Take Ownership

Take ownership of folder + delete - Run all three commands

takeown /F D:\My Documents\OneNote Notebooks* /R /A

cacls D:\My Documents\OneNote Notebooks*.* /T /grant administrators:F

rmdir /S /Q D:\My Documents\OneNote Notebooks

Windows Credential Manager Shell Shortcut

In a locked down environment, the Windows Credential Manager might be unavailable. You can still access is by pasting this into the run command dialogue boxL

%windir%\explorer.exe shell:::{1206F5F1-0569-412C-8FEC-3204630DFB70}

Integrating Information Rights Management in Office 365 with SharePoint



To have the ability to enable IRM you need to have the "Design" permission. (This is included in Global Admin)


There is only one global settings required to enable IRM in SharePoint. From the SharePoint Admin panel we need to enable IRM.


O365 Admin > Admin > SharePoint > Settings



Information Rights Services



Once this has been enabled, in site settings from within a SharePoint site (from the library tab in a SharePoint site you can create an IRM policy for the site.

Information Rights Services Settings



This policy prevents un-supported documents from being uploaded. When tested see the error below.



This library does not accept files of the given type

Configuring Office 365 Admin Center Administration Roles

Admin Center Admin Roles


Global Administrator - All tasks in O365 admin center.

Manage Domains

Manage Organization information

Delegate administrator roles

Use Directory Syncronization



User Management - Manage users and groups, manage service requests, reset passwords and monitor health.

Cannot create other admins

Cannot delete global administrators

Cannot reset passwords for Billing, Global or Service Admins.


Password - Manage passwords, service requests and monitor health. (Not manage passwords of other admin roles)


Service - Manage service requests and monitor health. Must assign admin permissions to online service before this role.


Billing - Make purchases, manage subscriptions and support tickets and monitor health. (Only if bought from Microsoft).


PowerShell to Admin Center

Titles for administration groups vary in Office 365 to sharepoint. Below is a list of the equivelant role for each administraton role in each.PowerShell= left, SharePoint=right.

Company Administrator = Global Administrator


User Management Administrator = User Management


Helpdesk Administrator = Password Administrator


Service Support Administrator = Services Administrator


Billing Administrator = Billing Administrator


Managing in PowerShell





List the role groups:





Add a member to a role group:


Add-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "[email protected]"


To list who is in a role group:


$Roleinfo = get-msolrole -rolename "user account administrator"


Get-msolrolemember -roleobjectid $roleinfo.objectid



Remove a member to a role group:


Remove-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "[email protected]"




Integrating with Exchange

This enables IRM in Office 365 - It will allow the control of content in exchange via use of the menus as shown:


Set Permissions - Do Not Forward

It also allows us to create rights protection mail rules in Exchange online:

Apply Right Protecting to Messages






In order to enable IRM in Exchange online we need to do the following.


Open PowerShell as Admin and run the following commands in order.


Set-ExecutionPolicy RemoteSigned

$usercred = Get-Credential

$sessioninfo = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/PowerShell -Credential $usercred -Authentication Basic -AllowRedirection

Import-PSSession $sessioninfo

Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp.rms.eu.aadrm.com/tenantmanagement/servicepartner.svc"

Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"

Set-IRMConfiguration -InternalLicensingEnabled $true

Test-IRMConfiguration -RMSOnline

Test-IRMConfiguration -Sender $usercred.username

Remove-PSSession $sessioninfo