ppϛavO)?]sztf_̑ƵѢwknh׫;Gmhw妅cy}搭osvOާU^S:YWnSJ_{]雽N)};aW})w)}=SJ_{eמS;EJ_vO龁+OWSJ_%|m[N)}S">S_wJOO龋ˍOO龏OW}%)N>S_wJ[OSoZ>S;̧J_wO龙W5)}w}9);})o;;)}_xJO)}S%<ܔ>So<5)}WSE<_xJO)}<e[O})<WM)}ߺ}J=O}))o<yJ{O}W)o>S_yJ黭OO}9)ok7O}=)J}[+)IJ}])
k+

++

++

++

++

++

++

++

++

++

++

++

++

++
-!ԧ!.*0$[\0-.fg
`<[00D"\.
Å!p`0|B\.#É!0T[\0V-.-CaPq`\0vl/Cr`ȶ`0\.I%Cmr`0T\.Y-ar`0\.e3CC{0|\.mCs`0\/qCaۂ(`0^?Ca`H^0CCat`xD]0&.KCat`]0F.S!h @@  @@  @@  @@  @@  @@  @@  @@  @@ ԣrh؁X``XX``XX``XX``XX``XX``XX``XX``XX``XX``XX``XX``XX``XX``XX``XX`ǗzQք!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D>G3m_x>}u_mː?Qۉ8Mf8uS{9YծdVWϯvh}ƱvdkO^Fow_qi.c څhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhhZZhbA $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	A $H	 AH$	S	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aL&	a˜0&L	„0aLd?~c\yp\\pp\\pp\\pp\\pp\\pp\\pp\\pp\\pp\\pp\\pp\ p\\pp\\pp\\pp\\pp\\pp\\pp\OFr-73=]m[y.W=$~
d

**

**

**
y*
j*

**

**

**+
*c*

**
*
bq=ΊPATATPPATC^*]:5ATPPATATPPATATPPATATPPA<T!nC;<x a@B@7 a5$P<xCE9~< oD<0}n_ߓ.T`><`}ya5yݐyLtnnN"(((((((((((((((((((((((((((((((((((Cgggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggz^/"N((A((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((+P%&|vvvvvvvvvvvvvvvvvvvvvvvvW}5(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((+%ȟ)ϪLyPTS
T=PA7TP;vPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;>:qzQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEE)zEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQRIEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQE~EQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEU(((((((((((((((((((((((((((((((((-wEQEU۔s.[v^IIwrtEOqi^mo^v8/uw)
ٟ_?72_Mבv]z;|K8OO6wve?Ӫ_w0~__}?a!Y~?~GUr[_<j_8?fn|w^0qu>Kו (I*2NZU332]fk[ܱQ64kerhBf}y9w}7y!zgg%bҞuH3S^ܤ*5#%v_i"JT1hK{RW9vu*{f" U=	LQ+6܍`O~~\=m?51ʍa<~BNUAH eiRǍ@	XξPy!?tuA#-O_HBTۉ}tp?iцTW(KiV̌aTa&esĢh;6R=o9u׶6O_"f)M~"T/h-#BD`W=JM3Qt1)5N2.|-p6U=,9'L_pCvZ90Ӎaᮮgr5IS8KPݩlQ#jv]dx~	8]c97fCw3߹H@w'GiJlYCH9ڍ9H4-(w@2opDٻ#Qf_?qZ=Lm»yJ{隖5/ÝH	lO"5='uY
濫Enzox?"b<p6EB;H}bJ@}bJsUhf}v4(:m;?TL%Q&:47COFU"Te>bq[{N^g(kyxQw~	l_Sd3x"1$saFJ;m{QDl(i>~dd
$:GcdZp|a3$Gӑ7N^Ey[&= M,aU_\fHM\	"+h+Yha]AՐnCZ"tzkO4ݰ֓RŲDN?~zVAZ~#?;%#VoHH{gIM_`'<R^:]W/zŽ(S{>oڠE;'anW:im/6c(VzX֭YdHh$`>H|h4ۓpo>:Itt;6CjԪP24H]+wI>潘SFq~kA]wMIk;~z70kͭBUʍ>ZVib`PY2cDwJx_Ĉ i%1}UK1`	Pɖ[ј,
|YJHpU%t^KE
"W Uʌkb/&*C]Ԅ-o0U[h`%kP4/wGWDO@f`/߅f(@,:&{.HwhEQ0
|*LF4.,oGR/`^Mw)zeP5[ĨfqJgR
pb`jbINtNfY?bapFVi
8ژ5RnYqj-1b.
\Z+Mw-"]?ē7M*Lج+NHˠ
ХY1d:h^VM-W<\t֏$@9;"
fpcՅ oZ+Gu܊XOJҟa&k
^l	Vw;tUCiCǨ627	[)`W]WY:v.r%/Nƶcdզ
%,\5jVatvр5'[2q=iEApXwl#y%ha(1Ѳ[Mc	H|ĩTPY~Ks>/Z]x+JI1S?a9~Sj+l(L!rZ;>:(uzY6ki.
45HtoDZPI1{>`*fgF0GYm߅SZYܤA#b0.pߔJ#Je=Ty+0Ykر k$4saVm"b]&F>ZGq͹VF"fWg&߉\9
<@0OnwoڢZZq'5U%d}'Hpe-ئ:y9I<GUN.ĵ~yxS*VllS	I;t4Hx,QjJلCؤn<6i "$Jk-I~"%&Qԃ(@9
T7^\wL_d	`	1mx{va:bvt/Oo4ep"E0BqPm|&:v[azSvK a'?U%O%eOXR:VSjKAj}j6uկУEiOz|U;'&>ت^\҅Y*É'lCy"n!R`.0-aF2h.8/\_ܒ7e]lai$;HQ>߀jyf-`prؖG;iM0)~y4WKodHy	ߜZ'Rsf/Għv{֋GfVM|1v&>;SN0̫ۻ{G{g0,8I0
Eg4~1/5Y}`cSnuJEiHد!#cp6Ê2`T"iPMa|u޺}т#I2aQK7!|4|'֓#V(xR1<IPCFGT&E!vX	'q7>ܥ9C$y*>vNŌ鶽{f
"'/P|Q=;'ߗ<@v0yW۽oKCǬx͝a*hRfxqvFDn+kJAeh@ޤ2Gkj1DD}&-%kjRaׁ2|r5-_V2C`l'dzsHnnu[ԍƽ7h|UH_^0[$+|1&:<E?"p# *[?vqCexSMU/iB(?翝`7ö#ɟ'8U+˵4#dy',	^_+?
mh?%ً0)O/.d.	)
nCN	/ӹ}|c.wRv'&pB徽ljj9[[h[Y"q7G5(ڗn+m= Cy@zݝ?8nZ_ڂk}z3jV^[7‡۠Mb>ZM)q	LNWQ|6	9o(ˏC|Qx<sEѺ|S~@)W+]hv)yezj7DksƲ%}l3ǙQk~e,`<Kت&&.͛;-xV:z<nFjjc		(8&"\*J9kG1I@*?
1ucPЌ&WFۈLYo+SPܕ
ؿ3iJ4X*;>á)e}cSK@vuoȇuwZp*x0
PL&'pfWdz	sjޡ6쵾g&\u->c/̍B+ƌLq֜@&.Wx<4FS{mAS+][H¢4F͢O drC'ݐjX<(bbCJtր8H"e3b:Hǜ/ͬ:IdA&揑?r/C4jh#kcn{iEeAw|(bl!O<pqCS5	+ qK?/`HZ;Cv;wyEO:M&-L;TPM]̠5f7W)D|5%c*.fBn."
3+iͽ2*kUJcU)R))BXD*Ydt;	<6iwcRFnn{-m4, J椥q]=6Jj[>6Zeu_+Shf%JByir_UZQ.ihbH	A4Ͳ6÷{CDQDCX-_($Sa+H~'H&F/jx"@$O^_OwhqRHܣ&WhYq2l#
zސ|_V~ՙ=AIRlӞ};>F]
Өpn{~.^H1\<񛖽#A}Y.~({~'oެ0YEO|B-9>r)MK^VͲN>BKhx|hx 0> pŋA / uM)jp|n{yjLmFYn\Zu T,
iKiQZ
&Ae%YL+3ͫܖ>3Ś1?sm1!#Ox"YZq)G\|/o~NVn͗AV:ږ^U>^'MZt'!d
tS-X]^
4˴{d^$֠ꈤr3:Ax	pUӍK{A/`{Yp{*Lm$gMgŵNW=uKȜ/\0oB?_@ڍ³v?Ӕu.d1J6Aԏ'Yfʏ,ps2bz'$ْ~wl}}	V{(̦	|V#O*.DZVV\z>+SIj\5cw*:âdfE>q/
mH(fӛ: ٺI`u1F-)ݹdT4|zm4",1)`DbVZFݍUJ⽈|?6Jr-W!M/s+<KcOof؋J>z0"T ll<y\Nl ӈO\`6IHCys˙ז.?`YpA"',c[[;nl/kNc6^*4vV`"Hztۂ2J9
/%28G3~X7
@PsޕC˅
[Fk%HH?mcDʣSv{m|/__gz|!c@pkS=YkZX"i[-SB[wypB%fuN}JaQpBbs 74noߧ~kߖ챃gak:%g\"e~bbu`2ܖ1xūJD<3*%!10l(@ȥ2t/5D9?X([??|g/ o8ڟB\=>Dd_=}l2.$(=]Wc>'7BW8~1%;kYγvkgY;vֵg;kYγvkgY;vֵL1]YU^׀{$?[	M*兜-{j"u{9[
8na,Ygkܨp/O^VRa,@T384zh˯݄|p~k[F5$[k1	XJ>iA
,>5k*MfCm[M9(7-C*,~r|iHɽ`ģ&
mJ汵zhǡt۪֨jImnOg4;jYf8Qɚk0|rʁ΅"I@v1ubg}n+[]"[]eI-Yu{mKs4)M SE	s}5UQϮ7lQE锸3(|^'PPߧc4#ܠ[k<Űe<s`j{~=zeɌ낚`R yl݌%ym*lLii΢>PP"A#ȾFf
SGoS=cKJ߿V#]J-Zq!?w{0$@'}㮭a;	JMm@ޫ$2Ť ihp-!+AQt~f8|":~Jr,
qM0HR0oG1O{X":miB-R;D[La v-C4ϪfǷ4TðQ7$%^pWAaԨo<)|!W}wGDamzK.=.?(܎`G{MydUmK.g4RuQZ7rx`)o'ܠVƙ4Fᄏ1pM츮ćN	cm!9s`1|ߪIwLKм<;(*{5PAon#TElmd[߻9IP;{ij!\َn0A#oͲi+
4z^,D42}^)J7vn]+Qf&ʚM+&/y6F!UYZ=&lJEII/;6pˌѭTyԿ'dVws`ARsuM$1O9B2RC_2٭[<];GsV!(uy	WhF)	̌*n{`xhh_Áw𦫁U ~7z
G;ι8_߬rc+/g=A]67;iX \m'0;Zoů\7fݫӌA6]$Yx=SR?W<?yRF„>\y*˷(_}mݱRが3Tޣn5J2|u6nzӎYe}o3JnUͤ԰+K ɾ>h'ĝ?; o}~_~vُGcO,$9^z,Gu7({s3Kh
+]r|8KsvB48|Xn<~-Ϣ_APyL&z	N9ǹFu0=
9`N~2
5`̭4tܻO5^\RaC|걣֎?猤EoCN*zY_޾3m<T(0Mly@dBƞe儙/(y!41U8\8q}|+m,1` 
78:*ՒvX#`14<*%Pt}Ae%l>sFDlAl5C
%%(wdyTeB&K+<V?'.2#nkJM܍g;ŵ,d6QuS(U(FA<^5"v)̈,t[{8Oh֕}QYdܐDĘ[tד+8
nEVv:2
8PˏI0QP>
2Lb;{uf_9o2^Yǭ;] Ε?+i 2 E&%%4j*!Ss[o6ryG%]"FA/
O8eU¢B6ȮWuNZM1sg7*x13"zzIqW0)S(pҵML>IXEXk\~e9	'[D*)~m:!HniG8N#ulLXgX$Dml91yhoig5A"T?)coX *s >4xlk@в۾lz'mYX|&/kOF?q'׻'nLCsuI1Ka
JA)IU7ȍf #`*pD~ypE57|5*N\	Ld
=pA`K}X6&^l#A_
__oWl5Uq"x-H
q8i`=m[%VG-Sv>6x
=;\+x?6i
`7:~MzN-#TK91]5L+
.h~9q\Q<@ؔ/a}{G#geVn,D۽ͽwTA
R!4/Ex0E\`37sHQRu$%'P	
|Ě²|X2>n}D9 ۤS	PoJQ\M>6j]tJ?; @Ei)cid<^,4Sܸ1Ȗhىn%G. ޸FԝzT|u|¯.un~`S4	6k?s׊	J?E  O҇݃Bu	ϩCfac*nhëPCKbDM<fƻ3sSNRҝϴ*vNz)~td徽&k?BJc	"o 	B	,vVoTasa!{$W98碓Y&NL:7۔j~kG0ehӇnb+A]X`툚Vo_2Yh׼rRns-Gz
`^>-AIKъDӞN-IFSYVQOg3I!S_YS(D47wO[2AWr%Fޛc4LN"
hMI2uh:8O{ѯU4m^'\KqÁ/‹g3wdr1n?$_>/ZrX>.P*9-JׅVy센Þ>_`^@8!
]lX*Jm5r^$@b١=@f9|Y|%LDiv5ĢNaYkOb:$
yЋ1
5	.VA`<;H$4c ^sYIZ ]`@"婵Dh~z9ӌ7M׵䭭gx*خq5jLmoWvul,x@7qSf-S.ʴГ.q0mVvk0>53sEU@%Seo#@̅t,q鑒M4<^
Tl$pig_YUYL:1+bW
)eb!%/sev1yz
=|XE5VE6`Ƌx35uh
:%ԎH;m[f87ǫS
fdm@*1*Tnp{|`LeM74- NtXk;-
Gm(+*5x^3m`&`dT,~(-pLA `?&}koQK(ArXS_)yJ:1<I5&JvUZ7ϩOSoǚcO]L~!ebJ:m7Ñ00@9 ˪+<äKbK\'BJka?׊\*`)G]BQ(_EE'*:Y'?%t[t$_[6"(H;*GqA^u>=$iY gS"1S[k̕_dP%Ѩ	?d,G.JPVl]4QlLT{
&\/+ѧaF5OsA0X_VsKTK&6DEYnf(M>KFm._6O8h$98oȨKd˵fQPG|8~=$/}m^p+8ޠtv(ṒVø媧2jVޏ* /s|5|a^nڛ6RGu--jZa@Ԓ2}hb'UlNt38ݤOmz϶hN(_L4
@r.0_cծwyMzQ򃼐xImVzŒm/yxFS)+q]uouYV"ALNBLesb
b	ieG9usXvV!`Z'I!yUK,ꚁ׳666
JԴ]0c^ }j\_mi/
{ᔙ,'6vW@0FL| Glk4:W)S#}p)"բҲ"22.Es"{b6ql< P44TXBAjIHK<?]Y#XgGқ^  `lW\0a	vpJ7J۾zfwԬ]j_[^D-YN?Uwd֑ŧAPSCFFi{$.C*bE/zw)Nc`	C>+ݑx9UTEW 飡e8۪ܟ_($^ܠԌAј?r.սovJSPm.uۯiy0H_p<y1rQ	̷vuTT+;<>0Gjg)Ž`}7'%ʆt@Օo$I<j,o/kֻmuNqЭEA(W/f9달ʠPmd.4K~iiaEl
(ϕ] <8Z=<:{5? r}d)cDʰ%LA`%afZm,	l:hiŶTH4,%[=$i~B"IA*٩j>6.
v.8O<oN4؍*2vٖ$D"̒,tgBX
JNwэd&IJS8Q-I8Mp~ :_h0K͘C|H!zv}9rWwZ-H|LQT۴O(IWE5}(qfvS
8y>3}7|;
BPL%dxiQ<Q?%8w
D~WvG;iV!:uDymM"[
"{S^xDo#3U44BzF`{C]c.YI\\VGjU	Ғ$[?`q`,)m[`=kXx=Eڈ&nvJ‹nr`+@b!"gM>
*tWwa'~%bLDv=7Upi G	묘
NǓLcV8dWEE]4f*auvx.JɬGIs'oRӉ>5d&ƍS82%܆-,J7}B*kjahzAz^CȜDW[4vv
2>z0~&bn|۶~pp{ۖJ.
4K7Kp&>td
[D"Mѥkf=qDSEʅ8liӴ"0Y)xa-%;1Z53$U2m0:6%n
ݑ'ZH+P*lPsCOp3xC2ng.\grكAY6:WF|UcJ`S^l"udL-B,DY\"!ڊ&۳
[T>q=Νm* |~;kFjiryD5BH*kk$Hj9XC;}.0tܔuq85Ԓyaq}V3'"	mjX	>֣/T=8$ʂPる
Q~GMMG:D&h"Q Z/h"rQܺegӽVʠUx(j5;K9R`[?2@N>3݀껦~l?p0Nvz}2>c^b+-}jOy`,;7YՖ6k@αYqn-	Yt$J\hv{q:tpc<<
cuf&T> s<#)`DY?JC~Du72KfoQԙ԰q\
x֧K]w2hpso6YRMs}8A0MGīI7
y=!JX
702K(:FZVM萃BxlfA:fInq^ciz~},?:NyA܃U
MDI a!ixm4*X,fZVm^:wrne·^^Թ(X
.UB}21B}Rф@8Y
=t{
YvzqFx~=UG%Բ)c|Q	a6gӬb?ߛ8; <[I7i&l?Fl|ƀ>ꥵ]+?h	lP[=ιP2yoq˵uO^	IEOvFűn9/!W)Õq^qB!-/p=Jg?b~u|̀^8fj"5Pb?`+>Pfhe:s|ĉ݊˪l׾S;fpUTes?rJd̋Nnq?HH[dǛU)kܿ[^Md,9mlP:B6R!E^%6F9;.]i5PieF"/%W#04/um[VKy65csػgVCtI;n.	UFZu:$`c+fJ892`
)6(Z{E)V+aD*
:M7	A#`>Zc	r^u݆/3Aj?vݗ@F6"PPCTf2>=HKI2=Ti-v\4G՟Hi>#Ug>bM&|)s\8{53-ec#B&0,}'WI
8:]1?sPVFzc䭓Xׄ>5mjt$#R?/pG5^!6Ĵ1bOɮ )3`odĠ	Y5Lki,Ö\2Q<h5bK<5g{\kz7䘡iȚ>M6!1MZb8aj
وL
LʼnH:򅷼 6j(돳]`p>lr˄!mMeƖȠ*&B6ӱ*56?_]oy\]CZJCF27)&[ōP鼍i;(ԊTK7țȉ@w"yx^vE`4QoIUcxݔz1?(<&40`n "?(yuϲ-vb;,Lz!M>\B.axE2&ftxQ+m;>1ke}Bsw8m9$p[RNF6$9eVN9ꀉҺ}'
/T$ljzi˺U}20yPP.ILf
5J=&]wkO^hEPFS%#ҬyZ^epl!]rp@2eG\Tj#hA{VXulnJ$0hEiJOM¿v!1enӛnGeDݽѷT8N~p9OvV+1XԜsXf$$Y ń.i7I1~mUXtHw:sYnSמG_}5TKMo.f>ym2Q۵hm0D?2ߓ;ڄՂMftlCx0H5O|82中	I$%'F_iҒ!lsW-
) Q:*[C28 ˑ(4:;-UiϼfF<T{"ehMo4FR7	iHyr{\4$Jqo*l_tH	Zf樸V>6.(-TFq3$ڸ@[
k@C(ݚ2|P.nj"ux;q_㥕qeR+tZ36iZ5iq3sW<	>&Mȶn:)mq \KbcLXmm7zO'ir9!ו<	E̢z@pF7DVypEA)x36`ۧShJEGB0DGL h4[p'{=0@Fgn$FSuIg#ECVK˩vN&Lpll^ng~Y1dڭzGe1]:25˜}M,p1Dό/kTAZĜHcU ,_`x<n],J7LܧϖlZW:~'w]0Js6)9vz֗sî4x	uxՌI|l~kSh_+	%,95[KCJWR46Ajy^9-{Gٶƌ_ISQ,cmd#t~GH`q3ڤr(N$rVZC}M;Q^g@ܑQveJRn{0a}Ð<m[Tj0-LP1P!^cΦ??œIAdy]pTG#l[cwmZ~Er^I@VCQA=ն+7fvitf.MD`sAM,ض|fGg\d21<0/;ϖ'e

