Using PowerShell to Manage SharePoint Information Rights Management Settings

Information Rights Management (IRM) allows users to restrict how documents are handled.  With SharePoint, IRM settings are applied at the List/Library level.  When a document is added to an IRM-enabled Library, the IRM is stripped from the document.  When that document is downloaded from the Library, the document has the IRM settings from the Library applied to it.  This allows SharePoint to crawl the content.

Configuring IRM can be accomplished via PowerShell. This allows you to turn it on using the default server specified in Active Directory (which is set via the AD RMS Service Connection Point) or specify an existing server.

To enable IRM using the AD RMS SCP:

Or to enable IRM using a specified AD RMS server:

And finally, to disable IRM:

You can use PowerShell to manage IRM settings for each Library, and it is straightforward.  Properties that use the InformationRightsManagementSettings are available in SharePoint 2013 only.

First, bind to the Web and the List:

When making a change to a list property, make sure to call the Update() method, for example:

Here are the various settings you can apply.  I’ll be translating from the SharePoint UI to the PowerShell property.

IRMLibrary

[divider]

Restrict permissions on this library on download

Create a permission policy title

Add a permission policy description:

Do not allow users to upload documents that do not support IRM

Stop restricting access to the library at

Prevent opening documents in the browser for this Document Library

Allow viewers to print 

Allow viewers to run script and screen reader to function on downloaded documents

Allow viewers to write on a copy of the downloaded document

After download, document access rights will expire after these number of days (1-365)

Users must verify their credentials using this interval (days)

Allow group protection. Default group:

As noted, those properties in InformationRightsManagementSettings are not available in SharePoint 2010.  However, you can manipulate the properties directly.  Again, get the list object into a variable.

IRMLibrary2

 

Permission policy title:

Permission policy description:

Allow users to print documents

Allow users to access content programmatically

Users must verify their credentials every:

Stop restricting permission to documents in this library on:

2 Comments

  1. Thanks for this post. Very hard to get the names of the irm properties.

    Do you happen to know how to get the value of the irm properties with the client object model from sharepoint 2010?

    Thanks in advance,

    Dan

  2. Pingback: OneDrive for Business–Workshop Exercises v1 - SharePoint Stress Relief - Site Home - TechNet Blogs

Leave a Reply