Active Directory Rights Management Services

Active Directory Rights Management Services (AD RMS, known as Rights Management Services or RMS before Windows Server 2008) is a server software for information rights management shipped with Windows Server. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mails, Microsoft Word documents, and web pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.

RMS debuted in Windows Server 2003, with client API libraries made available for Windows 2000 and later. The Rights Management Client is included in Windows Vista and later, is available for Windows XP, Windows 2000 or Windows Server 2003.[1] In addition, there is an implementation of AD RMS in Office for Mac to use rights protection in OS X and some third-party products are available to use rights protection on Android, Blackberry OS, iOS and Windows RT.[2][3]

Attacks against policy enforcement capabilities

In April 2016, an alleged attack on RMS implementations (including Azure RMS) was published and reported to Microsoft.[4][5] The published code allows an authorized user that has been granted the right to view an RMS protected document to remove the protection and preserve the file formatting. This sort of manipulation requires that the user has been granted rights to decrypt the content to be able to view it. While Rights Management Services makes certain security assertions regarding the inability for unauthorized users to access protected content, the differentiation between different usage rights for authorized users is considered part of its policy enforcement capabilities, which Microsoft claims to be implemented as "best effort", so it is not considered by Microsoft to be a security issue but a policy enforcement limitation. Previously the RMS SDK enforced signing of code using the RMS capabilities in order to provide some level of control on which applications interacted with RMS, but this capability was later removed due to its limited ability to restrict such behaviors given the possibility to write applications use the web services directly to obtain licenses to decrypt the content.[6]

In addition, using this same technique, a user that has been granted rights to view a protected document can manipulate the content of the document without leaving traces of the manipulation. Since Azure RMS is not a non-repudiation solution and, unlike document signing solutions, does not claim to provide anti-tampering capabilities, and since the changes can only be made by users that are granted rights to the document, Microsoft does not consider the later issue to be an actual attack against the claimed capabilities of RMS.[7] The researchers provide a proof of concept tool, to allow evaluation of the results, via GitHub.[8]

Software support

RMS is natively supported by the following products:

Third-party solutions, such as those from Secure Islands (acquired by Microsoft), GigaTrust and Liquid Machines (acquired by Check Point) can add RMS support to the following:

See also

References

  1. ^ Microsoft Windows Rights Management Services Client with Service Pack 2 - x86
  2. ^ "RMS Viewer | Mobile Rights Management for iPhone, iPad, Android and Blackberry". Archived from the original on 2013-10-16. Retrieved 2013-10-14.
  3. ^ "GigaTrust for iOS Devices – Expanding the Security for Smart Mobile Devices". Archived from the original on 2012-10-31. Retrieved 2013-10-14.
  4. ^ Mainka, Christian; Grothe, Martin (2016-08-01). "How to Break Microsoft Rights Management Services". On Web-Security and -Insecurity. Network and Data Security Chair Ruhr-University Bochum. Retrieved 2016-08-04.
  5. ^ Mainka, Christian; Grothe, Martin (2016-08-04). "How to Break Microsoft Rights Management Services". WOOT '16 - 10 USENIX Workshop on Offensive Technologies. USENIX Security Symposium. Retrieved 2016-08-04.
  6. ^ "Creating a Rights Management Manifest". Microsoft Development Network. Microsoft. Retrieved 2017-10-06.
  7. ^ "AD RMS FAQ". MicrosoftDocs. Microsoft. 29 July 2013. Retrieved 2017-10-06.
  8. ^ Mainka, Christian; Grothe, Martin (2016-07-07). "MS-RMS-Attacks". MS-RMS-Attacks. GitHub. Retrieved 2016-08-04.
  9. ^ "Plan Information Rights Management in Office 2013". TechNet. Retrieved 2015-11-24.
  10. ^ a b "Secure Islands - Home". Archived from the original on 2013-02-02. Retrieved 2010-07-13.
  11. ^ "Secure Islands - SharePoint Classification and Protection". Archived from the original on 2013-02-16. Retrieved 2013-01-31.
  12. ^ a b c "GigaTrust Announces Availability of Adobe® Rights-Management Protector for Microsoft® Office SharePoint Server 2007 (MOSS 2007)". Archived from the original on 2008-05-17. Retrieved 2009-02-18.
  13. ^ "Secure Islands - IQProtector for Files". Archived from the original on 2013-02-16. Retrieved 2013-01-31.
  14. ^ "GigaTrust Launches New RMS Desktop PDF Client for Adobe with Comprehensive Reporting, Auditing and Compliance Capability" (Press release).
  15. ^ "PDF Editor Download - Edit Files Online for Free".