0%hRr\r!A#I9jC̈́|Q(}~a{˯(pp/	ʫ;D7t)7 `3 O6aGz;,^NmW>jX'.ed<̚3|KcaH<ismh!i6`~c9ʪf @kd])
˚5H*afo%U5֞{2E6E$e0մ픙mYob=:F9ǟoX'ym?sTh同#k3W9RSnJ1vf]HCqّ$(V5kdV3X68@,ifg58r/B?ppP_I}ꪯ{.Hz+W#G5k
v	΂1J,4#tdօKvm(FM::diJA.F43Iَ:GW]|֔Eť`D)u;`>dV[Έ2G>ͳ;V٫!Y95߬Rêx@Ҧ4v~_*U$1	kcNMQQ<2dܕ~p:655<cu[`n(	#;XiAozńWm#EjN~7 4sCl@ؤqLrWqD'O,z5obX&!90u:<YyPGN쾬j{g
{ɭB~ʘxWemH2·%N)3=Ѻ.yv.%2Z/((Jy/[H h&dcVÏ2ЭnUn7ö`̶cىG	Y"Rd@
5NG{&IΌ*}GRMЬ\llrKXH'$GQ.,WAIv$aRWN7QicO%9K7soc<wNt50{k,Q/t0f'8i?opTŶ;LȚ
ˑ)>;MUpBS:)S.`Ck^ldle8s}OɚfAjs8?bMd@`HpKRP@@vF&ۑD0|M]$vAN$M/4',WUL9mZ|7Ƚx8>ILN92e0MBa_&?>Q6|R5|>6PSRCwQ1
ec
MJOFql\hԵz:zȢV%@i9
mar,&BfWt4[9tccQ-b%}gٵۢLS+ksQhÉӔDk@?ĥ96Ep`G&bd(ku¼&=nE=.}hNZWX;Jjrܵ4ZV`ݸsgƮiv,$(c>4;D)6ϝ^iJ%v9l}5BdNS7|dgJk/
O/箮!L)[Q1.=y%ɸHxA#[)DCxZ=JTwAq-ZcQ?T\kӷ'ldFtlEݣڣ,DܓFREɋ,n!?.c%?u9
^YT
X1g-=YIj-<ܦɫV	:p~S:>Q6|yNYh2R>qS!Uv^v`L}Bnc]??URؠ~dn癡\5pC{PUkaKH=|E_|Y{$tw9Y<ưn+0Wĉ(^,As眄pѴNMr/H5bWF{\HQF'6[rg'xƹQ wFM<9]jyTr11ګ\`n9ħʓ@-_/9m]xژ/w1=ҵm5]'״SÒ}rn{V/$3Ly)	>!_@USI*>J"
˙WwOdǤ;ou$Ł=x41"$=C]3 H'!I.	z%ljNf/WQd7%8InPADb,f̥mHWEHnرH)ct,L8PQ.bq/{C![𧋊),VƸ
R&"ji/.0cC	oTI۫uC!#p}}fYWZTy}Qx~KANSߊ`NO	r$ˢ3P1~	2lܿ3TP%-mu=ݾ1u|תg
%[#T.`	,'nsrx5z,|~7TQhTKxSA?]^TM}{
$nr@Y5Ie^YWr^Qʹ6#ޞw:)t9՛#nx\"1)>U
OV]lϝ:3[,f[`ݐ[&Ŀ칖#)Yw݆^^$ܚ_&]S-h(km,iHYݔoE	k}6*{$|W;]ٍ++m0!j7g$uvJ׬3?J%\->V##`LRɴ,@|APO>kx>˶1ƼbQ:Sh )@kUp4zk`WÆ,oe/Ϳegd$3+׌{^icۑc4CL|noc?ȋZ{fks>ZL	Bm	XwǮ7v3{\3v%kz,$Rigx|cӢD-Ƒpݶ
-U?վ7Mƺ0c#܁C=p:}9nOU"3rGh(&EI<Bp^IYO׉^i[/&Jx^07"|5}%/슓`#3HQM?4K䱝,MuQf\s۾(.kfToϺ%;B6XZ%hb(oz5'IcGq^׊.q\"bLrۚıM?ȸӣolʻdwLU$۸`w#q/ڍ(̬&k=L7΃y[V[zhȰx-.^}\o!X}E4{^;9=p9n
zo&-e=	7UZʌЧEWW@ߞ&ҷ X٢-jp1}Ιt
,
n3a蔘ͩ	0"ͅDBa&3_JҿM6mDYt^Hny" Ly{{nwICMBYkm*tFVP!9?$dTuBKRI&B"u~UU$|kp^dɺtF5kKrBl06	EPCݤ
0^1"9➄\dSJ2΅$BL:x5A"֙39
>_-t4cyBJ:WpmR4o1puYMC
Ԛ
El.6ҽii:fUlzR.{!Q;p_0d>|:{y2:Ƶ{y1L$b!sG,9¶/lL^:X$vu\@4&`$mW-55TˆTdssm*mV_+\$7$Wz
jRct4Qe2=u!@']'pi2e^Ur4>IxhC"J$\^~rxeDAal³ɉvũ'UapBctȤS'WD?'gzn@|]H@HM,Q֣xŕymEt%2Mz抗0HG*.1^Ff\`l~s=KQRDPnCpʇ8\a:b6>/&4?_[6LI,Sy"_4^@t<&!,׬QMZ%k@wuj6e8C#=,ZEy^]f{\#W.C+q{5Ӓ\{1vG5BhΘ
p]rƃ2hX*݃Αf㻣:M(h9F?궤bZ<#E8fεqgN۰j6#{=Whl8Ps9{-	.hn/zy_F8RH,D$cY%seH%.U2ހuVC}XB*J.z<8coVi@	Ы
Y.?g@Ŭ]5"zhWa_߳T,rsV8t.:`T3~SI쇵"9~0p1(`]m_Tj!O1DްXxm)g+~-eYk;rHX> `yM3*\L
u-Bi4Y
ƞBp@ȱ#m-e:*n5=y??7N>~\i9ѰΈ\i15८2	^XPO<&&)^H;
\	AynYCDYOkpst oWa[uh{6A)Ũ2ڦ-zfw. b{3s3t~g/
L026AW1Y;4ۨr{>tAPgl_޴!|ډ_}~aQӒX?}
kF^<O3TLbqsx^{_ruw}FЅmugǑ>fQ<.oGiU{g?!~o?{eoOD/r_χdN{Q].'qH
+|cO_!r._}'ڡkHkџ̥?gYֽ-F
^
"	}	gZ$,:׽y=R%cWkJG*)#iט"|OBz+܁p|Tel'vJ#AfTZֺO$DͩTN>Von%)9G ^^NUFAd~M+]
((jAXzd)[+ǬwOE49¬w7Qd
l*	ZulѦYռa`*!mdzEՋpZr"-Ájz"R~wUA
!Z'HþӟMqʞ.ggqzvW].?rjl^W{.=rFL)=ß6=u~BNLEa) aܿO%8mES~8~`~Xk	;PM*!lhɭz3JfpY>~oUB*HYcx=3lxZ;G\WYS%Xu&Yjq	L3J(a*H2choBoK梿	=-C\Ҫ\w։$h'
-:FllȔ/bD9|L
9nWQ3_IOg5	mǼ9s;!ش{/Ql_Ï2Qo6ʻ+Oikhg\FW܍OM>OiR2svce1BUh!{FozIQ+ntY
PrEٛkq B1#XZb0jycu-8kT|l]ZvL%"{PiZbM$Syw[Ƣ fDRu?_Q_63ƕu#O_>brO&zI;S
xLҖa?H:4ʙ@<I|']EkjXFB~G8a=]϶yzNF74>t;~w|^۲K[M{^h&R&DE,(~[PJy_";ꚎaG=r}"Zj_	BM%"xB4,E"Z)*9y3MpҵݒUQ
"td}F"f0OۣԵ[+JWx{}|j<4R
uXpgqՌˑl
T޵۞&Fޠjabkyސw<G2k**V[QDښ5V#-![_vsR&ZdbLZbUѽ+d]ǂ@r˃e):u-70=+ʃh]|'x{[1.Q,MxZs&H1IVLk+7<}RHks.g?Hk~o4i;^~Dϊ`V^Hc
7vuaB0}^cXmp>y;Q<?+sw}Q= k\,B|Pt:G&W4î#Ut&yNfGq2md(->2^"e-a,=n,ҴEyE@iAڐ=%"C7Qgd7~R(#J]b[
0[daFO&[^~h[9Э#1|T1eEGgЬu)&lo\8+XBDTP2Z%uvDJ-3?VGScPS&/QO5_'4ϭ<*d?T1=FѤ3k)/!HU^k2J6X-;TD2ƽ8(=p®Cx4D6لb&}\g=al.m|=BݭH&Q	FEAH4٥T|.}/SvZ箼1ϯdTvY.ݪ!)WL]΁^ӄmʰk-8T{ޭ{I5j=%?a/h9fݯPe+!BMt]o+}E]iay:7#'7˸_GUm@I}HpjWզHLr}wl
OO,gy		o<-I:4/¦EP)TJ$P</	ĀzȽyt:*K͡ zA˜ʽ#JLwyIΎ^;5<YـÜZNqCPWv犆ygS@ZXSDNJs-*RneI$Gֳ`)tqOD<(#?]OYĉq]b\u`5䭼l&xt-{^wMIosfӷt+7aMBx<\as2hQ;6Dit̪⚀0_ڛ:YUW?f8~PS{rx7{8
`Jw
qJ\KiF8}[j(1KXF,[NuA}zL|S'4O2	
eXΒ=I}y"=P*jeD\xX׺aLO$냏af&yr9kbpBևzwByX|O	H{	3u"d^0 #F̚Xw.~-h<<i-6fE*۬ljM51kԚq:k5ȱm.TϦ\`eIT7N6WSh{F6Kt*N)(tB+@T<a7t
9?^xŠ&pqMJH?-glDnJwgؘZ<ETuԱÕ	vChKЛmf%Ť/N-d^̺r7\")HIюh/yI;{_j`ɉϗY.(XA
<Cb\mnTDžfdEMV94~lleCc^b~
E6$,<cEN|s͘ƾ7z
R3N|}El'$B>cn-k}|R.c9ǂK!?@x
suVho3bD([kyTO6lf‹hy4 
K\cYt1šCg%)\bB\[t!٬gZ3nW,("ynβXWZ*)'\两I2;RgxlӀHXn^`|\
f7runqAi1.C7aw)[6W͠,Ҥ,ɳL]ىLX	/Ƶ,xvߚG:kBvݒ?eS]Oj^e~2/?!xsY:IfY!ZU";}sø,r#Е7AP.7h55	D:yِ-X1ȭr	!H5Բ1*ꄒɸ>xB8&ѨqVuEh\cHmn؎H4՚nNaY;w,]wX
z?$ҋ<+' X̢
VIlL3{p@={i9I=_׈?HEcN8is['-Wh'L@	w<ߌߦftdymAyS/Z!jDןhY,X0"uG
KбQR=QR ni
_݊¾]m@P"Մ~<Qe
%B3?ξ¹ߒP`\g.ueF_XV]\o87eշTGY~ylLEǀn6%(GHȽ4tچJۥ,xT;Fr1]Z64廋B?X]yu	.+~jhnYe"+Y#p{,l%HBJilܺ:q5;v_1V%ӷ46@Y\3$<+%Q: 0<WZ";a	y*@g|S7*n~rG(R["JIH`Oz龐LPݯmsŨyA7e,\[sNRLK2<Ө>B
D6:toVk|LeVsۦE$*|;Y+zNL	Q(	eS,sQ	'PQ4E-Byr5(VO,uƳ]^e8FJc>
nŇ%kBߍ].0`yZ˸.9-o|3Xt7d3d#`[EuQi2'Ep
(}Ad<l#(ޢaqo_?ȳzI	,&3AXtbڰqJ֕몈pݖR*V8`y0O%urxOn5d^SkZ[zWf/n<7 ,eP'ڞ-ߦwُye؛ǽ!B:rdK]<&hg<ܫAV\R9Ի"<~]6ި;,hq*xD]-hhdcԱA2iaN܂;	ynALQ|N`E5,@oa^?	%iMh
;^<􁒨přC>g?8RDh}o>^?&֧h	>fU}4q,{(GxeGV87!zsBl߫0-^G?8RĪCOWESi&'jkosjvCT&dvCto-ꖚ@n {(hoK&&]`3flϨ5MAF=+huÈjyޅ,h‹'r5[$+
5)d
@W<;KQX(h:P::Y{~a.NGCMU(1Ӑ1R ؏07T;Zp͔~1('DtZPJIg8N7Jy1Ф咃N_n?VRڙ_R}ݴm-sB6bh[s}וqmFݹF!]Nˤٌg_%q6za2]A8ˮiŬ>7?>f\L$!Y\bw7t:jzUU\ّz,:,6.kZҲ	%qġɻޒ(eCJ,$^m!SL_ќIqߤowr
0Ȇ_Z
01DC8@úo-Q%
59:#(18Vj&GkHIS]}B/aL=P #@z{U\R"CRJ!DnH1ԫўfBzt|-wMxЭ^;SPwlm0HK|GXFڰ@*LJom`L'Y$ߒYwJna,<?J]N,v&C0.$oD^Zn$yb{.Tzsg&%^Ϊ=]ӄwu%N7&	eXa-G'hgw"
(yop3RJ9H2I./b?ie
[!
6v7V
6w
6j5l뢙d*,b`35#m)9C+%ri\Y[7X˸pvO	S<;e*w-f)	
>CS{bbizm&7q7kTtys.q[㗀Js@պPez>^#ms_x!NZU|"8g
6#Z8yn=awVDoǾme;E̿IrzY\
M3* `gP2n¡C|2u-@jemUOXe%XGxumi	:P}u].CS蝫rгep#[:zM;
[+uo(LJ:/k1۔hfCO^Pe`^&lc&ikȬ
FG*nuXkgB\<\*8\{*+ؒ5]PVTژŚ3۲u;I+V8k0 g5Yn`]>
H;0T~,ospǗWɾѦnyK8+*?%aPh"QvpoF'LzV,`ͧ^."/v61]|ddǜ23C6gamd8A.᪼m|nVI""Uuj۞_jrWEQ{yX"e/xCZAnnBM}NsUҒ6@z'QU׿l,^2vRwͼA?4,p^wd'988%	.S#Gͦ1{f[ȉb^8_%^OCL)`㪰)=ZF:Ǵѳ&+6cN+g嬖[F"#I/4̘Zwt,Fl-,VD
fd4P(+$4E&_l7wC\ayc>bZ开zPp=jymf$pꂖ܌Zj'ϓݫ*V,obO1d,7MީtsE+o$ʌl`}9h9]ԗ*³s;LdZ!RU$t֯bˇ4UYAkVƋ4v7źiO`*t<l=YU<rrmŶ;e=R*)WVhW*i>"zz^ӓUt%}H\[oגTKZΎᩤ-ҳjrpttUL'VV鎆kS]JzI_'EtL*gQj@Ӧ#|>Pj`/IRDVӃz*+Y~R2ښR7=ҏT]_O*}5o)yM
1bQzL1	Iu3]^O
UjTv۞)HU$\~`Y5ƥԷ{:pͼo֯Y'MƷn`R4˜/.Jf۟R&KoJ&OԳGu,==i5T)G!-:dVٰi2w/0gʝVUkʆfXRi%]棌oR;j+i[c4=[RlE+(iDĨ%I\̭rxtꑯSe׷KB$3Eʊvk|"Z=3o2ܶ8+FQGW~h䤵~?NyK|]:5yxoW%Ƭc+,uqY#}fٍ\Y+;njŭt~B"x"<ב|c kI;o<
(c|As̆6|{B,W݆ۼ}jTΪԐjh}f<޴nx0]/E3uuA(՞X+8|_:}"X)⑧+ɲ8;`SOp
zZYwR[jĪ❏D@"Ixk-|Tj;A
;/iG05}%M!7OGѕ*cE&Iym+20jnp;#ۏl맓ZmShlnR'*=HȦ. z!*٧xhbc]\KD7H!UO-VRkA[$+Pz+yF:mu4|8c~EߴeYmc`d^I!n&'QdZ,";i<b`GHn$	xiSA;`G*PeOTCM@f[(S{QzWΊC1'Hy|qc1sh1GNދ"tY13;2Bmg#`t[gw8|4ZcCO t7Ͳv1ޥB2ox	1J$xs;ͦ!^]pmX^wv{""hH9̿nVzD;Qw{`2YfM@No92oҼu!3B"uʢIG<؃xݱe>qS%t]R=dlk#Dy{Nln|몃4qSCC:9dmߚtӫנ}s
b#dCWI;q2'K%e`񩲕"}1+#f@oacA+v=Qk凵5UDzWVf8_v`s4l0`3{v2,܊^(b?eKOIf_W_'sgx&I6"65Fgho"5x{gSZ
sA7cd~7dJםp6k:UéU\D'~2s7ѤF58촉h\qӏ&i-iWؒG
s!%<4Whd`CwkalcV;1T8?8ܱ)V|HMO-WVsNL4<ќ†RY C?(&/Nх@h90&MG	(hA3+mY4[=7wÜ`?f78~NZ8h59Q	Uէz㖿uj˧𾟾H_(It%V"2{5W턻	'ޯq-uyo@"+ڰWek|>XԽi&iMV-Gb&Ӱ{Z;Ruݻ͂Ol	j`?է4#Uc h/_O$|OdAꙞ6My~A"_2erR7@ćD믣s~AuTMLi[b(ޕe{bpϩ1놂
l&U*w*i`~
ix__%>E*6ip8`x]EXwgfbJW3i<VXmD#x&Mo2d@^W5fj]عTb%Q6q,hXN4&B1IGt2Nn3͎f{NX *751 p2SZx;_^l99"uG
w0n2p}XrQrUyk[nїq+Amo#mY1%GhRD510dB}by|.OǵWޢ4nTW,^|+7"1;Hы,<:MwEx^']M<߰ej=)MQNx|Z/M9#F,7{(<6
6iֶp#Paf3Ab	xqgguy1蛥9a!<LzSZtˮk?͙$HY[F_pЀJ/,T|{aBR#zKvؓB}b
!\uOP"0pxͤȋ*}gVSO|;@6*h3jH፼$~;EQX*U{N5S#0Np>Ŷ^6RE5\2])/
4Рcz3E3ڸGF~pdcpco-2͚ϙ#Z蓢DrA:u*T0A
RCє{=8TCAmYR?IaT
+
߰(tƹ7‡MIY7x#C7L]/鈻9cwY6n7{D,Az%c6Ajvn 4IEUvJx9Ɖxϭ!>W&8Ȉp}5ŋ&`@Ӌp3w4DEGugwh{}1 >a8eKrF/@j!ʿLp=0רR>ytFY+l+~4.:Zb-%]Oi7oyN>L`W߰E]]M
E6яmsXEw$-]bХ$Koωst7!8Qk6W/<

