United States   Change   |   All Microsoft Sites

Home

Microsoft Home  |  Servers and Tools  

Microsoft Identity and Access Solutions

Safeguard Confidential Data No Matter Where It Goes

Microsoft Active Directory Rights Management Services (AD RMS) in Windows Server 2008 helps safeguard digital information from unauthorized use—both online and offline, inside and outside of the firewall. In conjunction with AD RMS–enabled applications, AD RMS augments an organization's security strategy by protecting information through persistent usage policies. These policies remain with the information—whether documents, spreadsheets, presentations, or e-mail messages—no matter where it goes or how it is stored.

Benefits:

  • Boost security by reducing the risk of information leaks through persistent protection of data.

  • Streamline adoption and deployment with out-of-the box integration with e-mail communication workflow, the Microsoft Office system, and Active Directory.

  • Gain seamless integration with third-party products by using a powerful SDK.

What's New in Windows Server 2008

Windows Server 2008, Active Directory Rights Management Services (AD RMS) includes a number of functionality and operational improvements over the previous version in Windows Server 2003:

  • Federated Collaboration: In Windows Server 2008, AD RMS is an Active Directory Federation Services (AD FS) enabled application. This allows enterprises to leverage their established federated relationships to enable collaboration with external entities. For example, an organization that has deployed AD RMS can set up federation with an external entity by using AD FS and can leverage this relationship to share rights-protected content across the two organizations without the need to manage external users within a local domain, leverage Windows Live ID, or require a deployment of AD RMS in both places.

  • Improved installation experience: AD RMS is included in Windows Server 2008 as a standard server role. This simplified wizard-based installation performs server validation checks before the installation, which automatically lists and installs all the services that AD RMS depends on during the server role installation. AD RMS also supports server self-enrollment, allowing an installation to proceed without having to connect with the Microsoft Enrolment Services as a trust root for content protection, which reduces any operational dependence on network availability.

  • Improved administrative experience: Unlike previous versions, AD RMS administration is done through an MMC snap-in that provides a common management experience as with other server roles. Administrative improvements include centralized template management and authoring, usage log analysis and reporting, and separation of administrative roles with respect to managing the RMS Server.

Business Needs:

  • Eliminate unauthorized viewing and distribution of sensitive corporate data.

  • Improve compliance with internal and external regulations by lowering the risk of data leaks.

  • Reduce the risk of intellectual property loss, which can result in a compromised ability to compete.

Information Protection Diagram

Author Steps:

  1. Author receives a client licensor certificate the first time he or she rights-protects information.

  2. Author defines a set of usage rights and rules for the file. The application creates a "publishing license" and encrypts the file.

  3. Author distributes the file.

Recipient Steps:

  1. Recipient clicks file to open. The application calls to the AD RMS Client, which contacts the RMS server, which validates the user and issues a "use license."

  2. Application renders file and enforces rights.