Read other articles:

Provinsi Kushiro

Lokasi Provinsi Kushiro pada tahun 1869. Provinsi Kushiro (釧路国code: ja is deprecated , kushiro no kuni) adalah provinsi lama Jepang yang terletak di Hokkaido. Wilayahnya saat ini sekarang menjadi subprefektur Kushiro dan sebagian dari subprefektur Abashiri. Sejarah 15 Agustus 1869: Provinsi Kushiro dibentuk dari 7 distrik Menurut sensus tahun 1872, penduduk Kushiro berjumlah 1.734 orang 1882: Provinsi Kushiro diserap ke dalam prefektur Hokkaido Distrik Shiranuka (白糠郡) Ashoro (足�...

 

2016 Hart District Council election

2016 Hart District Council Election ← 2015 5 May 2016 2018 → 11 seats to Hart District Council17 seats needed for a majority   First party Second party Third party   Party Conservative Liberal Democrats CCH Seats before 16 8 8 Seats won 5 3 3 Seats after 16 8 8 Results map Council control before election No overall control Council control after election No overall control The 2016 Hart District Council election took place on 5 May 2016 to elect ...

 

Yume ga Saku Haru/You and Music and Dream

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Yume ga Saku Haru/You and Music and Dream – news · newspapers · books · scholar · JSTOR (April 2019) (Learn how and when to remove this template message) 2008 single by Mai KurakiYume ga Saku Haru/You and Music and DreamSingle by Mai Kurakifrom the album Touch ...

Bandar Udara Internasional Washington Dulles

Bandar Udara Internasional Washington DullesIATA: IADICAO: KIADFAA LID: IADInformasiJenisPublikPemilikMetropolitan Washington Airports AuthorityPengelolaMetropolitan Washington Airports AuthorityMelayaniWashington Metropolitan AreaLokasiDulles, VirginiaMaskapai penghubungUnited AirlinesKetinggian dpl95 mdplSitus webmwaa.com/dullesPetaIADLokasi di VirginiaLandasan pacu Arah Panjang Permukaan kaki m 1L/19R 9,400 2,865 Konsentrat 1C/19C 11,500 3,505 Konsentrat 1R/19L 11,500 3,505 Konse...

 

Альбертский университет

Альбертский университет(U of A)University of Alberta Девиз Quaecumque vera Год основания 1908 Президент Dr. Indira V. Samarasekera Студенты 43 490 Преподаватели 4 004 Расположение Эдмонтон, Альберта, Канада Кампус Augustana, Calgary Centre, Campus Saint-Jean, Enterprise Square, South Campus Юридический адрес 6th Floor, General Services Building, University of Alberta, E...

 

School corporal punishment in the United States

United States corporal punishment in schools Legality of corporal punishment in public schools in the United States as of December 2023[update]   Corporal punishment in public and private schools illegal  Corporal punishment in public schools illegal  Corporal punishment in public schools legal under state law, but banned in all school districts  Corporal punishment in public schools legal but unused  Corporal punishment in public...

Dmanisi hominins

Hominid species or subspecies discovered in Dmanisi, Georgia Replica of Dmanisi Skull 3, the skull of an adolescent individual, discovered in 2001 The Dmanisi hominins,[1][2][3] Dmanisi people,[4] or Dmanisi man[5] were a population of Early Pleistocene hominins whose fossils have been recovered at Dmanisi, Georgia. The fossils and stone tools recovered at Dmanisi range in age from 1.85 to 1.77 million years old,[6][7][8] making ...

 

Pengepungan Tiana (272)

Pengepungan Tyana terjadi pada tahun 272 Masehi. Peristiwa tersebut terjadi saat pasukan Kaisar Romawi Aurelianus berniat untuk menaklukkan Kekaisaran Tadmur.[1] [2] [3] [4] [5] Latar belakang Tadmur pada masa kejayaannya pada 271 Pada 269, saat Claudius Gothicus (penerus Gallienus) mempertahankan perbatasan Italia dan Balkan melawan invasi-invasi Jermanik, ratu Tadmur Zenobia memadatkan otoritasnya. Para pejabat Romawi di Timur terpecah antara kes...

 

Episodi di Tropical-Rouge! Pretty Cure

Voce principale: Tropical-Rouge! Pretty Cure. Logo occidentale della serie Lista degli episodi di Tropical-Rouge! Pretty Cure, diciottesima serie anime di Pretty Cure, trasmessa in Giappone su TV Asahi dal 28 febbraio 2021[1] al 30 gennaio 2022. In Italia è inedita. La sigla originale di apertura, Viva! Spark! Tropical-Rouge! Precure (Viva!Spark!トロピカル~ジュ!プリキュア?), è cantata da Machico per gli ep. 1-18 e in aggiunta del coro del Tropi...

Darsa

DarsaImmagine satellitare dell'isolaGeografia fisicaLocalizzazioneOceano Indiano Coordinate12°06′N 53°16′E / 12.1°N 53.266667°E12.1; 53.266667Coordinate: 12°06′N 53°16′E / 12.1°N 53.266667°E12.1; 53.266667 ArcipelagoSocotra Superficie10 km² Dimensioni7,2 × 1,8 km Altitudine massima392 m s.l.m. Geografia politicaStato Yemen Cartografia Darsa voci di isole dello Yemen presenti su Wikipedia Darsa (in arabo درسة, Darsa o Da...

