Rights Management Services

Rights Management Services

Windows Rights Management Services (also called Rights Management Services or RMS) is a Microsoft Windows technology that is a form of digital restrictions management used for protecting documents such as corporate e-mail, Word documents, and web pages. Companies can use this technology to encrypt information stored in such document formats, and through server-based policies, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.

The RM server debuted in Windows Server 2003, with client API libraries made available for Windows XP and Windows 2000 as well. Windows Vista and Windows Server 2008 also supports Rights Management Services. In Windows Server 2008, Windows Rights Management Services has been renamed to Active Directory Rights Management Services, reflecting a higher level of integration with Active Directory.


Windows Rights Management Services is used for restricting access to rights-protected content to authorized users only. It uses a client-server architecture, using Windows Server 2003 and/or Windows Server 2008 to host the Active Directory Rights Management Server that issues RMS licenses. The RMS client is required for both creating rights-protected content as well as accessing it. Applications that either create or provide access to protected content must be RMS-aware and have to implement the RMS client APIs explicitly. However, add-ons can be used to make an application RMS-enabled even if it does not natively implement RMS functionality.

RMS-protected documents can be created by RMS-enabled applications. RMS-protected content is encrypted and contains an embedded "Usage Policy", which defines the restrictions each user or group has when using the content. The RMS system works by only assigning rights to "trusted entities", which are either single users or groups of users. Rights are assigned on a per-entity basis. RMS defines and recognizes several rights by default - such as permission to read, copy, print, save, forward, and edit - and can be extended to recognize additional rights (which each application would have to explicitly implement). In Windows Server 2008 RMS rights can also be assigned to users who have federated trust via Windows Active Directory Federation Services. Thus, a users rights are treated by the system as if they were merely privileges.

When restricting rights to a document, a trusted entity encrypts a random AES key with an RSA public key that can be validated with the certificate in the XrML identity license that is issued to an RMS server (note: this XrML license is not an X.509v3 digital certificate). The AES key is used to encrypt the document. When accessing a protected document (using an RMS-enabled application) the RMS client runtime authenticates the recipient to the RM server, using the recipient's XrML identity license. The RM server then issues a use license that can be used by the RMS client runtime to decrypt the document. The RMS client uses this use license to provide access to the application, which enforces the document restrictions for that user.

One significant feature of the RMS system is that any document can optionally include an HTML rendering of the document so that the document can be viewed even when the intended application is not available. This is enabled using a compound document format. Both versions of the document are subject to the same usage policies, and an RMS-enabled HTML viewer is required to view this alternative form of the document content. For example, Microsoft Office 2003 Professional or greater is able to optionally include an HTML version of the document content. The [http://www.microsoft.com/windows/ie/ie6/downloads/addon/rm.mspx Rights Management Add-on for Internet Explorer] allows users who do not have Microsoft Office 2003 or later installed to view these RM-protected files.

RMS-enabled Microsoft applications

Windows RMS is supported (implemented) by the following Microsoft products:
* Microsoft Office System 2003 - Word, Excel, PowerPoint, Outlook
* Microsoft Office 2007 - Word, Excel, PowerPoint, Outlook, InfoPath
* Microsoft Office SharePoint Server 2007
* Exchange Server 2007
* XPS (XML Paper Specification) v1.0
* Internet Explorer (through use of the RM Add-on for IE)

See also

* Windows Server System
* Digital Restrictions Management


* [http://www.microsoft.com/windowsserver2003/techinfo/overview/rmenterprisewp.mspx Windows RMS Technical Overview]

External links

* [http://www.microsoft.com/rms Windows Rights Management Services]
* [http://support.microsoft.com/?kbid=917275 RMS Client downloads]
* [http://www.microsoft.com/downloads/details.aspx?familyid=48529F43-3BD8-46B4-9091-A0161E022856&displaylang=en RMS SDK for RMS-enabling applications]

Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Rights Management System — Les Rights Management Services sont une technique développée par Microsoft. Ils sont semblables aux DRM, et visent donc à gérer, pour un fichier donné, les droits accordés à l utilisateur par son créateur. Sommaire 1 Définitions 2 Introduction 3… …   Wikipédia en Français

  • digital rights management — ➔ management * * * digital rights management UK US noun [U] (ABBREVIATION DRM) ► INTERNET, E COMMERCE, LAW the way that a company controls how users pay for music, films, books, etc. that are available on the internet or on electronic equipment… …   Financial and business terms

  • Digital rights management — (DRM) is a term for access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals to limit the use of digital content and devices. The term is used to describe any technology that inhibits uses …   Wikipedia

  • Digital Rights Management — Gestion des droits numériques Pour les articles homonymes, voir DRM. La gestion des droits numériques ou GDN[1] (en anglais Digital Rights Management DRM) a pour objectif de contrôler l utilisation qui est faite des œuvres numériques, par des… …   Wikipédia en Français

  • Digital rights management — Gestion des droits numériques Pour les articles homonymes, voir DRM. La gestion des droits numériques ou GDN[1] (en anglais Digital Rights Management DRM) a pour objectif de contrôler l utilisation qui est faite des œuvres numériques, par des… …   Wikipédia en Français

  • Services for UNIX — Сервисы Microsoft Windows для англ. Microsoft Windows Services for UNIX, SFU)  программный пакет, разработанный компанией Windows NT (в том числе и более поздних). Данная подсистема называется Interix. Содержание 1 Состав 2 Версии …   Википедия

  • Services.exe — Service Control Manager (SCM) (WindowsSystem32Services.exe)  в Microsoft Windows, сервер, реализующий технологию удалённого вызова процедур (remote procedure call  RPC). Обеспечивает создание, удаление, запуск и остановку сервисов ОС. Стартует… …   Википедия

  • Internet Information Services — Screenshot of IIS Manager console of Internet Information Services 7 Developer(s) Microsoft Stable release …   Wikipedia

  • Remote Desktop Services — Developer(s) Microsoft Stable release 7.0 (6.1.7600) / October 27, 2009 …   Wikipedia

  • Microsoft Management Console — A component of Microsoft Windows …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”