Active Directory Right Management Services: Installation and Configuration


AD RMS (Active Directory Right Management) is a Windows Server service that provides extended rights management for certain files. The system is similar to the DRM protection that protects intellectual property.

In internal use, AD RMS extends NTFS security rights by limiting actions on a Word file by preventing the printing or saving of a copy. In order to increase security, the file is encrypted which makes it unreadable.

It is possible to open the AD RMS service externally by using the ADFS service.

Principle of operation

In order to understand the AD RMS service, here is an example for the end user.

In order to protect the operating documents drafted by the PLAN for the BUILD teams, the AD RMS service is used internally.

When a document is served, RMS rights are applied to the document so that only those who are learning in the IT_BUILD group can open it without making any changes or printing. This one is then broadcast by email as an attachment.

When opening a copy of the document, it contacts the RMS server to validate the rights applied to the document to find out if the person can open it and interact with it.

Schematic overview of how AD RMS works

Here is a schematic representation of how the AD RMS service works.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Related Posts

ADMT: Active Directory Domain Migration Tool
ADMT (Active Directory Migration Tool) is a free Microsoft tool that allows the migration of objects (Users, Computers, and Groups) between two Active Directory domains. Some examples of using ADMT: Enterprise merge to consolidate Active Directory. E

ADFS: Installation and Configuration
In this article, I propose to discover the AD FS and Proxy (WAP) roles. As part of the preparation for the 70-742 certification, I embarked on the mock-up of an infra. What's this ? ADFS and the proxy that accompanies it can put several things in pla

Network share: enable enumeration based on access EBA
Introduction The access-based enumeration allows to display in a network share, only folders and files whose use has at least a right of reading. Other documents and folders will be hidden. Enabling this feature will increase the CPU resource consump

Leave a Comment