You have an Active Directory Rights Management Services (AD RMS) cluster.
You need to prevent users from encrypting new content. The solution must ensure that the users can continue to decrypt content that was encrypted already.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Active Directory Rights Management Services console, enable decommissioning.
B. From the Active Directory Rights Management Services console, create a user exclusion policy.
C. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.
D. Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\decommission.
E. From the Active Directory Rights Management Services console, modify the rights policy templates.
Decommissioning refers to the entire process of removing the AD RMS cluster and its associated databases from an organization. This process allows you to save
rights-protected files as ordinary files before you remove AD RMS from your infrastructure so that you do not lose access to these files.
Decommissioning an AD RMS cluster is achieved by doing the following:
Enable the decommissioning service. (A)
Modify permissions on the decommissioning pipeline.
Configure the AD RMS-enabled application to use the decommissioning pipeline.
To modify the permissions on the decommissioning pipeline
1. Log on to ADRMS-SRV as cpandl\administrator.
2. Click Start, type %systemdrive%\inetpub\wwwroot\_wmcs in the Start Search box, and then press ENTER.
3. Right-click the decommission folder, and then click Properties.
4. Click the Security tab, click Edit, and then click Add. (D)
References: Step 1: Decommission AD RMS Root Cluster