Solution: You run the following Windows PowerShell comm…

An organization uses an Active Directory Rights Management Services (AD RMS) cluster names RMS1 to protect content for a project. You uninstall AD RMS when
the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following Windows PowerShell command:
Set-ItemProperty -Path <protected content>:\\ -Name IsDecommissioned -Value $true EnableDecommission
Does this meet the goal?

An organization uses an Active Directory Rights Management Services (AD RMS) cluster names RMS1 to protect content for a project. You uninstall AD RMS when
the project is complete.
You need to ensure that the protected content is still available after AD RMS is uninstalled.
Solution: You run the following Windows PowerShell command:
Set-ItemProperty -Path <protected content>:\\ -Name IsDecommissioned -Value $true EnableDecommission
Does this meet the goal?

A.
Yes

B.
No

Explanation:
ATT: This question is one of a series of similar questions where ONLY the Soltion Changes. To answer this question you simply need to know the steps
required to ensure right’s protected content is still available after you uninstall AD RMS (detailed information regarding this is below under the “Explanation” header.
To summarize: For the answer to this question to be “YES” you need to ENABLE DECOMMISSIONING on the Cluster Node/s. You may also want to grant the AD
RMS Users Read & Execute Permissions, which will allow them to decrypt their content and store it as regular content on another database.

When you decommission AD RMS, the behavior of the AD RMS cluster is changed such that it can now provide a key that decrypts the rights-protected content that
it had previously published. This key allows the content to be saved without AD RMS protection.
To decommissioning an AD RMS cluster:
1. Log on to the server on which you want to decommission AD RMS.
2. Modify the access control list (ACL) on the decommissioning.asmx file by granting the Everyone group Read & Execute permissions. The default location
for this file is %systemdrive%\\inetpub\\wwwroot\\_wmcs\\decommission.
3. Open the Active Directory Rights Management Services console and add the AD RMS cluster. Expand the AD RMS cluster, expand Security Policies , and
then select Decommissioning .

4. Select the Enable Decommissioning option in the Actions pane. Can also be done with the PowerShell Command: Set-ItemProperty -Path <drive>:\\ –
Name IsDecommissioned -Value $true -EnableDecommission
5. Inform your users that you are decommissioning the AD RMS installation and advise them to connect to the cluster to save their content without AD RMS
protection. Alternatively, you could delegate a trusted person to decrypt all rights-protected content by temporarily adding that person to the AD RMS super users
group.
6. After you believe that all of the content is unprotected and saved, you should export the server licensor certificate, and then uninstall AD RMS from the server.



Leave a Reply to hippo Cancel reply7

Your email address will not be published. Required fields are marked *

fourteen + 3 =


no

no

This should be, B: NO
To have AD RMS content available after uninstall, you must first tell your users to save their AD RMS content without protection, then DECOMMISSION the AD RMS Cluster, not simply uninstall.

Sjoerd Stefma

Sjoerd Stefma

Answer should be YES:

You should enable decommissioning on the cluster long enough for users to have the opportunity to save their content without AD RMS protection, and for your network and system administrators to disable any AD RMS-enabled clients that are using the service.

o decommission AD RMS
At the Windows PowerShell command prompt, type:
Set-ItemProperty -Path :\ -Name IsDecommissioned -Value $true -EnableDecommission
where is the name of the Windows PowerShell drive.

Source: https://technet.microsoft.com/nl-nl/library/ee221047(v=ws.10)

Harby

Harby

Missing the drive name for the power shell drive after the path
Answer is NO

Harby

Harby

disregard my last comment the answer should be “yes”