3Ev
#!].,eS
QP[QhJW,s˫B>"'af
JVS66>I 9R.sɆON14ByZ?[
lX<6誌R%u&[BCDc4Jk7=lGKuJSuevAkfIތ_CvKZL;s{ƛSv^HR@8f/ep渢ĉr*r7l([JIaWsy|Z&7vJUX̄@QaUAaaǛJ-mPdMڎ<VMơ'7[99li!d	qf'S;_wy9@\\~|^|
qm7ehNE([vva"T>s5]ۂ< 6E'Qϋ\'`!SI-*K֖	D׮\
JLu0bq֗=b}ۙ0̣ИEF(:~80vySݙ64Qd;T0dauZ/(|uk
UjW*+yf^:2a'*`Iىvhcav<ӦSӼOorw/s'
NP1~P;f7C4k8NM"b>(|솶u>3,>c7V9#"^+Eî|Zn&oz-$je;g92xxJ>lmqzK$!cQ3`AAQGiu9M%ߠYJޡ6йcjQ@-J梅0gJ;<,ayk|U(4*L~o7o(Ps/*;I
pIл GT[.O6Q"T
O0T/k^as0t/~.FR:ġɱICz꼅6pٗF>"],X7o4LL#{~"N܆i`	 dWM=f5@M"3M=gR@q.geh;ֳ2
Bf_L\&JihU"IP
2~\2F{tYԜzChv#L:7z:+tHx=̿TDžWIWv	9(S³qyƠ9wJ>Ƕw1B>~bej{69AڷFkrxٿF+~29-Fa}DxL+!>EBW qxmBBk	l*vd*?O'ub!ZGoƕMmSmuyRly5JH)a%m[ө̒Tֵ\A:fLت6ݝß
`T6l;:9&kNq>\wg0Ԓ<|2=9P½lFϒc]HLl|7xqݰAKى>}9B*$Օ)SMBA]Ѣr:-3`a(rḳtU,nd*[&gG9=nګ;=j>)ך=MvBOuqsa{SqQ
CZvCZh<f6#eO<7lЮZN,mj:
пV}jn/Mj0Vw7\rsJpVm~eAV5egB2m9aiP_2Io~M8iH*ĤMu;0IoBI^1ʃEwfLr%}_o.04\@D@_Ol2Yn
BVt Vr.-KӫpnP?lvz.>ŢP*[s`$cpmg)`MsǼ\a$̇dF,O=m.r[Fz;IK%	f%nQTVSkMԯ;4c-Ixit7^
[F]Gѽ\>]:>ZV_>I_
X789$HlsSXمz&FCS+:Fmİ
ҙvÊɳcdKǦM0*tŸH] j%*JNHfARK]Mkx<
'.f,%!H´VǐH
j׏ںaѵZ6 \G}t!:ߙqs./+tp>ᅮ7ijQE?tmd63%pSwӨ )Ep93z啄H	Ƚ~Ȍil-mݩf9ZQbꖤK7nBC*C<bPPx$$M~Q?IG."󈚼uk1vM4c¶v%LVjorokEI&[:ŋb7oe[P5^НPNuea9D[=[oa@Hb$ΞnIw퓔!M&Y_OӬ!rXUڐ>yO	?~H_ Cax낣ַ
%#M|}{%xH|#vdv)lo)wEWbHd"vA)5s>|a{?]JlVKʇ)raw8KɫZ
1r6ENmcE$_{0]@[CTQ$j$܂B`rf"aI(XPsulzJ
$Ĵx)SGE5ຘM
IZxB@*֦!t+1qdK
p
aɌ+L0FVaKG%_3`-eㄷ	d46ѐg8
a27P<_*@=~h_' HKb–ߖYgk0#._ه7;bN_(cw|c
sP^\r+/RR]*qBF:}b1x0߇%}k{3Cu,U1Y+H7ּ:GD[1rIp[Ћ'	%
/L;M=@8sF`0M.[nB=O.5 t:eUF^˾ a<
aB/17@;]gMPWy&kes4ݔ۵ډnaicj7\[c,nD׭I[8Y!!'#'UR醿MɒoCAҗP{]bK~P.s"yK*D2~47]IݽhHt(ƨ&uųTo@JVgxmhFQ[E6,ܧmyBEwǁss!~#<tf(s]W歌e!tkK@(z5tjުW\O&}^4ҺJ\v;@u"eϢd\~G
;)"|!1P+#He!jB)VuӁ8#
m̨=eS;mzaO;5(Spe.AXm'a,¨0"J=
ʡqJ[2f.r!k>6c#^I?~z\bzXUrHJD^4@ȩZӌAE¤dwVFHCa6xq6ey/DjS0ӗ_NӾƃ`ʸ{m+혇{g8$^z6CdKxl'YwN:fIQfsru!VPu%	c04."2˄;xC\yGy!Բ_W^R%Ҋ^2ZɻWPCVR
pIB<?k<ZkyAKBւkWZT"E%i-m*	50$2`p&dIߖZ[OPeJD|'{Q
{(a?Lpzq
G$"@Y%ڗ}Kn!"}}۱HXb, bIH/ggFQAq"Pz pvQ-;v́diZ𪓓pqQ;?[y
?$ݞ؅܋AlC>F?7g\E5e'nO/쩻`;t `ˑvsc'<l=&ǯDW2ʟ19}p]N'SXhlk~c܃Խm*ǘz8##<P˛	q*XU=bmy`m?˗?tXz-
% w=xt3tQb[ҝKgcc>ێۿub$n=ێ	^븐64PKqNjͬ]c3wu
ɨpߐg)b"BAER-X#RS%,
~^v