 

ヨハネス12世 (ローマ教皇)

ヨハネス12世 第130代 ローマ教皇 教皇就任 955年12月16日教皇離任 964年5月14日先代 アガペトゥス2世次代 レオ8世個人情報出生 937年スポレート公国(中部イタリア)スポレート死去 964年5月14日 教皇領、ローマ原国籍 スポレート公国親 父アルベリーコ2世(スポレート公)、母アルダその他のヨハネステンプレートを表示 ヨハネス12世(Ioannes XII、937年 - 964年5月14日)は、ロ...

 

哈萨克斯坦总统

此条目序言章节没有充分总结全文内容要点。 (2019年3月21日)请考虑扩充序言,清晰概述条目所有重點。请在条目的讨论页讨论此问题。 哈萨克斯坦總統哈薩克總統旗現任Қасым-Жомарт Кемелұлы Тоқаев卡瑟姆若马尔特·托卡耶夫自2019年3月20日在任任期7年首任努尔苏丹·纳扎尔巴耶夫设立1990年4月24日(哈薩克蘇維埃社會主義共和國總統) 哈萨克斯坦 哈萨克斯坦政府...

جهاز عرض بمستوى الرأس

  لمعانٍ أخرى، طالع هود (توضيح). هذه المقالة تحتاج للمزيد من الوصلات للمقالات الأخرى للمساعدة في ترابط مقالات الموسوعة. فضلًا ساعد في تحسين هذه المقالة بإضافة وصلات إلى المقالات المتعلقة بها الموجودة في النص الحالي. (فبراير 2014) HUD of an aircraft جهاز العرض بمستوى الرأس (بالإنج...

 

Vacuum-tube computer

Earliest electronic computer design Replica of the Atanasoff–Berry computer at Iowa State University The 1946 ENIAC computer used more than 17,000 vacuum tubes A vacuum-tube computer, now termed a first-generation computer, is a computer that uses vacuum tubes for logic circuitry. While the history of mechanical aids to computation goes back centuries, if not millennia, the history of vacuum tube computers is confined to the middle of the 20th century. Lee De Forest invented the triode in 1...

 

Список обвиняемых Нюрнбергского процесса

Основная статья: Нюрнбергский процессЗаседание Нюрнбергского процесса. Декабрь 1945 года В списке в алфавитном порядке указаны бывшие руководители гитлеровской Германии, представшие в качестве обвиняемых перед Международным военным трибуналом, заседавшим в Нюрнбер�...

العلاقات الدنماركية الباكستانية

العلاقات الدنماركية الباكستانية الدنمارك باكستان   الدنمارك   باكستان تعديل مصدري - تعديل   العلاقات الدنماركية الباكستانية هي العلاقات الثنائية التي تجمع بين الدنمارك وباكستان.[1][2][3][4][5] مقارنة بين البلدين هذه مقارنة عامة ومرجعية للدول�...

 

Frigg

Lukisan Frigg sedang memintal awan. Dalam Mitologi Nordik, Frigg atau Frigga adalah istri Dewa Odin. Ia bergelar: Ratu para Æsir, pemimpin para Dewi, Dewi kasih sayang, Dewi kesuburan, Dewi rumah tangga, Dewi perkawinan, dan Dewi langit. Dia punya kemampuan meramal namun ia tidak menceritakan apa yang ia ketahui. Anak-anaknya bernama: Balder, Hodhr, dan Wecta. Anak-anak tirinya bernama: Hermodhr, Heimdall, Tyr, Vidar, Vali, Skjoldr. Thor adalah saudaranya sekaligus anak tirinya. Nama Frigg b...

 

Joe Dunne

Irish footballer and manager For other people named Joe Dunne, see Joe Dunne (disambiguation). Joe DunnePersonal informationFull name Joseph John Dunne[1]Date of birth (1973-05-25) 25 May 1973 (age 51)[1]Place of birth Dublin, Ireland[1]Height 5 ft 8 in (1.73 m)[2]Position(s) DefenderYouth career1989–1990 GillinghamSenior career*Years Team Apps (Gls)1990–1996 Gillingham 115 (1)1996–1999 Colchester United 98 (3)1999 Dover Athletic 11 (2...

Norwalk Transit District

Public transportation provider Not to be confused with Norwalk Transit (California), an unrelated transit agency. The topic of this article may not meet Wikipedia's notability guidelines for companies and organizations. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or...

 

Dose fractionation

Administration of a total dose of radiation in parts, at intervals Dose fractionation effects are utilised in the treatment of cancer with radiation therapy. When the total dose of radiation is divided into several, smaller doses over a period of several days, there are fewer toxic effects on healthy cells. This maximizes the effect of radiation on cancer and minimizes the negative side effects. A typical fractionation scheme divides the dose into 30 units delivered every weekday over six wee...