Shulou(Shulou.com)06/03 Report--

Today, a friend suddenly asked this question on Wechat:

When Exchange+RMS is deployed locally, how can RMS permissions be applied normally through owa in the same email during testing, while using Outlook permissions will all be lost?

In response to this problem, I recall that I encountered such a situation a long time ago, when I searched for a long time and found that the root cause of the problem was that the Outlook client was using a client downloaded from Office365. Come on, let's see what's going on.

First of all, take a look at the symptoms. The same email is read-only, the view on owa shows read-only, and the reply and forward buttons are grayed out. But to view this email on outlook, although it shows that the permission is read-only, it can be forwarded, which means that the permission of RMS has been lost.

Check the permissions again and find that you can do anything but read-only.

So let's take a look at why the permissions are lost, open the registry of the local computer directly and navigate to: Computer\ HKEY_CURRENT_USER\ Software\ Classes\ Local Settings\ Software\ Microsoft\ MSIPC

You can clearly see where the Outlook client gets the RMS template

The first address is discover.aadrm.com, which is the address of Azure RMS! In other words, it is written in the Office365 client that the RMS template is obtained from Azure RMS.

However, the default address written in MSIPC is the locally deployed RMS server address, which is why a read-only permission is still displayed on the Outlook client.

We can also accurately locate this through the log.

Open the log path to C:\ Users\ Wang Yuan\ AppData\ Local\ Microsoft\ MSIPC\ Logs

Then I was surprised to see that the template was obtained from Azure RMS, which eventually led to the loss of RMS permissions for the message on Outlook.

To sum up: at present, as long as you use the client of Office365 download, as long as you do not use the international version of Azure RMS service, even if Exchange and RMS are all purely locally deployed Outlook clients will only read Azure RMS templates, so naturally the local RMS permissions will be lost. Even delete the registry, or do a CNAME parse to the local RMS server will fail, Office365 client pit ah! Switching to locally deployed Office2013 or 2016RMS permissions will not be lost!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.