>CU3os]j]heO$ǸվF΀ᶧЧ<tfȰgsbeؤqWC^O	ޛ]AOs&hnbܞ*I*χC}D'BXeVm&,}~qOvǯT?R!ҍ,S#zkk˹F6KN/Loj_3$3O+Ez^{5i/^I$|=`_)WED*T0rڹ<0<@
RBMGk_bvjr,\B*_ZI@]2Ȱ_ya{<_Pazr7"P̎`xh";:wQTcbXqҰ?ǫt}nl		!Sna6q⊕_x;e; |VQfIR.k9x1~egO#ka0՛[s\hk3 X kurUlQ|rKѐPI_Ñgwz]@'JGF$tk2lȺpKU\9кϴ9J#T`^hc^Wl7N{/bo_Kw&ܾTdgnfu!ޠ$H:%s85gŇ謁cf1m/v`{p@]]'K1pO+
!/e.fY*fJy~{[æWgF{o9C6\:8v~3.4ȍ|̹+ud3 @FFl528" [$#_[,$T3y0df
#Zy鹁rD|6LG.+yTvQ"=%zn?ɳuԟ4rm/ EWYp'nT-T6s:)َU'<`7<:rdIphlh=B3%I7gKyDrEu_co)\.ω9[\k)_#4ZgԏFMb+3|<ѥ@9M@7:C54++x/	8bbDAE@MKb\jgyvT] Ù'1óObpGVx	n?ggՔl344,_tĠndt<Ԛ$	Ylic"OPkg<;~
/tbxcLxhG1bzw=N|Kw
e]Ʃ';i5Jy#:)VW[*͒؎|u%̊@ӭ<.)ʃIXS~ߍUtT H_LJuKmE`o6Mu)Of	~S{m<p:`k8:teSD썖}fRb`2asSorDG$/|<rd_X_lW5<
GlSZ#C^@(md˙\6$|JD+hl\Բޣ(kfm3v!ܪ1Ai_>]oMp1yu=9&hߣ,mM|;6[SIӕ R
wgr662FE&SSEmj9hRZ5߻]ϭ	E>Sqb_RwDk'eswe,߾A!›3f5nߛSy~z<xV*8hjmDCclˊ0r*`a+:	".B+v[zY~&\70L’$jBag׍kY˽d$WwJU-	nc=>,ppY[b D&AM>F|]q+XLɞ#H.0Ko6xEry-`3.QSv{EU-LXWOwP|eʱECMEQ'װeə,=|M&mnUօ"AC()$A'>9Iօ_x?[WVׯ8{vo!tґ~L2.ݏťa!G2W124Xvxetмs4r'g:POiZ+|dD<ÀܳVlk<_[ɻ&#~.x~fѷJ(D+bSqpOv1\D\BG*&M#F#‘v%tITlA*xBSLrd"N#M0K'7buf6_ >WBK6rO
7e4Q4⇽Mޠ<_(O2Ob!l'*yUUGSuͽ|6!dQa1fخV8."N:“Y<^@]
(ߑkvb5sA^3-ϗي
rr{k&xN׼Uәdk%&,Ũʹ&gHf*)+_YvlOT2qHwtF_=Oqz@9vm;Lc6ŧ1Z'^Fj)nD1.n~즘yOLI2z.ŕ9]E8m7KymG_WGKty sh[$ÜGwGcsr[N,Xɑ}Ckqj95Ȋ\0]:x$/;czwC>h{ɿ:eL	Cؙb~].ĭpNtM=F{B3f%w#JzFD"p:F<$N#yuqɓX{JA`l}]^5p:OVNU({Nچ.DU7u
ߖ$	s5_3f3>/ic?!|yPn$h\4{x>LܪD/*;Q"f*!/|eVjy1LZ	lVd$a62WIH=?V;?{r?cO_$,b~**aCz(e/#	Q^}^CG<smc	.iQ&;YrW`TU6hH9KD?(PG#E8!  G-KrspYAA.z4!b\0ZTVS$([x}
pĈug|Ŏ?rmȀDH^vl˓}NM뛜d	2-{q,՗Vd./ׄ3Oygې{߯WQNH^u9ކ(O2E5;}imPFs(ͅj1FP6o{wz?<~挢As5}5+jIUH\)/N
`%y@%ĉjk9w}FiJ`!޾+4^ ݒqZWnFf=U!/R
p^%w
|/d05=}q[+;_CW%P-|X*D|AW]0dpoXd}G:?#ѡH ($^fijB5I#OU;Q115#(
fLO3V[Pz;\4!튡0_/#k}c<v&m+rn{JNd_k6	*kBRKeq4\)1*8lAZ|o14g?`eQzEK-S?qj85dc1>@ha~Ў"XykvXrՠ&X
VغN
珓o[m/0:t"f̽Vcy|i*^M$6=@m߬^{}>ΐtQ[1GtŔKUaS0g'=.oתOѬGfY鮱/`5 kmq~|$OtR֞ Ea?ʀBS&|Sg,es.IyϘiAr4gN:M0|,$Yp~c/|qFݰnj7O;c8hF-6L5;Mv- n]-KRw
o=lGY7#eN"L
Qz!Vg+?Y
J,}ԝYKOخʸoRc!N07]R~&	%#r]HW2l{_Hԭ58w?vyfVy<tGB2-̶$}+Ie^ܸKzX}ryɠ x&r䬥<wf1#\_]+9.-"UzK^ɻk]m׫A핺=c!;\&;ut97]}~{K!7$?I*R	B/)bDY^A®:eMEj:lgIdqy|eV'E‚>Y4)jq;`!J8LKCk8oǼ;ix˙:hd
Iz?Gw8BvK[O~2 "lkWz z3(mXKb=߇_q3we|(_?oQ$4(Ȫs5غ}1al>oOchCTe<|
!:܍* 4
}$.5Н<u5?Ҝ(,Gr
3Q.q0:^B</*ȿ(ʸq;~osxu:WḠX`񶳶VVw2s]w&XLm^SI*bE<ߥ20.Xo$Y{jIƤ$x}X^ϯB?:
t"D}
Fv]؍Q/je:{7V~>.U2rq_	SuaQO)UyĥKeF(,͍VyzV.lmlo^ά5J:zj} *<9f֯
M~BYi&6C$B_>LS_I	^}0	n.A5ɋGXb Rj?;"s?<5/ED8N>LTW 7*lq8|=ЄJ+1l_B*oz
b)W̘yXoлsa݇:b'%D/cP'dڡ(vMOA#]a~O|?vB['vʍȿU5X7!w*TQd~9deUC
3@~F,(A=ϮR/Ӑԍ֞5_66`?/$c<j-բ1MD7QmDzb,"j%ğ])tF M~V(Y۹nP/SsX|0@RADp1l|)M
W@7zL!~Y\/4}#/[GP-<2w+95	y;#!lܔtʴPPgyTRylc>B8.]ajeJ"$na8:j:p6t5__DG;?=؏K;v8L1ਐ_.d"1H-.SMV[B=FNkKDqEֳOC԰}H~|x!ˑ(]~PڟVo.qZ^wSh-&-<,k~F^,w1
N1"1ڄQh? kI]lH4Z,.,C
~i(59yDewp_`;<#ƴ2۝Ze>|FSB%_6mݵO5J.vuLIJ=VFs50PZ9Jm[w.]y) i\ypkUD@hOJSKU&+
b ~l=9FCtB׿SED$Ok}0h2+
X,&i.:y>a@l6iQ{
4Dͯ>v1'f9?Sa2

y$[|sYX,yY,bѾK]$P^Wqdpv<c6ڟpA2tO*5K6Qa_ƀ3(xJM^1bk5/]%FtJy^|]U]~;}З=UGRТ*MJy> 8I0}U]@',a&z
,\%oʰ2@/oQ_j^tێׂدrii&#>l.0qf,8oT鄖]oe?MH>;

