Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

Enabling transport decryption allows the Transport Rules agent on Hub Transport servers to access content in messages protected by Information Rights Management (IRM). As a result, other transport agents can access message content and possibly make changes to it. For example, the Transport Rules agent may need to inspect message content and apply transport rules (such as rules that apply a disclaimer to the message). To successfully decrypt IRM-protected messages, you must add the Federated Delivery mailbox to the super users group configured on your Active Directory Rights Management Services (AD RMS) server.

Important:
Members of the super users group are granted an owner use license when they request a license from the AD RMS cluster. This allows them to decrypt all RMS-protected content created by that AD RMS cluster.

When enabling transport decryption, you can specify the following settings:

To learn more about transport decryption, see Understanding Transport Decryption.

Looking for other management tasks related to IRM? Check out Managing Information Rights Management.

Prerequisites

Use the Shell to enable transport decryption

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Rights protection" entry in the Messaging Policy and Compliance Permissions topic.

Note:
You can't use the EMC to enable transport decryption.

This example enables transport decryption for the Microsoft Exchange Server 2010 organization. Messages that can't be decrypted are rejected, and an NDR is returned to the sender.

Copy Code
Set-IRMConfiguration -TransportDecryptionSetting Mandatory

For detailed syntax and parameter information, see Set-IRMConfiguration.

Use the Shell to disable transport decryption

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Rights protection" entry in the Messaging Policy and Compliance Permissions topic.

Note:
   You can't use the EMC to disable transport decryption.

This example disables transport decryption for the Exchange 2010 organization.

Copy Code
Set-IRMConfiguration -TransportDecryptionSetting Disabled

For detailed syntax and parameter information, see Set-IRMConfiguration.

Other Tasks