In order for IRM to work with AD RMS on word documents, do clients need to be added into the domain?
From my testing, this seems self defeating. If I use SP IRM and grant a user view access, if they are on the domain the RMS policy takes effect and applies the appropriate restrictions. Yet, because I have given rights via SP, the user can access the document from any machine since the document library only request the appropriate authentication. Afterward the user can open the document as normal.
I would like to know if its possible to make the document completely restricted if the user is not joined on the domain or am I not configuring something correctly.
Thanks Trevor for the quick response.
Sorry if this comes across as a stupid question but I can’t wrap my head around the fact that why would someone need to be on the domain, if they can still access the document based on SP permissions from any computer?
In fact this makes a huge flaw in RMS since the document is still accessible whether the user is on the domain or not. It simply doesn’t apply a policy, but you can’t guarantee that the user will access the document library from a computer that is joined to the domain. So I am not sure why this would be important.
Â