~׮nh70yjΕްkw/<h)D5ƒl򎛶&<E^|`k߿+59!{q[hdOԘ%"gpcϱ<rCOM+i8F105)f}N3L|zUHa٘}gЙ˽I<|džTE$Jh̜{t,1x/DM2Yt:rQS+.}/9z!bҵÞ*W?]iw<=~ߵj!폮kd=	7sFSSj>ҡ&"`鵖g|:&̳
%Y[㡠¡ӷO |Wulv`;{_3')&:٘@aDj|UYn^Xt91PHCAW_gۯZAj k+]b^ץص巬j	W)$ZavKqB҅EZ]a-q୵b@mps&r	q$$q!?hTD
kkDCY(SY|]ekJ_Ĉb…JB_WٗY-HeAM==3|rH65<~1$'q|??[GJ:F0$gh\йk
a3մ&Qt僐Jj@05*?^*~}aģ>
i8l"Q_];l1DvȻ~vU__?Pnddleոfhnu6F$ŵjhf$W|k`U*>	)*lza_[\C6!='N!a]7߰3G Je+6ԛ݇]i"-_@>>ULȂE?PJas2j~g[ōaZO/8̭
hcD}+1|@]:y9
זn^~հK?-"_P7q^v
.hi#X:5'ŷBZi]
bfn풗;nG	E+GqlSwLtڮuK`7Ffˉ0?v<f
Uf{o}!G[V"I0 Lnqo+=&5)S܀>iGD/by2 ɣ`>X+k}b:K9K7[~_J+Votv74{_PB>{:s{J@|[V_bxum+nORR~IoIZt:Sa o5ik<,dfPA5zםKG;\pJ*InU+3d83gyG0|LKIzW\C
%VLp>rb_|'$ݹ!wտ0T8
*z{7*z.ngfs
HShRdFRUyU/0	Wyv2˞IK<1czP6܂e`)žS6~'%S|`Prhm煍߉X<K2-|Hʩ8NOtJѪh.TSQ$.Bf0Q0mD,[ß ȽSDhl6	bķCiNYt׌5/kı٧b+;X"J|YKѦDc%piVXxKX&{=	&'lCtvMKޑV=l.bO1)E#o޼iʎ~u4~Sc<@]
A<%	%^##sE"!GuǓGX
1u3D
Pp`/R0;ң3ksA'6M&ƗnXpHM	ki7RX"]g?NE2;Ƃ콵oQr&,5_IS':#@FE({&y['#–ۿ9Np[ы$P-"xt'S!!zçld|au|PPOOvM[Am68"kz,341zndJfvmrjXʵMNfVqk-R0NBr5I!:37VX/zГ!/m8-1Dz/E<\nPo,Gb& Z l>PVhTrSk5<ysꑜ 4"fBj!c$օ%9|[*ΨG?`!}Tв]m\}ø5!m\S|X3V-0 кb^ctĸuoGe$?W p
|Ԧrovu$fQy=(L>͠᭓BMWr4y*T[?7GUЏҎ\Ľ7\n\'N(sc,
 VxLb)͉1ޞ[+q(:0wM7V}2SXOx{5d$İ'G1;z+(UW,~&YW )9).qLǞNV*ٻF/^֩dVDt'\}GMձ{c$zFux(l"bó5
ڝ9Unln\DQ]@Y^&JdD|kxӲ^%)͟>?ֿJ/U FߤWU̫\?YHlk7<`[W%Gѿ:-j
RŜn6DcMW&/)H!b	)0j~#&	L4!8?v#&P2\U9YsDƠ>~B5Si09"yҕ";.;gvN@_+]T*8`1zBgB-ط=Ey4'f̛cz
?U@rFXӎ:dx};APSC~iT8ηbj=a<uċ7W\^@k'vI<&Z9MT-_Nht!7qera;GofRC4RS(Qav$;@n2,~lsNh~@QY=s"w*=lTH%3b+es8NݒN<]ptb.<giwyjX=>6T{GX=Sm`~ώB2x[@f@:v"M}_Pe	s(c%x7G-t=vʎ%yc> [T0m
ىx@:iی2_?>Ib31p`Z1\?˕*UE!yҧ{k>˕XʪnfCf@O3\a(miKtB3dqY"smLiPOlW/DSo|7ĉXك+}t?ֽ'ȽunMejsE0,⭼eܘ>?ʉ|>>7>z_)fY˼#5͝:|aY9M9:/}9m2k$$Ib9էfZ<"13ZeCI]z9{u);rF"r-d`fYs`
Ϗd*7&ז:ӝ1"n-RoTHfjIwXJMyS/p*Ll6>;HǎDi\v
nH'	_횭i*t%!0"f;d{ڡ8aWߪ]GrL5NA9qXgbr$Qa0Ve.Cԣ5VMW!\ZiGzĵQ%,K҉QϻF+dx[~I7nč+4RC0i%7̞.hw?lx᝟CUm[3a6݂܆o u߇H|kR6CmM"JWeUTx;HN9PfYdUM?ۨq^8n6#QX:3ӵjQ7#prȎosRj;SuUxQI3>BP_)\]p2]=S{eӺ1?#;{߶ڄ7݇ac>h,\‘QdS{7t#pߝؙMbYx# _k`ّ^x3xk{Wh\l]9
r*(+S@-CFَ%1`%B	̌GSC(Ay 	1rmKb4(]7ys?|3ޫSGfK^f9x;m`I'ei?}K[e׫/g
$}3bϧ{?3Ku~#>o>I;ٰpb/9\;_n۳_Ov!&ooB|T>C>^ɾQINqfQKXOl?^j׽N9E_~uv	M([H?Gw2;(l'\սMy}-8sB\zϑ1{ߨ
κ>7{n݋BFc[o%
5
ҳiʮU{V'~uEu6<ZοǫVSxD'
[&yi֠z]CL2o"MV.iV̤s1qCVRtK2tK#=uXeŭX]1NFh'yt'E&2E"=mqu{i`A3e|bڧEE7zDqǫE~þ,ꭓٷ;wǿ;qwh#
g2301.N/`+XPSVMO-_P?
h}WJr!hxg47  ˑab[k>=&g-߿E$`wS½`҉/G$ċ'KpnuҬeR8;a5,иFjCF!pAq7[Mk1n锴E	0ZdtБWѦ]q7zYc񓁰Do[4*m6>^^#;|͹SWθ$<\H'
W;<&ŧ'ݒ>aXp:w;^ik5d	c+
b5<੯ʨYq$T"N,HU2dڒ(p :5l|
4_!x`ni-:ckNQL]yӨZ?c%g#OJ'/U4ct+v98XQsw`>xH`kgXd?AN%*ۢT'Y=	%ݷXaJT Q5G|gI@</߉FCGfWԝo倓S2Oi><g'9`S2xrvK)&p"#WSr0Gy)~aTM[{9L.qC.iե	U#znWx"Voz
^M#3uv
p1%[)t*ӱ^Da9
{Lh`۰Q홱p]1$QLQLU!P9#.-,[C)].SA]-,F2=1xo\$D2-ic`LO)ngBbcO)5lɋ7J|,G`xKr$4#YI\̵d.oVCF$;nxf
2VOae y[^}p)HtAv!]m9	# nFRs?z/BѡS+ofXާGmۙ* pheOu2G;b:4=rJj{26Qp+qdacZW:
x~69v|?ߚF&m/jBJ&]B+ip%?Cر6Xme98dz1Y+<mz;pTj~Jḻ*\4nd@aLQ$S'@4A\C4[lYNOjIJ'H*ZLrbvFf]TTQG 8<g#-JcIF5kfRʮ!Z-3
WNrubb!2={ӖPtG\vȜ[@5Jˌ']YC(2^FJiD毉^<vQUʺ$.79wx]sUN[ĝabܴ9ժH$YUE	RbѦ*,Zͣ<RR'L#r&Nu)1zAbv1\;c-Mf&FHɲጸX=^ok9Nω'a'<PqxmDHQ'.4*ZJɚ^VLn
	ǂzg粑NiFE]׫둧lz*'<Q%2ן|c,nToƩ%9+kST{ܝyUr$P;\"܊e8H!͛)>>!-	]FLݠ+tv8O!
CPA0/lWa1ȭA&!e*a(fΐ&l?V? z?XLHCaGv7ۥ7Soڗd1`5[22mt6.bPhI!n%{;mM{ڧ[7E\An!g4एs)@LjZ+d0-WyIeJLSn&cPQ5P'XhIÄ,h@P*%cH%6)-4=΋T:cVs=J%9ӼNI/J#Jْf~(>U]M	 m!͟;N+,1:jVcéP'GǦ43\2E:IBɼhet[N,S	B
/0-5[(%<7ID!SdkV	T^1R	!DVnEc9U{u
;ծ>ͅ,5J<
E_s@NoNlt.PpŽ,_q#r	
'Ȓ$Ǚ#Ck'e\a]@
Q:n祂o=+
K2t1B_#<a;M#V,3##:sdtL
\tdHZ2jzfx[Cxt-2>uږTbr-\)Gџ+:[rխ2EDԥ֩b-\Q-M4CA4,qï7SldB5:&ivGݯ{h1ǔ;F	(`,
7'aeP&>bۮjb)0s1by	)M5sRΟnhUo0}`N)mmݵ	NR}.fWK'`1+XuI[
BI$2Tay;|B$Z?p9TF:z7lEZ.{24U3e
}:{ډlꑑ4ĈQv/5Ms]#O܈fS{v<\DkڄV;];vȌJJЌm0u*2=-
:>CYu"^tۑsl]ItN^6Rkeq%5|WdnLzq[Mww[PX*+L0G!ʮtP/uJQbDMIwV+,l$>둮%Ę6H
/$^L/.Ww1P-	dŭɦe#=$sthy;y.mo*HIcr_*xǼމ"ӲUH+4p!A`/<SߒqPNwN[Xx2AiA ke3t1kHz31zYCUE2{d|@=}n"wC|%ʬq$[D!c$]E	\_q=iY5Af<ՌmJ-*|w%$\6\ơQ$k&Dǹ񶡤LoRZ4k*8s99X~$+^ڋ|Rd"莏:M$[;47	lto(`jHuЃڶք1xjb!Z\3h\tG	p2[HBN0oRDa)i\
uTkau<;b^2RdM&#e7򖺈r)jzW_juQ9/T>Q^;x>{DgJrR0\r
b6
g;.ixO'՟iܧ<h6q=닄n!rB*Vhqiʭ~.ܒxim>/Ki	#䆠uO)sSCIEɧp R
K[-Ŭ*-d-
((Z#ӚSet9&[5d?0a.},.H[ %yަJ[klfS\YKJa/;-gr\sǐ(6bdaRJe	Yxc 7x"vu9ж4u3KlpZm1XR\;|΀kft.zDiЙ=$MZ`6FBmg#3%(ם(uJyX}0%|nFF٨VWv_R}?	YmTk|NCdx"491G|WJ\)Q$mpmu
|kW虑)<2yaiUy2^.3ܯ5CdMg|Sn;|h--m.W<$;nBUv%kt&!-%Q`N:O#hnhJa*d>yv͚K)$q'0\fIa0S7wAmNXCC$E 7k5{'X=
x;jN6	w*AUŸIu=^ )9 ֏'U#HLHma@zv^:.C-Vw넦vwwW?
k!_;"Ds)2#S[6QsPYdrbBB
v{5OO.'Y8c|>]r:9&+=T+-R#
tNM'DeO{Z@r!/m9t0
õHLAȚTDɁ<l:"S
V eLx_LK
N:!TҾ`6iv09{I!
;wt ׳
tz8A,ه#Bf677g9,yd tsG'wyu76Xk@"Z4VsZ"Q
Nvk{I.NuvDȳ76`3XJo$$"̪O41NQzu[G|W5F^CNٗSf^Zi9JXdt{:o҃dHDBdZ
oF
zxX:~Ċ
5%fw!q(i%K5Ʃkh`ě^Ys*;7hƫ$`LEw!q1EH|E>Ha7Cԙ7عZ9Bcba"ǝf<bNJl!db\[t:Lh{yAnKL`Q^cգy.1shyKzv\gn[w@Xfr*	cfPCZWyi)V
Rz?@ri"gCǻA!0j|
5Vh78mvÍt?=HƸ}*ch$tʔx(OtQ;ND4b᪌7BOۆmct%3ҔgXPYR2Ei\ٿm(Hԟ>-D5PMR,9$B=yҦEaL*BT	|>	7b̏fxFE5P#P`^ TozQ)W@Bҏ
cB#l_T2:|ڄiA`lxÁt7htC	xޟOtE0bcٴ]Yh-sfo";Bi[@Uq*t;4<1/y0HRvP bPG:Kb@ng荶4E<;q75g"s@,=u@Jv˛LM,<@C,a2ե,36j-6L;fm&Gpn(dJo۷bJ-t۠Yc݈lIp({mk]"	֓Q$ATs^HDv).胦$C3B(kn&n-?J\J8!>pG~;"dbF&d1$ȁKiIQ֓<I')6T#ae%jFVan[H焈*HvD'pICDIgӲ3g1IS$ZALF|7ؠBa:\4y~+fbݣs2LR,S?g/#t:%nHNőԚ_VupUy
 v6pQ3"MLYvk4y$Ik$7-Gu)\
i~)_ljvTuZPJɌEX+qEx;qx	g. Q9%7`Y+)3Yl5
z6
WeLi;[8Kfu<h-]$#\cMA^_a!*f<nMnĮJ?F6պ`s"X:1#x̻tHߔRG$XA=6Ùv ϯFI?po26"sk&(BڄAGp2DzHFT1`uU|ʗC3Z=XzafڝVvMoږ	cCO~Ĭ͋L@d=OraXH2?BL oy'-YvM,xl6%f1;R
_g0aנ¥-L*"J4w&h\SڻnZ.#GxsEG6ors%!I~iI
ƐK.$"b^z#uZZbphhe'
D[H%6gNbѳZ`O.ER.27:9usT']檑uUF:zdK \P'IMFyM,.i8`C$/׸_@/a5|&)YuF=[pW:\Xs2'WwYODD{nap5ro*5ih~H;CsW.
{b1Z0i3'Qՙdl_e+Ep-1i$c⢅;>d/fC樴!4]d#hGBBO	k<oԶQɆLSyAy4ju[ZY@G}<ٜmlrqdޛR|p+Ā881OK8.b
4@n(iZ(1K^v=dѳk~x8U00X$<~ҹ`ƂGV=;VdPgc'vF7[KCMn'w:Ղ
(zS|eRd3ԋ	j~eR
1Y@<ϒ
ɦn(*%o"6B=^>ʚY5Pbz{x6%F	BJ^ªn0:wZd%:\gKn?-&Dh[!Z֓z^mlq"B㵵㍧`PXf`NpGӰJ}p?nU&&N.
ԶK&>#({zX}lR=׺FF9mWxxl%#TwyX)䕉3;fRrRY+*05O赪dLѻH՜-WkI?'_`O~N~lPW򇍞σjkS%yqa1BON g〡^3[c[l2Ҧm5φKTI<񔵻Fʉo3fꪻbu%ܝ2j,I݀KF>ƋN>o<t6P2!lKp.\XɥM=bjIcJ.azQj2;r	^Sx
JjWmfLIҚe@zҦWF(N+ETIͳFWEf\Ш(<~Mdz)(n_		h#y{I^\;,oMCRv
弘1׎9+lTc^cZȳ[1;y5[f5 ^}"v''lwFԚ2{v0J6bX66Ehy%[vz75+4cePN<ا!vR09J_'(ʠtOEԵLV	L;B\uXHA @3/1v,cQVb1a2԰"]OI<edEL4;KLm
2A}>d aRuizBJ(R@EcԦL\XRȓw7\>5$/}~6x<
T/4L5Lʎ=YBmGkEo\"90-mtA9C/\T]uVH<üUp}6`vJ}=$_iduҫؼ{1O|cBFF@L2U&sOS6܍lÚt]9Y_n8-*Pfm[5ƧCP!,x(xTgߵSRlOr"ґ>D&b,sh/+jDCqX;r+1nٖ%wQc+[5b2Ms,nlȱgVR&K*AnYU@
?Y*7uS	TSW+VۓUǏ,'A¼Estɜ90m MSSWK ĨNdrUskp?as]:Oo
R,%쐓|[JSއ@+NuiҊ>p"[(`נ#u׹B88}-IV	tBe)Ĉ	.uDlւ2kh(7/k3ffAbGi܇hʚqrq={-xٸiڑD7pr8y3 j!?Q9Dz/\PL\נ5x7wBjK[fնȔT=hyE&
LiM({i]рoӫ"+c9tt*sѝ)`(I@@V9tFm)dfCPƎ+BAȹ'aI'3vdd$*s#l7l{5aT{A}&4˓YzCfW,
KP{|2
F=Qxlju.x^s$UԨ$dmYI	U|;,.bbIPf+hj_|~RZgyhCص?
}tQyf
üԷ>$0>b/
L|l\l^0Ӂ:fv4AH1Y=[:^6=Xc!\]r(Zf%L][:ۚKσV`VQ2m50fJ\ݙ\1Ŏ\WihA7NE#e79wh$
Y8jEz"XuNg3-$W
aW1\)9ΊwH1qic|niBDm==wt)=k	~V%`K&Riq<&RmSrt{'CH%1xzJzocՒh|H݈|1uXt9j	\ccI!ۘWxbtZ`l*1A_OˎA2,Js£2%`	" ןBPK>1
@C/ mjGCGVgK8sܴA*0TA-_]N[@J5WVdtJ/TcLЏ(4^M6
gN8d99PK"&)>.ɡ#dx:2ču;UlKacYsQBiGxMvu	TDVmhO
5	xl)5vIA犪+&s>8dx+ssdp%.\
=M
l*i|~'.S×R;@1ޙltT!mWxB1 fԛH%,Z[AO0ȶ>[8@,QĤE?)mʀ=: VRF_'ZKZR+FڲcKp\itl
g(@70')g0lMf_s:Mk.@jOgTDY~[e	ƀfq?
URdUG`ɦk1cI$~+sQg~E1l|:4n,g╤@DB_=|36cuDhVyH"J}(d"3+fi
ߊF`4~pd-`=?6t!`Pf;}֍"0`h		8++غ!`Ķs
!rl1S@1\[v0ˤ0u16&0 $po4{DUd;q)r
ыpppBB\[}5*FQdY.T|zw59=?L#Mn`74=.UUBעzLēW͗6qC(!dVF=HM\>r^@ji@"))
!ّp+	955Y20ôrShX3c!9(d17CK^RzHnXT4mqXA;4ڴ7z)	DസX|34C'Sm',g'%Yl<M@D@5n܏$gF+DC2&<$b{K9{4c^`-6&
x){t穫#UVKT^mclQal)"KlUړ#sRST[&aOd---!e
Ⱦir<1'+冸R>q:ע.}0n9иt,܋НρdWeX}

