Active Directory Right Management Services: Installation and Configuration

AD RMS (Active Directory Right Management) is a Windows Server service that provides extended rights management for certain files. The system is similar to the DRM protection that protects intellectual property.

In internal use, AD RMS extends NTFS security rights by limiting actions on a Word file by preventing the printing or saving of a copy. In order to increase security, the file is encrypted which makes it unreadable.

It is possible to open the AD RMS service externally by using the ADFS service.

Principle of operation

In order to understand the AD RMS service, here is an example for the end user.

In order to protect the operating documents drafted by the PLAN for the BUILD teams, the AD RMS service is used internally.

When a document is served, RMS rights are applied to the document so that only those who are learning in the IT_BUILD group can open it without making any changes or printing. This one is then broadcast by email as an attachment.

When opening a copy of the document, it contacts the RMS server to validate the rights applied to the document to find out if the person can open it and interact with it.

Schematic overview of how AD RMS works

Here is a schematic representation of how the AD RMS service works.



Related Posts


Exchange 2016: Installation and Configuration

In this tutorial, we will see how to install and configure Exchange 2016. Exchange is a mail server designed by Microsoft, it is the professional version of Hotmail (Outlook). Environment An Active Di

DNSSEC: Sign a DNS Zone with Windows Server

Presentation DNSSEC (Domain Name System Security Extensions) is an extension of the DNS protocol that adds security to the DNS protocol by signing the records by a public / private key system. This ex

Enterprise CA: Installation and Configuration with Windows Server

In this tutorial, I will explain how to set up an enterprise CA that is linked to an Active Directory, unlike the stand-alone CA. This type of CA allows you to automate certificate generation with dir