Active Directory Rights Management Services (AD RMS) role in Windows Server® 2008 operating system includes several new features not available in Microsoft® Windows® Rights Management Services (RMS). These new features are designed to simplify AD RMS management and extend its use outside of your organization.. These new features include:
- Add AD RMS role as server role in Windows Server 2008 operating system
- Management via Microsoft Management Console (MMC)
- Integration with Active Directory Federation Services (AD FS)
- Automatic registration of AD RMS servers
- Delegation of responsibility through new AD RMS administrative roles
What is the function of AD RMS?
As a form- and application-independent technology, AD RMS provides services to enable the creation of information protection solutions. Works with any AD RMS-enabled application to provide persistent usage policies for sensitive information. Content that can be protected using AD RMS includes intranet Web sites, e-mail messages, and documents. AD RMS includes a set of core functionality that allows developers to add information protection to the functionality of existing applications.
Containing both server and client components, the AD RMS system performs the following operations:
- Rights licensing protected content. The AD RMS system issues rights account certificates that identify trusted entities (such as users, groups, and services) that can publish rights-protected content. Once the trust is established, users can assign usage rights and conditions to the content they want to protect. These usage rights specify who can access rights-protected content and what they can do with it.. When content is protected, a publishing license is created for the content. This license links certain use rights to that content so that content can be distributed. For example, users can send rights-protected documents to other users inside or outside their organization without loss of rights protection.
- Enforce licensing and usage policies to decrypt rights-protected content. Users granted rights account certificates can access rights-protected content using an AD RMS-enabled client application that allows them to view and work with rights-protected content. When users try to access rights-protected content, a request is sent to the AD RMS service to access or “use” that content. When the user tries to use the protected content, the AD RMS licensing service in the AD RMS cluster issues a unique usage license that reads, interprets and enforces the usage rights and terms specified in the publishing licenses.. The rights and terms of use are permanent and are automatically enforced wherever the content goes.
- Creating rights-protected files and templates Users who are trusted entities in the AD RMS system, AD RMS-enabled with AD RMS technology features can create and manage protected files using familiar authoring tools in an application. In addition, AD RMS-enabled applications can use centrally defined and officially authorized usage rights templates to help users apply a predefined set of usage policies efficiently.