Administering Active Directory Rights Management Services

Administering Active Directory Rights Management Services Detail the administrative tasks used to ensure security of the AD RMS environment including administering and implementing trust policies, security policies, and the configuration and deployment of rights policy templates. Describe the risks as well as the advantages of implementation of this service. When it comes to AD RMS it’s all about data privacy. Having information available and ready to you or the user, whether if you’re at home or in the office with the door closed this is what networking is all about. Now when trying to protect that same information, but still keeping a sense of flow throughout the sharing of this data can become tricky. That’s where RMS comes in to play with RMS there are two forms of protection we get from this one is through encryption and the other is through policy and this is called “Persistent Protection”. With persistent protection it controls access through trusted identities, secures transmissions, and embeds digital usage policies. Pretty much if you don’t have credentials to open or view a document will just forget it. But if you are authorized to open and view the document then policies step into place allowing or not allowing you to do certain things with said document (cool huh)?
Now this policy and encryption (RMS) is very unique because it follows this said document where ever it goes. So to ensure security when the author wants to send a secure piece of data for the first time it will make a request to the RMS server to get a client licensor certificate this is what gives them permission to publish the data. From there, they define the usage rights and rules (policies) of this data then it creates what is called a “Publishing License” then it encrypts the data. Then the author sends the file, once it gets received on the recipients end they click on data to open it for the first time, the application calls out to the RMS server, and then the RMS server will authorize the recipient and issue what is called a “Use License” and with the use license it basically give them the right to decrypt the data and then expresses the policies placed upon the data for that user to allow or deny them rights to the data. So of course RMS allows a certain feel of security by only allowing certain recipients to receive the data but it can also be broken so you have policies set up so that when the user opens the RMS data they can’t copy, paste, print, and save or screenshot etc. but someone could easily just take a picture with their phone or just re type the data so there has to be a line of trust in people involved. RMS was created to just to slow down a determined thief or just make it such a hassle they just give up and decide it’s just not worth it.

References Shinder/ WindowsSecurity, D. (2003, September 23). How the Windows Rights Management Service can Enhance the Security of your Documents :: Windows 2003 Security :: Articles & Tutorials :: WindowSecurity.com. Retrieved June 4, 2013, from http://www.windowsecurity.com/articles-tutorials/windows_2003_security/Windows_Rights_Management_Service_Documents.html