Active Directory Rights Management Services
Applies To: Windows Server 2008
Active Directory Rights Management Services (AD RMS) for the Windows Server 2008 operating system is information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use, both online and offline, and inside and outside of the firewall. AD RMS is designed for organizations that need to protect sensitive and proprietary information such as financial reports, product specifications, customer data, and confidential e-mail messages. AD RMS augments an organization's security strategy by providing protection of information through persistent usage policies (also known as usage rights and conditions), which remain with the information no matter where it is moved. AD RMS persistently protects any binary format of data, so the usage rights remain with the information rather than the rights merely residing on an organization's network. This also enables usage rights to be enforced after the information is accessed by an authorized recipient, both online and offline, and inside and outside of the organization. AD RMS helps protect information through persistent usage policies by establishing the following essential elements:
Trusted entities. Organizations can specify the entities, including individuals, groups of users, computers, and applications that are trusted participants in an AD RMS system. By establishing trusted entities, AD RMS can help protect information by enabling access only to properly trusted participants.
Usage rights and conditions. Organizations and individuals can assign usage rights and conditions that define how a specific trusted entity can use rights-protected content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire. Organizations can exclude applications and entities from accessing the rights-protected content.
Encryption. Encryption is the process by which data is locked by using electronic keys. AD RMS encrypts information, making access conditional on the successful validation of the trusted entities. Once information is locked, only trusted entities that were granted usage rights under the specified conditions (if any) can unlock or decrypt the information in an AD RMS-enabled application or browser. The defined usage rights and conditions will then be enforced by the application.
This on-line Help system provides information to assist you in accomplishing these administrative tasks by using the Active Directory Rights Management Services console. Review the following topics to learn more about working with your AD RMS cluster.
For more information about planning, deploying, and troubleshooting AD RMS, see the Active Directory Rights Management Services TechCenter. (http://go.microsoft.com/fwlink/?LinkId=80907).