UY<ݥp3(_"}zGe?lZ-y|4qxRU}((c3Hoa4$SO΂!¯ՖF9-ځ"F˰j
͜Z?)֛K]Nro, R$:*)ٿC(KCf.+d%c,jP!sbrL#}j;;?s5UUiHH8ժI[/41SX  LPpBDϚx*T}jpZr}nԚy4^Z48uMBaa2k&AN0>1_i>*d>LݍZϊkZ?<|>RwblB4	ԣvTI| Zv1&uSJsa1f6:Q쇋qC/'@nZPSgK
`Pøф LjFg~5O-1NK#28)LUT
`ʛD4K-IR^!ZN0v/3jPCAL6B7P/_hH5c"fNHk&\lHfLboc_!ΩQ5

ji[׵ADa:ͱZ翓XĜg[ֽj`$+X.7vwvM$/*ĚY߮$)k>@U3݄AaDOA"(}uð@	=޷I
2L^(*i9j`&Yn]KS3eXmB+PtʕdKjZ1Dz^Aaʄ=_:xDLܡ^9"֓ɇw\*eIVbS#k+LfZ$q-C,E\ ŴV~~sEǽ![fOin'of1rTJ]86WiVqÿ́M?~su[da&f	>)&ǵ̬J:ރu
?*q&ƶrz|M#`TdH"DlQJ	U8c]E˪mw[Tk*Mnrrz戲3MJj4Civ,j;ڞo=ٮ	YO"VUy&?N0帙)DdD[:!+3f
4ZYsIGrɱa9S992MrA&j/bvc>U^flDP̸e^lz0m4,'yժb*4'D	FĹJAv5Hc_
Y|U^?=;BsH[vVUOđس/HEzՒ
?zS~Dw\\5C*`?dHMvĥ8p8&8qyש5ET|1kBd|\srިCkX֩q@>]F`ꍟNej0o3"[c9QAD)l*8.RW:5s1@6ȝt7I᫡)lm[\'uJ
iFF5EMJlj۸(͚"2K![ݚefvNog	H^hƼI	e"kt-7LH{b~H١Huy^K-P
9l<Ŀ>=c
P6M4CzyɝdXMOgE%g0yӑTZBf#y;ͫ}SU"
|߄k_)`TEe%d.nrX@j鋟)	Qh*:L8ݜ2]1",.
ӬyPnpԸs`]y9Zha}:hT.u7";ǻ^@83h2v60{`d_G15TW;"m(w[2TǗ7KhS:Nl5y-Y~?v "p3+-	-…~I46˰3RaaŴ&g@f-{`wl)[flyiYN=bZ`+\@z\6픧~Z={UwMs"lJR]	49(ZU\5t4ođnǶBGÁ<Xܓµ4ajDF<$-@]/0}DVսyaBI&bح嘅q3f/ev[}`l|m`_jCT>IU*(45U>ND	
*̓_#Z@!t-w}EפSgS3\?$\P΂w;'gMgF(!&@gPMn1LZr&Ob
}Ŏ餑@Y``R&u5-t<(.$H#ƹ#NAIc7(kROc_X![,♂t\";zNk	ʤ:,8-4]LJlVm/VvXB]e,.ȳvYk:| ]#	U@*8Ux,
ۢj6R[3\7$:sb<;anUf7C@.Vַbm`Ϟ1NtzRf\IAibvB?vsуڬkHzށjE$zyCQc<6Ov&av_2Cב#q%h5#^Z嶘.b(,WsW);
6fUƕR[-2c.)re!"'Am7_	quT*	+TU&C(mPt>m:lڑ\n2YL^/fc<Ooq{R&NI_Z6_0<Fr+|Tμ
aPK
px)[E}qvC_K;;=ӿ`瑌 |ڧc}E_D*5<הV~$kZ)hN
L>{}o!]$s
;)/T-ϛPSk?UB}9-5Ta[Eɾ^kM?VAp5l;EgBGOF:HϨh߿MQ?8Xӣ(´W9.dOn)C-ۄ.Tw#!||Af|MaR
_|x˿l|[=p$hN9nwSxrVcKh?>q;)c_N~ g?.ЏץFvI~s9u.?g	'[S
c|x=OL=Xdik=rǽȧ~4rmr#Ы*D[S
2w#r?y_?VáQ~g@Evk}}=$/½Qvw^;]IT4z?~j;/gO^N>_vҌǽ_f[=O_N~Bi`;3;r쏱|}O/';ھ,RCށl{خ!;?@!+DWU#x;9vWpyz;'oKgI|aig	}~p@,6^d/iӳE>V;eg?M^ɕ8A81PVLH?["q콖>D/]i+ *m$a+yoU!Rko#?aL15a\<6Mfn^PY;#3L)ksSm!m|
+%7S*xc$Y	|F5)EǀEO
!myL˿2;LF@Sۯpخ7(92#*]0s*|8~%_y߰&e6H(-i&д߅uT֏nנI!v,D!L(ܒZ|Z=Tܒ8PUIBgqzOiݸKJik!T~o<?ƺzCb_rLh?GۚeUn}*8p:0 M7mI0ט5u{d̂O#=盛ǵRUĦ+~@Fkd;ID>an2Hǯu]gR$1"InI1eAGHfT}TUJJ3f*l.f˔cӁ"G
S#͸LqmO*N~
|5kRe*-?)'1+`C)qf|4̄:adVޖH꿤QR<T/$}`3Kdc?,xͷt7X,P?2xrz0^24~`Cj][xSysA>%K'`kr??0Sk٘(܉AT+X<1+miv36k+hfA&/|a"olFN=vs
Ն$`X/z⠋FfETxs`FZѯNXLԆ—YpcOοDqv)%sAHHxfH:9Fe?(g3Bmvgu%.5z!2>xmROiK[d1BJ0@si,
˶3[R=biZԟ`XTwvuY;FrFIwSNfAda/DRz$2w<FMuWחs5"H=px~Ov~['4xBd2YxS6idhFN&'z-IZėYcJhԊow?Zɿ>D97#ՕOXのF2?Ho*og~|.r<K6M,G}4
>(jmH'ʧ,LEzbQCr?@-e~mT3EG.JYK3hEm禔$6r-Lj ʔIT:
ۍȟVlllllll|
=-̓h?hxo'DH<l}+:~afS䗢oݙz;~j(hMEC۽;Єqz#9%	%f֐*EH6qB`Lɟ0zC)R<265HbSn'n^ eϛ
O# ]*d('9R6D+-˳?UL}@l4ldݽ)*	1I,Cj-MM3EN)6֧~х̣ߪYνW8sLH>l/c|GGHГ}QzSN}/^f(繼q43֏v]R"ۭ rX?k0txAJO9Hzd&)eHw'ʎݹ^ɗfJJwU_ߟy|{[)/fSn^2'>o]ߺĚ?
_<^ɤG8y'e`
E1ҶzdQ'(3mV3&Z"+R60!f)AsW,Nː쩤,ɾ#JL%ķUZ߬HOvՇ	>臿O&jA
^ff4qR[rfh}/GRplYJ5@ێ񮷄&p_2ur*n,kĘr-Kj<2ɑ|dBg>ʇKJjܽLc짶l_Ibαl)G}<20H"6_(6(Mp#K^/Cz!Jw왊~\Ҝ7_sT=|@.;wiփΙeY0]s0{WUS$7TR3i=(-B<#@Qh1i@MHXomT>/W3FԽ0&73O@Gkᓿ>:̂2vזC'
Jۗo,a?hR|XI-3GlDDx4-$Rtl,;-Zle^0|8Q^o2~I<7[˕Do
-XYf)񪾗ZCͯłӝ@S:8__K=7	MR
_OAxFMݜORZyfio+SB:fMܙ؏i7`eps!|:~E?>QMl":fMkϤs?5ߟO^W&4]cSƾrb]&9^(r{)&jc
rٯ&n@oיO*2&ro۵9к29qJt|BndYwVX\|qr<Jgi2=K2%?./HͼZ<"N6'_BMMUhy癱"vf^ZB[chY-lX'./OmM1TM9f#cwoCu"2Kv	b"_?i'T;aϡ=
mi8RsM@a{r&{Pb~mpfcp0UHE\"JU?}o#tXD[VJ'@}V_̱=7~s#0	T[Ĥ6gOI02w9Yc(-Ws[T|i.68+c埛ʪԫ?~6-Tfzq]T&TGXdS#|fkiQ»URCQқ2HH_L
'N#Si?'|pEL~p@f
55M?_SčR< eCҫJ6H(+6Jrυ 4_Me9'vdn4LCڷ˦?)'mկNW*RGm^wO
nҲ7~>?$4@֠N;0e%	+c˙|B.8Eu5*F3ܚhߦ"͹qe:x%ܞ{l/?#$bdu7Ý<ςDC-6VI
B"^úҏ :pxUHϕG)#B2Xjt&>$GkVIpd'W
ޖ8'ltmM3k..):W46h-=Q0S9Wq^'LRf),Td{yN
˖6u̿ex xɇ#q*)ﮉ,pʖyCsJ\de$(	nYR[]A(m/L2g\-%͠SfM
%^
E/\gYTsf`EqABdg8-:q$`gurtB;Sڿ$`Kj?zj||횝p8]*!º2ќ"ɽo7':q9sFM0'),G2!I>F7x*<_Ӊ5pmIdW^ZTX6obmPH(o;ч59Rח׽эU7,[=CB!tvM[g̙,`؜sn>JFeIÑɵwٰA:>B߰W\4䒡\LWpP5X;wqݣIM&r-8ې,H@
hQ5W7n7RpXzI哴O5ǢPZJZ_=ńw2[l8O.O0O|Y3}uԢB2_;.SʪaY~5YAWdTlLQKR3ʮ/+62
RÞx[!$Y8VxO,{sy{=kfQT{Wc	s'͔"}jS1r#~^bbN#j!f6%H}2=gX;i̿Z7
OxӾjno [f<lUde۰ښ]bEk`u}!۵]w[}郣+6V/ר3)Q~(Sn~4{
gn.q9>ߓ5_+qPRClVݵoج+%\Įpf߱O}#m,X?U[rn&]UۓDzGY"?#.|^5B3m:řs$n@Z,_3f?N}2Cpӻ\l
I|~ Cg?A\tSw
[rkku%c9Y\0x]v	]Hqqk⓽5_y5SlbxX^`ƃeCˆap:7HƜU~veT4j?EuZf[VzE&߲FV4FEZ2 tSMe^Ek$Z%Ãѫ 6WWS"约[k+W,&gZdQU}J3iL&T(h;ѕIZfZq
+4:m픽~UH߰uu2XLSbu*z-{%;%dtJ/\^+g1ct$M7!\ڧ[OK
}[-x^XxzKݽ<=d(v6j_\/Y>S5J"0[n!ԡVgz'Uo:d,Yޏ]v%斓[kY\/+>FllMΎTqfs}VhkE8A1:%E*֋]\~(*y.1IXT>~-?2."R18%}`-dQA:@vCv1ڟ
lVؕ`B~e0٢ZZ5^k7ӷ+7;5	RB؜p,Η9EMq6a q]B!|M(^&~=!bMqU!Nm<_	rB=ȽMP~mM9X|M|zMFA,lSoc@9ev07:+ׄ'6*ʑۄB,ױ6ʉpnb|ׄUl"Gܩ2g>i5͡GBP|JརM
ѹXu57Oѡ荀~MjH_7Y6Jㄦ}tQSlT6a q]
Sۯ	(5\@r376ƬoPTxM	%pQ6FQnCo!Cq8E8PGS8fx'J||i4
dT@s7!tZ%_V~D? rʹ1&=	$WS`r9M(^M&dU`o]߄ɇ2BM!e5|*ʕMقV6G˕{=̒:aeWfhyfZx+D/	+j(=j&(8a))@n|	0ljb(?!s<&=3#V	aWsz{$
Sml
u,.`7]Y_Um.W|nh 
