Active Directory Rights Management Services (AD RMS) for the Windows Server 2008 R2 operating system is information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use, both online and offline, and inside and outside of the firewall. AD RMS is designed for organizations that need to protect sensitive and proprietary information such as financial reports, product specifications, customer data, and confidential e-mail messages. AD RMS augments an organization's security strategy by providing protection of information through persistent usage policies (also known as usage rights and conditions), which remain with the information no matter where it is moved. AD RMS persistently protects any binary format of data, so the usage rights remain with the information rather than the rights merely residing on an organization's network. This also enables usage rights to be enforced after the information is accessed by an authorized recipient, both online and offline, and inside and outside of the organization. AD RMS helps protect information through persistent usage policies by establishing the following essential elements:
- Trusted entities. Organizations can
specify the entities, including individuals, groups of users,
computers, and applications that are trusted participants in an
AD RMS system. By establishing trusted entities, AD RMS
can help protect information by enabling access only to properly
trusted participants.
- Usage rights and conditions.
Organizations and individuals can assign usage rights and
conditions that define how a specific trusted entity can use
rights-protected content. Examples of usage rights are permission
to read, copy, print, save, forward, and edit. Usage rights can be
accompanied by conditions, such as when those rights expire.
Organizations can exclude applications and entities from accessing
the rights-protected content.
- Encryption. Encryption is the process
by which data is locked by using electronic keys. AD RMS
encrypts information, making access conditional on the successful
validation of the trusted entities. Once information is locked,
only trusted entities that were granted usage rights under the
specified conditions (if any) can unlock or decrypt the information
in an AD RMS-enabled application or browser. The defined usage
rights and conditions will then be enforced by the application.
This on-line Help system provides information to assist you in accomplishing these administrative tasks by using the Active Directory Rights Management Services console. Review the following topics to learn more about working with your AD RMS cluster.
- Active Directory Rights
Management Services Overview
- Pre-installation
Information for Active Directory Rights Management Services
- Checklist: Deploying a
Single-Server Installation
- Checklist: Deploying AD
RMS in an Extranet
- Checklist: Deploying AD
RMS in an Organization with Users in Multiple Forests
- Checklist: Deploying an
AD RMS Licensing-only Cluster
- Checklist: Deploying AD
RMS with AD FS
- Installing an AD RMS
Cluster
- Configuring an AD RMS
Cluster
- Removing an AD RMS
Cluster
- Working with the AD RMS
Client
- Resources for AD
RMS
- User Interface: AD
RMS
You can configure and manage AD RMS by using either the Windows interface or Windows PowerShell. These Help topics describe methods for using the Windows interface. For more information about using Windows PowerShell for AD RMS, see http://go.microsoft.com/fwlink/?LinkId=136806.
For more information about planning, deploying, and troubleshooting AD RMS, see the Active Directory Rights Management Services TechCenter. (http://go.microsoft.com/fwlink/?LinkId=80907).