Wednesday, December 7, 2016

Past due – Will be installed

Today I helped this new customer to deploy the Microsoft RMS Sharing App and Azure Information Protection Client to a couple of pilot computers. The deployment is deployed as Required, as soon as possible, and installation can be performed outside maintenance window.

Both applications get downloaded in the ccmcache, ContentTransferManager.log and DataTransferService.log showed download is completed. However, the Software Center showed the status as Past due – Will be installed.

So I did additional check on the computer client status, it is Approved, No Block, Not Obsolete, Active, Receiving Policy, and so on. I even restarted the targeted computer.

With luck, I found the answer in Technet forum, which is the setting in Computer Agent. “Additional software manages the deployment of applications and software updates”


The setting was set to Yes, which the default setting is No. According to Microsoft:


“If you select this option when neither of these conditions apply, software updates and required applications will not install on clients.”


I asked them changed the setting back to default No. And then ran Machine Policy Retrieval & Evaluation Cycle and Application Deployment Evaluation Cycle on the targeted computer. Both applications get installed automatically as expected. Enjoy!!

Credits to st.kristobal,

Tuesday, December 6, 2016

Azure Information Protection – Add a new policy (PREVIEW)


Now we can add new policy to target different different user group or specific user.


Click on Select which users/groups get this policy to assign the policy to targeted user or user group. User can be assigned to multiple policies. For this test, I assigned myself to 3 policies, Global (Default), IT Dept, and IT Dept 2.


After you Add a new label, the new label will park under the new policy. User belonging to multiple policies will get all labels applied to them in the policy.


I got additional 2 labels (For IT Dept and For IT Dept 2) apart from the 5 Default Labels from the Global Policy.


The Title and Tooltip in the red box is a Global Setting, which is only configurable in Global Policy.


The settings in the red box is configurable. The settings in the latest policy (The last, most bottom) will applied if the user belonging to multiple policies.


For my case, IT Dept 2 policy will applied, which the default label is For IT Dept 2.


If I move down IT Dept policy to the last, the default label should change to For IT Dept.



I think this is a good improvement, because it is now easier to assign Label with specific RMS template and settings to specific user/groups. Enjoy!!

Saturday, November 26, 2016

Azure RMS Connector and SharePoint 2013 IRM Configuration

This is my very first post after I switched to and this is also my very first time setup Azure RMS and SharePoint 2013 IRM integration. :)

I have an Azure RMS connector installed in my environment, hence I won’t cover the Azure RMS connector installation. I used the Azure RMS connector for File Server protection, and it is working fine.

First thing first, I launched Microsoft Rights Management connector administration tool and added the SharePoint server and the SharePoint service account to the list.


Note: I missed the SharePoint service account and I got the error below when I configure the IRM in SharePoint. Please remember to add the service account as well.

“The required Active Directory Rights Management Service Client (MSIPC.DLL) is present but could not be configured properly. IRM will not work until the client is configured properly.”


After added the SharePoint servers and service account, go to your SharePoint servers (Front-end SharePoint webservers, including those hosting the Central Administration server) and install the MSIPC client, it is available to download from

After the installation, browse to Program Files\Active Directory Rights Management Services Client 2.1 and check the msipc.dll, make sure it is 1.0.2004.0 or later.


Next, run the GenConnectorConfig.ps1, the powershell script is together when you download the RMS Connector from

Run PowerShell as Administrator and run the script, change the URL to your RMSConnector URL ".\GenConnectorConfig.ps1 -ConnectorUri –SetSharePoint2013"


The script actually helps you to configure some registry settings listed in You can crosscheck and double confirm after run the script.

Okay, the configuration of Azure RMS Connector for SharePoint 2013 is done. Next is to enable the SharePoint IRM and then configure the Library Setting IRM.

Go to your SharePoint 2013 Central Administration, Security, and then click on the Configure information rights management.


Click Use this RMS Server: and enter your RMS connector URL, and then click OK.


Now, you can start configuring your Library Settings IRM


Configure the IRM settings above as per your requirements and then click OK. Upload some document (without RMS protected) to see the effect. Then you can try upload some RMS protected document to see the differences. HAVE FUN!!!