n;^E&Zav]r/;F7{X~lɽ+'+!tR+1/Ȼxd6]Sɕ g}HɆz	
̪ІK}Wy>1_,ϲ]{E+ql؁&7 ;;گfՅV`Eተ~m@f
ղ+֕ɡd7ZJtਝH덝&a/]{KtELѢ
)r=Tc*hix
Jai`!dah/kO`ϹtpLUOTTOe!HSDbH/DQF,*5 g馡|~SYc,ڸhViڿ-/mRh5SQ]ÕT?ZkeRC8crƧh폺/3I^UidETe4Z>E8i_CeLWE}
*;~4Qg5i!*ZUh04PQ
*tT
X1kXZi.d"kdNk2PO46**k25L")
X}P.k
Ux=iM]{{*`-5]CFjt]ӯׂ]Fk*7ÈUc.d@o%ҋAAf恪;~+ۘ=[xxQ.&/<j'yRt'eRy%~'0yR)姏W{:57#7$%7\&A7*
+僾1eŊAJmTTV)7E>ZG[eTh\`Ӳ+[mds
\r5'	9Ij?Is
Βhբ5jIH9Ij?	s
t5#$ ^%kH?-	X `!6(K(VHz$$bFHC,%dlp=3zIj*	Ij)|yڧY8ڨTFK~)%Ͽ>jjS(\I٠-XfzHg$bd€Ւ,=pIzHh$b6Dm=$pZFC!#,($Q!a
P!YN\mQs
!i<`ZEPX`c $q%moH$FAx.7VK(9HčPeDnQs0nHnA627VK(9HЍ܉{-Q{@Ipjp{D{zX-ݣs:
!=X-v BDY9f$bvAHM=B"===X-w B"7zIX-ޣsj
!=_Q9;H荞{VK($#s؂jIŃĞ|pD"|""{-ɣXs
!٢=Q9S$GH#ŏZEwoAb;NoH9L$bAtQsHAx7K(V9XHp$Qs!> -ɣX "!8BB)|ZGA
8PDbpĖ$bq9jII>>$b('qd9ȿjIa`>@Is)%Y9HH$G!2.pvs@Ւ91}9"jI>@dd$bH]rdyGBVK(yNaB"a>2jI*j2kH,X6;$b\6$#&sQ&$sHy%q|dh!q26jIr28Hp9$bt+:$GHC<ZGC>{i-qv>-IX <!<|$b}#H$FGCɾ	X-/ty:KR(VHy>">B2Ւ,<1B"b:2(gINj9xbo`7lѿ=T``i4
AYbUj=o*dnکZvG\tٚgiꥳzmZ)UEi."<Qg`Ge/[yA3?/\=vq+MءL06M6qT<;cLjLB=Ԋ~y^dNHFD"3PW!D!튈^]'̬y9OUu5).TX\&g1[
8i;jLx~hQr]QMé$ݢDDITU
 ˔|X]־1Hr5"?!AkIOurK&ՍcfemoP`
6\ZoeV#ksYH!Pn]J
bMkR9HL}
{amu0싦{!„U`hDEY44PV8SƍM3Fҋ26mJn[A*fjY4%;i\1lu%⠋4;˫,:-ʗBlMggիQۅi1Шw{&[ry{1hu6"jz7CL@",ۈ*o.T((3t`*
ffSF#gG7Lj"|ħIthh6\{vUϴJ/U!QEq;):_zo#j,k
LKvK^8h4-oU(SF\f
`ΖFX	k*95P0Ή2@@ej&br1<-0fn\4bak	<rM;"$: а}tVQ`yzgl3n;%7/Ԃ=x*eaGdk0@JP٠zT
]JCZ
;M&s43.:bU.PfBV!s"(Rwȿ)]-cjFC`E}%GXTL7!MC4CZ|}\5Mp$LWYc]vhĂTPg	q>oĒύ2
q&բvtSa]FT\[NU젙LrѴ~MGY12&f1tm=XqUzYj\郡#,TGMQ&CtŎ(潡ijH;g}Gst?˼!}ٕ/hN3>`&'J\="E]ڋDŽ]luORHVq
IOa$iTڽ_jJ/}1Bܤd~.2c'Ū̘~=sѺ}0	GHKz
Z%Т	L<u'Xay/E~DN4h<ԝ
02"!9睦^."D72"6}YTIEY/ZղNTXt{v1~|z'@d/KCyƝ
:R.(f*|]i\'~@i5`DM鷷wf50rv$/M6+ 1J[0Aw#}'	&ޛi2		l~)^c2&Jv^1+ZΝ@P5?L=
Tbc<k1 A3T2PE^]%$o̝([QԶ_ǡ>)p	~!8;[{ƨB;\A%yD
<ɜwLRRtOK\֟{fH{%k+Inm沷ɦq3$\!xTC?@@~!<a<B8q!BYٴs&A}6Opx#}ws\;!w
rôkGwlQd6sbTO<?O~x0ƗCy4dݜDXH@7{χE݆N6m	d!sI"ggOqfi#,uϝG{SJqH+ɐX:+96wN8
~~̖ӑGG~K	<CwIg7c'J_07_{|sQB/nxR㴿<Cw9/V> ƌ2w#3%<xOŸcw)#=3ܖrxmKcy(Ͻ9R7el*{х8ľ*/T{g$s,AA=Q`= ƖRQ#cOoċg8
CKTؔpG/	swU2(W~:Sԛp||"	TfhI#>h@ȷǾˮlcp0rSBIUG:̟3Ppj~{n#ZoX^h_h5O%mqaj7Nc>4&\&pԿ4HXcJ IhM/}2eohII.gM'u2ddp>dPB)";#P)5 2y6./ҦQAj TY>?YAר٬?6m[L@3M]'Vopp2{)lz4wT\=gmiMD956(s']oߐD4ccQwpmY2|vTk
i{-=*mR4|*icJs]ݞzՐ[5c,oW+8aRsAY(6"4Njm/{lPҬ۝Iڏ	9IG5P'ݠ+U
<;h
Iuͷ'%-xXJaQcC1?ZC,$ۏ<T
硈56Iou6I ϳZ-
3{!e_8i<ouO&]6MD}yDaڢ껝*aA=WѹrUYo<W5y*p>g+=MrVj'
IHmΤQ[Geǻ)1W_/-pT9OWEoH4x-J*,Zƺն$VTjQ*}Cxmg50gw6׋ʤn;ߐKiɓmmA*c?%KHjM/2#Z'2ZxX#ɦMژ;ґFh:hX-6zPOڤfhKy,[lՅyi=%(e_TuR3;7][i#
NGa_腑E4AIo?*p]YR4ݛnfM֍]QOTŜ3nܭBc%V)K</7\ӁHr')`~ٔ@m9im_.ӑ߆'IRlб=W)$_=tU}|ܾ‰,a^0 mA-^H+uOf1o+|U#Y[.]$?`UdGJqUQm%5E:7!"}mk1h(:򤺥aV(YVrVzׯzUlqvC?,\2FgkBh/r@@3^_ȗAO/
i04.ia{KПKgBv7[.;Oy/i}DW]#{4$.l UNkUߺWZT+	J~ν_xt`X/}.~F5!_5K/ã"Ɨ0þ./Y42^Cƅ-WupZevGc?\*R7+Δ5^}l2BtN/pBȣ9\s!D_KUCjRت 5ÑTU/~a%|+gy$&G;]mWc|x^W
ĵ*Eg3tZP+kp+^:z*&ti}ŭR"7/0<_`jgvUhjh_¼4^5_gEU-zm+l|/K|:c?U},>v ہ}@QwhcMc2hDoIpЌ-ar6ASbUjkgV^H-Ik~f`6zۮc#ZzWޞȋMhfRb*y",b {7]*,
F2 
X͈[*mC=DbLmŮSղhH͖Cmud
jmEsts%jmlܟ]|w'T
yω'&|G]xu\/s@:D-VL}ӱ6ʀOO~HLH3u
v'NfB_-vzc};5?J/)8fKZ؄I)S>`|J%(r:hjAۅqWUޟGBs71ɼ]e_b?QঐIŭ+?Q{wxcGޞo%UWwjp_Nz4Exn$/~UPBҶw*;;ns,n@UiR>3:.xl6o!3Nw?mʤq0uMQHa.	{&B5Ѻ-h/8fM`|[bXе!bCoGS4;`2]9QfZ۠5ųnשn}ŷ0)(Qlgti.#F2l„p9GC,Y̒ˢa63r0ک=aD
5Ì"}AL`%bI89^ކ{x#nt%DBh*wFѩ[yhlM
('4Vd5MwpN75Gx!V4b.2s<`N1rF"ee.oGGy+ccsL=BL_CAo=
4	{\C*,Lġƶc!DOO/9tK3cY:L@
 q'{(NɃ`/8R)Y7"X	'L3S!Apq$p0aI(j9,*S!గ8<v#Wn;|Oiq&43Q_mTP	2zsd2[0:2)c B$>Ka3XT182/8AX9)g8َ1f>~6CER~=\P!$ 0 t=cmT󯈔ڒ})=O6{M!#p:83"lE-mS
rµܷL9g`fS5'*,vM	]:kARZ>
2~ݙa{IdfS֧`qb#tѹ
G29kCoLqc]3ڵA/74fĐhw48ܜfc3_2EI<:PCh+ԛx"|~r~@݋3cONσ)\Nib.ev=%4SIp*W	i\4)N*3pj&stӈojBTGA[/N5p<z\biGLFoS	.&4#8-|	sdg0sKCײ{I65v;d2BHE/ҞEJHftD	i9ܣ}`oe6
pX&m}ѥ&;HLv@Y$܇Mƴz^@mSdgM͉dp}4C L_&j@WSd~'fj	SFgbsum%up10d'~P3л:z#grp0E!i*1Kh٧yִ
NGa@Hm!VY"T=[gyJ+W1P0U)'9oeG4^ͯ:kljjV㰜WH]^nt,嵌k>b]#o,$5_$2FPѣ:H1ѕ͞eLnu(ʗ5Mpq)D}ghםw)S׺n*Cy\L|l!dDRҩSoWON550MАF0Qm	}?֙Ce޸ax;D.]9h% vq
G\{ZFmQuY灅1uΦT:;DٻYp9P9k=MBauΆD}z{U<j83*tZzZy"cs)` F2Pam!8Dx?Mg;vݥ&[ng^inH.so
_zW-Ĭ~M?슁һ'4sycFQpcuy+#&ЙI\vi{cJu/m,~|	|k->'jK#Z*j(7T0jcHP+1{n"o*FɪZ&+Cyc&c/tJUԟގ#
!d#enJFnӁDFU7dՋީGR[d"
! wc^mO&0Zt`89pɒw7PӉ3ŞqУx33ء2sWcLp~kQW!!$`'pm
PVUZAM
jkS55\CT6,-hFLjEj@ddv†qXgI95T1]vbAO4/>5UNCyȞ\eC;Ŵy&
W̢T\]*_χ0-Z3Gjew!י=PJ
ra52 :5儹٭bKqU\n䙩$Jea/tz]`ҳN*Eb# <;Ñۗ2#"|Ǚ@,0.1˱*RV1Uc4r\42lgCt$Ia#Xtdhx`PT潪8`g*e<X`8{%n3=y0q{@B/qbFsASkxzEڞLYkF<QΠU=!@۩K?/Ӱ!؟"bNv]<a
ALizfJJe:3jH潬u"gQM]3rclZkh.B#`6`Z'x\㖮!F P1Mhc({~흵2Є!2
Jٜ+E:ַmDKdW?HQn2ͧr!OO؇Nz))Ρ+ekü$]HŌl,:1P!$38)
[=Lbg4rQ?	x^Ms5hf`T6t׍1`y!|qӭꌨ><]4}b6,tܩʫiU̎],PJAzhL*xSAm'TI
14ȴpz[tPP <ӑ`~Nb;Tͥ8+`;O
5EUknj2s:a1S

