Jump to content

Active Directory Rights Management Services: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m Updating links from HTTP→HTTPS for Microsoft TechNet
Herbys (talk | contribs)
Deleted the Alternatives section as it didn
Line 2: Line 2:


RMS debuted in [[Windows Server 2003]], with client API libraries made available for [[Windows 2000]] and later. The Rights Management Client is included in [[Windows Vista]] and later, is available for [[Windows XP]], Windows 2000 or Windows Server 2003.<ref>[http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=02da5107-2919-414b-a5a3-3102c7447838 Microsoft Windows Rights Management Services Client with Service Pack 2 - x86]</ref> In addition, there is an implementation of AD RMS in Office for Mac to use rights protection in [[OS X]] and some third-party products are available to use rights protection on [[Android (operating system)|Android]], [[BlackBerry OS|Blackberry OS]], [[iOS]] and [[Windows RT]].<ref>http://www.rmsviewer.com/</ref><ref>{{cite web|url=http://www.gigatrust.com/ios-devices.shtml |title=Archived copy |accessdate=2013-10-14 |deadurl=yes |archiveurl=https://web.archive.org/web/20121031041723/http://www.gigatrust.com/ios-devices.shtml |archivedate=2012-10-31 |df= }}</ref>
RMS debuted in [[Windows Server 2003]], with client API libraries made available for [[Windows 2000]] and later. The Rights Management Client is included in [[Windows Vista]] and later, is available for [[Windows XP]], Windows 2000 or Windows Server 2003.<ref>[http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=02da5107-2919-414b-a5a3-3102c7447838 Microsoft Windows Rights Management Services Client with Service Pack 2 - x86]</ref> In addition, there is an implementation of AD RMS in Office for Mac to use rights protection in [[OS X]] and some third-party products are available to use rights protection on [[Android (operating system)|Android]], [[BlackBerry OS|Blackberry OS]], [[iOS]] and [[Windows RT]].<ref>http://www.rmsviewer.com/</ref><ref>{{cite web|url=http://www.gigatrust.com/ios-devices.shtml |title=Archived copy |accessdate=2013-10-14 |deadurl=yes |archiveurl=https://web.archive.org/web/20121031041723/http://www.gigatrust.com/ios-devices.shtml |archivedate=2012-10-31 |df= }}</ref>

==Alternatives==
While RMS protection prevents unauthorized users from viewing content, some publishers choose instead to deploy document metrics, which report unauthorized use. It can sometimes be more valuable to know when and where a stolen document is being used, who "leaked" it, and who's got it now, instead of simply attempting to prevent the theft in the first place. Knowing that a recipient misbehaved with a document can be valuable business knowledge, while not knowing that they tried to (and perhaps failed due to RMS) is in some cases less useful.


== Security Issues ==
== Security Issues ==

Revision as of 21:52, 6 October 2017

Active Directory Rights Management Services (AD RMS, known as Rights Management Services or RMS before Windows Server 2008) is a server software for information rights management shipped with Windows Server. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mails, Microsoft Word documents, and web pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.

RMS debuted in Windows Server 2003, with client API libraries made available for Windows 2000 and later. The Rights Management Client is included in Windows Vista and later, is available for Windows XP, Windows 2000 or Windows Server 2003.[1] In addition, there is an implementation of AD RMS in Office for Mac to use rights protection in OS X and some third-party products are available to use rights protection on Android, Blackberry OS, iOS and Windows RT.[2][3]

Security Issues

In April 2016, attacks on all RMS implementations (including Azure RMS) were found and disclosed to Microsoft.[4][5] These attacks allow a user with only the right to view on an RMS protected document to remove the protection permanently and preserve the file formatting. In addition, every user with the right to view on a protected document can manipulate the content of the document without leaving traces of the manipulation. Although preventing the removal of the RMS protection is not possible, it can be made harder for an attacker to succeed. The manipulation of a protected document on the other hand can be prevented, but has not yet (August 2016) been fixed. The researchers provide a proof of concept tool, to allow evaluation of the results, via GitHub.[6]

Software support

RMS is natively supported by the following products:

Third-party solutions, such as those from Secure Islands (acquired by Microsoft), GigaTrust and Liquid Machines (acquired by Check Point) can add RMS support to the following:

See also

References

  1. ^ Microsoft Windows Rights Management Services Client with Service Pack 2 - x86
  2. ^ http://www.rmsviewer.com/
  3. ^ "Archived copy". Archived from the original on 2012-10-31. Retrieved 2013-10-14. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)CS1 maint: archived copy as title (link)
  4. ^ Mainka, Christian; Grothe, Martin (2016-08-01). "How to Break Microsoft Rights Management Services". On Web-Security and -Insecurity. Network and Data Security Chair Ruhr-University Bochum. Retrieved 2016-08-04.
  5. ^ Mainka, Christian; Grothe, Martin (2016-08-04). "How to Break Microsoft Rights Management Services". WOOT '16 - 10 USENIX Workshop on Offensive Technologies. USENIX Security Symposium. Retrieved 2016-08-04.
  6. ^ Mainka, Christian; Grothe, Martin (2016-07-07). "MS-RMS-Attacks". MS-RMS-Attacks. GitHub. Retrieved 2016-08-04.
  7. ^ "Plan Information Rights Management in Office 2013". TechNet. Retrieved 2015-11-24.
  8. ^ http://www.secureislands.com/
  9. ^ http://www.secureislands.com/solutions/sharepoint-classification-and-protection.html
  10. ^ a b c "GigaTrust Announces Availability of Adobe® Rights-Management Protector for Microsoft® Office SharePoint Server 2007 (MOSS 2007)". Archived from the original on 2008-05-17. Retrieved 2009-02-18. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  11. ^ http://www.secureislands.com/
  12. ^ http://www.secureislands.com/products/iqprotector-file-protection.html
  13. ^ http://www.prnewswire.com/news-releases/gigatrust-launches-new-rms-desktop-pdf-client-for-adobe-with-comprehensive-reporting-auditing-and-compliance-capability-277422531.html
  14. ^ http://www.foxitsoftware.com/products/rms/