AD RMS is designed to help prevent disclosure of information to unauthorized users. One of the risks inherent in a certificate and license based system is that the certificates or licenses might be compromised and thus provide rights to an unauthorized user. Exclusion policies prevent users, applications, and lockboxes from acquiring certificates and licenses from servers in the cluster. Exclusion policies are different from revocation lists in that revocation affects previously granted licenses and certificates from being able to be used to decrypt rights-protected content.