|t!풕ꆯ"SP\m*CDMQPO{-3$eR9ɞ.eIwcVs^GNTsњ7%҉O&Ÿ&zSy|2{Gt-51mlOњDģ>@qSς5"OXBUrvj23"$xX׽Y"9Ň9b7}zq%s3La(b$vOm6<¶('\T*=S3|@:~U`y0 &'HP$ɫ89<
%YRϚv^;28[s'lc.bd6ws0ݥz*6N1W6*3ClfOܛP-W?**:j-I"*Ɗ1
OT5ߜyT{Yk|fM\|{UkWEVH[hhXׇ1=[-UQl_PVU
?ya~^7%y}D<veWLmJq+bjkٱ!W3#T\BVW<V>{p 手7*	x;}7*! #*(*<NRμ`R1UQ0"N2fh>9wn1"J!h$:?UT+&.8xOעj~"
"H[r(/@+1P3X0\CH628ʰL5Hct|چ-%Z22mRb=LC$A㐀9vi\9{QHHOwJz=8$n1"%c	.zrf%	ΠL'NO(1_'Pтȡt.%%lZ$Ռ,{	f?lMxo98[e¼acx5#6B@VQ+V$S ,_B9iH?iH8T6bc-k<HcʼncCy<v0ZBcrQf-Q%홖C҇"80M7Hc	b`Bꥴ7tRJ~dIڴ-(q^5k^6plʁ!JB`l1eK2(G2*'g}`̘%x ðf$sBЍ34pؔj%-r	ЊZL<W])kR-آfCH-bpZL:aӄ;@[Dq)Ya[ĶByMypCтy2-~UJy7WctBECe=-WʱL=2+c|:EEæIT yKje#hᴔGc(H0s)&Ԓ.$'7b-I&01Owl̈́\ZIO_rL|i[Lآ1yRx-[E%5GTPob0S(n%_?uhSo~QkC|Sֿ~{AL)GQfEةH?ccG-)6ͤa yc=dL([1ӹP|׆T$,q1nv1yaW)>T
H:E̟cL(E_v9/	cplx,\	yBo
ncԂDSTZ$=	WyB=i/&7c{X5*K1o# z3|k:@@<bf)Ev!x喗ge`A#UTzt$1fcLazT}/M@^΋1iq4H/"r*֒j`dI(hz#1R"u_u7:d$v=4/_&#9w}d
$,TN8Jfo9<h.6&x.3P.:!*gI8_oH*|L̄4(q޻\&xh5TP{	cl-]/q4Tʪ E3FL821z8$Y=-7)|p8ݥƑ5]%0݌MJ}8w)2g	¹KfF2f-\
|Y|]_uzx'Lw	DkPcZIefI>hɿKh,wG/Z*"_JBpQu q>rj/1&,Pnv!p1cA4zd2<
3	9FЪ8%1^BvcPRc؋=FH>1`<-NGwUּRܭZ
'Ж$k-qxYl@՜'"9fR.@l+a.b\ɩ
=g}3E. ~ʏH!ue0[C|̅O(a~EN8)#l<W Ŵ:1n(F",<ETqLcNE!'*jhlsY
]c˅Mi?4!i&&bVzY\óh#ўzm[(S	VӫlY,E*F˻a908CxDe<ihj$ҩSkF&&_Ɨӌ,bIq+g٧:
/):m̮7ZTE	!)9|mkfO"vv׷Ywp-]IڮX֊؝QYhՂ~fTdRϑ(]
M{hnJߝ.ڻ4pRX(b4-zmJM#6g,ٷ)K-f}\$7%XL^OӜ~Y'[+;I%z*UgƌIG9a|rs$m~EZU{ufU…kg5Fpj]E\S.v)N!R	@`LۗDSbjT4ɪԍKZ&=nJ࡜_ӭZ/b#|ޝZrrR\\4[9\햚KYgy;DϤbr"b{aZq3˝CˢKN_Ei4ofBHlYwsA8yxbv;HW[-Kgǿu|}mZR1ьJ>\ZrUNљվ,[✩AQS)]kM
msӇh
Mۖ._ZjqyzxmŹ3Yo4S[r%}t5.eܮ_P;Ԕt:^6/g-Wqy
Ur+6\~q|:&OiKI]]\[Cվ$*&쭽,
^S_0y__:9M,.,'~&S/i!an<L'K``x_" ! hTM=a[E,od7P+;
WN^aj,cp^UQr\{QBy˝1s%؇L9Luj{)}X[lh}ޔBاxniv_uspXl3[cWsqAx1jkΦ9A=BxsKM߅J.~i[Xdzm`'f$'vxd˟R3bo}s9wog	[X.z8E\tIR]rQNg蘩[WGe=KgW?36xΨ;seyszM+gqOLjƉhX'TۺrBS,H!lO[RTiYK̢>-\|r=ם˹35>N%,EΒ>Xٽjrjj.WE2Yrګc,5!_9C]50'
`&Ev>'_gӋ<NTUA烺q4a[4^g1sl<ˠUʥ'D;b&:y8:R6^jn'
fG6IǻҾsVz˛;/i[U\Ii|]>uDe'ԙ@al}-N+O.ޗM^ei5[7;od}JwQ&Zr$.t&󆆭H*koUw5F]ƹKC9.>^{vם(;כ'{/{[}:V|<mcͽo|mG&7ms 66,޽nÔ*9m7
vIRd7y	ɾCp42n!iLI$n6p񣍦͑޷aLm*Q޷qm62كFF3jdEws(xYvD-(݆fFG6Rg4}$e1F2mx "8Hjd],((+?FAF|6y	
JAB[{^Zj<YVxڷ'ȥ([}%qƻ9m2-	VcʙH KGpjkMFEj_	5襅qmǾ[QV7m2?>(Mr6UrrGU9W LlD\:6R-I9͞Lা_P$kS|Hm5-kE\ڷ>dQ\'V<wޥlŭlsd	*]xUxHAu.WNڣ8d$]?]NSW%Z"v;tUj^yWcN;u%
BlEYj0<`̹ЂJѫEK*T"~Kv֫8;up'IvaUR;16(^U~s82D.n1y;q
_]E	~zU]d5OX.*)\؀zD:>p3S[&Kt#c?惋:OJC}xJQ2.H."mL9x>r2=UdpnO=۠mtc)E*'E%{XV;7!rkv0a:ȗ<
>A+r{'ѧ c;W<fI%CS݌mŕj3psE:Xz9=iTcs]dQ:gwǰn';WuI$9t,UyS`0=)(C<FSBZB~ax'S!].v+!\WYM^_fb<=kdwF>dTYۡmp9OŽ/)a'CBY;%uTc{P<d5W?GW9e:+OW)\D|Ha4ئqȺEZnvk1OZNƶX+rVF*DfUG!!rRU
m3>C|ϵXGu?⭓y_gg"Ր[?W5=nik/iY67f;po#[~Cʹ
owV*[7۴-!89’tߪ{/|q?#EkcY=^d삉wNEշ}/ut;}WXAG{Aߛ2~Amg#Q|?
o0F_hVSƪwe,Ԣ6hn-GBrZIuz޴Ln=M>oW{޼3"x;~
u\                            ?(4w(#"a>x.:DrObu

Anon7 - 2022
AnonSec Team