In the market there are several technologies for the protection of the documents more or less efficient, more or less complex and more or less expensive. What to take for the company depends primarily on the specific needs and also by the technical resources / finance available. In Windows Server 2008, RMS is already included and has been renamed to Active Directory Rights Management Services to reflect a higher level of integration with Active Directory.
The Active Directory Rights Management Services (AD Rights Management Services, RMS) to create an infrastructure for rights to award documents. These are file system independent, so keep in front, even when the user about the document on a per (ex-) shifts FAT formatted USB stick. They are also fine granulated than is possible solely by access permissions on files and folders in Active Directory would be: only by access rights, for example, could not prevent a person entitled to a document passed on to the unauthorized.
With the RMS can set usage policies, such as opening, modifying, printing, forwarding or other actions by the creator of the document or an authorized person and centrally organized as templates. Also, their use is not limited to files and information, but can also be applied to other content, such as web pages or emails.
Deploying ADRM is a highly sensitive procedure. If you have completed correctly, customers can find themselves in an irreversible condition and unusable in the future. The risk of hundreds of thousands of content items is protected over time in a deployment not completed in accordance with best practices can put all this content at risk. ADRM novice users the choice to follow the online documentation is also at risk because of their knowledge of the Guide which is a validated single-server installation in a specific test environment, not recommended for deployment in production. Pro Advisory will follow this scenario a Support CSS setup of Active Directory under revision. This review aims to understand the needs and deployment of the size of the new RMS. The support engineer will then work with the RMS client should configure and make sure that all features and scenarios you are working now.
Why it is Needed
- ACL-based systems such as EFS and encryption, for example, are not effective if the file is moved from the NTFS partition (copied to a floppy, CD, USB pen).
- Password-protected documents can be easily cracked.
- If you check READ ONLY rights to a document, copying and pasting content into another document cannot be blocked.
- If the device that contains the documents is lost or stolen, the content can be accessible to everyone.
- RMS makes the exchange of documentation to internal company more secure.
- RMS is FIPS compliant.
- It’s a service that requires no additional cost for the license.
To achieve this, use the RMS of a client-server model: the user gets the data is encrypted, the server provides the key with the corresponding permissions are enabled. For this to work, operating system functions alone are not enough, the applications used to create the data that are processed or read must also support RMS. The purpose of this SDK is provided for Vista / Server 2008 component of the Windows SDK , and the required client functionality are available from Vista / Server 2008.
Adequate support for older operating systems only helped to his feet to be a must: The RMS SDK for Windows 2003/XP to be found here , the client here .
If you want to use RMS with Microsoft Office is important to note that only the VL Professional Plus and Enterprise editions are RMS-enabled, as the consumer version of Office Ultimate accordingly it must be. A company-wide deployment of RMS is thus perhaps even again expensive if the operating system requirements - Vista / Windows 7 and Windows Server 2008 (R2) - are fully met.
RMS is a server role and is activated according to the server console. It has a number of dependencies, such as IIS and Message Queuing. They also support the AD Federation Services , the Role of parallel installation wizard with the invention. The latter is mandatory if you want to set up a distributed on multiple servers RMS cluster. For database you can use the Windows internal or connect to a SQL server.
Services in AD RMS
- With NTFS permissions, documents can be protected from unauthorized access.
- With the Encrypting File System (EFS) can be stored documents are encrypted.
- MIME mails (plus attachments) in transit is encrypted with S, the same is true for TLS (Transport Layer Security).
- Rights management services were originally to be purchased separately via download Feature Pack, the Windows Rights Management Services said. In Windows Server 2008, this product is included and integrated into the Active Directory has been family.
Maybe you have the Office 2007 applications already restrict rights in the menu item or in the Office 2003 - the application icon in the toolbar discovered authorization and wondered what purpose it serves. The 2003/2007-Office Word, Excel, PowerPoint and Outlook are originally prepared for the Rights Management Services, and this icon leads to a dialog for setting document permissions