The Last Modified date and time value is automatically updated when you close an IRM-protected file without saving it in Word 2003, in Excel 2003, and in PowerPoint 2003

Consider the following behavior. You open a file that is protected by Information Rights Management (IRM). Then, you close the file without saving it. In this scenario, the Last Modified date and time value of the file is automatically updated. You experience this behavior if the account that you use to open and to close the file differs from the account that was used to grant the Rights Management Services (RMS) permissions on the file.

This behavior occurs if the RMS license information is stored in the IRM-protected file that you open. Microsoft Office updates the Last Modified date and time values so that you can track file changes. Therefore, this behavior is expected.

Note If you have the Full Control permission to the IRM-protected file, you do not experience this behavior. You experience this behavior only if you have the Read permission and the Change permission to the IRM-protected file.

To work around this behavior, use one of the following methods.

Note We recommend that you use Method 1.

Method 1: Enable the "Always require users to connect to verify permission" policy

1. Open the Microsoft Group Policy snap-in.
2. Expand User configuration, expand Administrative templates, expand Microsoft Office 2003, and then expand Manage Restricted Permissions.
3. Click the Always require users to connect to verify permission policy.

When you enable this policy, IRM functions in the same manner it does when the RMS label and licensing information is stored on the RMS server.

Method 2: Grant the "Read and Execute" permission to the account that you are using

To work around this issue, use Microsoft Windows NTFS Security to grant the "Read and Execute" permission.

To do this, follow these steps:

1. Right-click the file, and then click Properties.
2. Click the Security tab, click the user account, and then click to select the Allow check box next to Read and Execute.

Note When you grant the "Read and Execute" permission, users are forced to verify credentials on the RMS server every time that they open a document. This workaround works like "Method 1" works. However, when you use this workaround, the user cannot update the file on the share.

The operating system is not aware of the locking functionality that is implemented in Microsoft Office. Typically, the RMS label and license information is stored in the file. However, this information is stored on the RMS server if one of the following conditions is true:

• The account that you use to access the file is the same account that was used to grant the RMS permissions on the file.
• The Require a connection to verify a user's permission option is configured in RMS.
  
  Note When you configure the Require a connection to verify a user's permission option, other users who access the file are forced to connect to the Windows RMS server every time that they open the file. Therefore, all users are verified before they open the file. You may want to configure this option if the permissions to a shared file change over time.
• Windows NTFS Security disabled the Write permission that is required to access the file.