Active Directory Rights Management Services

From Wikipedia, the free encyclopedia
  (Redirected from Rights Management Services)
Jump to: navigation, search

Active Directory Rights Management Services (AD RMS, known as Rights Management Services or RMS before Windows Server 2008) is a server software for information rights management shipped with Windows Server. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mails, Microsoft Word documents, and web pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.

RMS debuted in Windows Server 2003, with client API libraries made available for Windows 2000 and later. The Rights Management Client is included in Windows Vista and later, is available for Windows XP, Windows 2000 or Windows Server 2003.[1] In addition, there is an implementation of AD RMS in Office for Mac to use rights protection in OS X and some third-party products are available to use rights protection on Android, Blackberry OS, iOS and Windows RT.[2][3]


While RMS protection prevents unauthorized users from viewing content, some publishers choose instead to deploy document metrics, which report unauthorized use. It can sometimes be more valuable to know when and where a stolen document is being used, who "leaked" it, and who's got it now, instead of simply attempting prevent the theft in the first place. Knowing that a recipient misbehaved with a document can be valuable business knowledge, while not knowing that they tried to (and perhaps failed due to RMS) is in some cases less useful.

Some organizations that would like to extend RMS to documents downloaded from their Enterprise Resource Planning system such as SAP may choose to employ a third party solution to bridge the protection capabilities. By protecting at the point of download, Halocore ensures that the document is always protected with the appropriate policy whether it's sitting on a user’s computer, or shared via email, or stored in a cloud service. Only authorized users, as defined by the RMS policy, can perform the allowed actions, such as print, save, copy, and view to a protected file. In addition, Halocore logs all the download activity within SAP, to provide organizations with a comprehensive auditing tool. Such a log file can also be extracted and analyzed with more powerful tools, such as Business Objects.[4]

Software support[edit]

RMS is natively supported by the following products:

Third-party solutions, such as those from Secure Islands, GigaTrust and Liquid Machines (acquired by Check Point) can add RMS support to the following:

See also[edit]


External links[edit]