HOME

TheInfoList



Click Here for Items Related To - Active Directory Rights Management Services
OR:
Active Directory Rights Management Services on:   [Wikipedia]   [Google]   [Amazon]

Active Directory Rights Management Services (AD RMS, known as Rights Management Services or RMS before
Windows Server 2008 Windows Server 2008, codenamed "Longhorn Server" (alternatives: "Windows Vista Server" or "Windows Server Vista"), is the seventh major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server b ...
) is a server software for
information rights management Information rights management (IRM) is a subset of digital rights management (DRM), technologies that protect sensitive information from unauthorized access. It is sometimes referred to as E-DRM or Enterprise Digital Rights Management. This can ca ...
shipped with
Windows Server Windows Server (formerly Windows NT Server) is a brand name for Server (computing), server-oriented releases of the Windows NT operating system (OS) that have been developed by Microsoft since 1993. The first release under this brand name i ...
. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate
e-mail Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
s,
Microsoft Word Microsoft Word is a word processor program, word processing program developed by Microsoft. It was first released on October 25, 1983, under the name Multi-Tool Word for Xenix systems. Subsequent versions were later written for several other platf ...
documents, and
web page A web page (or webpage) is a World Wide Web, Web document that is accessed in a web browser. A website typically consists of many web pages hyperlink, linked together under a common domain name. The term "web page" is therefore a metaphor of pap ...
s, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied ''en masse''. RMS debuted in
Windows Server 2003 Windows Server 2003, codenamed "Whistler Server", is the sixth major version of the Windows NT operating system produced by Microsoft and the first server version to be released under the Windows Server brand name. It is part of the Windows NT ...
, with client API libraries made available for
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft, targeting the server and business markets. It is the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RT ...
and later. The Rights Management Client is included in
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
and later, is available for
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...
, Windows 2000 or Windows Server 2003. In addition, there is an implementation of AD RMS in Office for Mac to use rights protection in
OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
and some third-party products are available to use rights protection on Android,
Blackberry OS BlackBerry OS is a discontinued proprietary mobile operating system developed by Canadian company Research In Motion (now BlackBerry Limited) for its BlackBerry line of smartphone handheld devices. The operating system provides multitasking ...
,
iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...
and
Windows RT Windows RT is a mobile operating system developed by Microsoft and released alongside Windows 8 on October 26, 2012. It is a version of Windows 8 or Windows 8.1 built for the 32-bit ARM architecture (ARMv7), designed to take advantage of th ...
.


Attacks against policy enforcement capabilities

In April 2016, an alleged attack on RMS implementations (including Azure RMS) was published and reported to
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
. The published code allows an authorized user that has been granted the right to view an RMS protected document to remove the protection and preserve the file formatting. This sort of manipulation requires that the user has been granted rights to decrypt the content to be able to view it. While Rights Management Services makes certain security assertions regarding the inability for unauthorized users to access protected content, the differentiation between different usage rights for authorized users is considered part of its policy enforcement capabilities, which Microsoft claims to be implemented as "best effort", so it is not considered by Microsoft to be a security issue but a policy enforcement limitation. Previously the RMS SDK enforced signing of code using the RMS capabilities in order to provide some level of control on which applications interacted with RMS, but this capability was later removed due to its limited ability to restrict such behaviors given the possibility to write applications use the web services directly to obtain licenses to decrypt the content. In addition, using this same technique, a user that has been granted rights to view a protected document can manipulate the content of the document without leaving traces of the manipulation. Since Azure RMS is not a non-repudiation solution and, unlike document signing solutions, does not claim to provide anti-tampering capabilities, and since the changes can only be made by users that are granted rights to the document, Microsoft does not consider the later issue to be an actual attack against the claimed capabilities of RMS. The researchers provide a proof of concept tool, to allow evaluation of the results, via
GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
.


Software support

RMS is natively supported by the following products: *
Microsoft Office 2003 Microsoft Office 2003 (codenamed Office 11) is an office suite developed and distributed by Microsoft for its Windows operating system. Office 2003 was released to manufacturing on August 19, 2003, and was later released to retail on October 21, ...
and later:
Word A word is a basic element of language that carries semantics, meaning, can be used on its own, and is uninterruptible. Despite the fact that language speakers often have an intuitive grasp of what a word is, there is no consensus among linguist ...
, Excel, PowerPoint,
Outlook Outlook or The Outlook may refer to: Computing * Microsoft Outlook, also referred to as ''the classic Outlook'' an e-mail client and personal information management software product from Microsoft * Outlook for Windows, also referred to as ''the ...
, InfoPath *
Microsoft Office for Mac 2011 Microsoft Office for Mac 2011 is a version of the Microsoft Office productivity suite for macOS. It is the successor to Microsoft Office 2008 for Mac and is comparable to Office 2010 for Windows. Office 2011 was followed by Microsoft Office 201 ...
and later: Word, Excel, PowerPoint, Outlook *
SharePoint SharePoint is a collection of enterprise content management and knowledge management tools developed by Microsoft. Launched in 2001, it was initially bundled with Windows Server as Windows SharePoint Server, then renamed to Microsoft Office ...
2007 and later * Exchange Server 2007 and later *
XML Paper Specification Open XML Paper Specification (also referred to as OpenXPS) is an open specification for a page description language and a fixed-document format. Microsoft developed it as the XML Paper Specification (XPS). In June 2009, Ecma International adopte ...
(XPS) Third-party solutions, such as those from Secure Islands (acquired by
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
), GigaTrust and Liquid Machines (acquired by
Check Point Check Point Software Technologies Ltd. is an Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security ...
) can add RMS support to the following: *
SharePoint SharePoint is a collection of enterprise content management and knowledge management tools developed by Microsoft. Launched in 2001, it was initially bundled with Windows Server as Windows SharePoint Server, then renamed to Microsoft Office ...
2003 *
Microsoft Visio Microsoft Visio (, ), formerly Microsoft Office Visio, is a diagramming and vector graphics application and is part of the Microsoft 365 Business. The product was first introduced in 1992 by former American software company Visio Corporation, an ...
*
Microsoft Project Microsoft Project is a project management software product, developed and sold by Microsoft. It is designed to assist a project manager in developing a schedule, assigning resources to tasks, tracking progress, managing the budget, and analyz ...
*
Adobe Acrobat Adobe Acrobat is a family of application software and web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (former ...
*
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
* IIS 6.0


See also

*
Microsoft Servers Microsoft Servers (previously called Windows Server System) is a discontinued brand that encompasses Microsoft software products for Server (computing), server computers. This includes the Windows Server editions of the Microsoft Windows operati ...


References


External links


Windows Rights Management Services

RMS Client downloads

RMS SDK for RMS-enabling applicationsTroubleshooting Windows Rights Management Services (RMS) - One Root Certification Server Warning

Active Directory Rights Management - In Summary

Active Directory Rights Management Services SDK 2.0

Active Directory Rights Management Services - TechNet

Active Directory Rights Management Services - MSDNSecure Islands IQProtector - Information Protection and Control using Microsoft RMSWindows RMS Technical Overview
{{Windows Components Microsoft server technology Microsoft Windows security technology Windows components Digital rights management