Announcement

Collapse
No announcement yet.

Some Questions about AD RMS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Some Questions about AD RMS

    Hello,

    can somebody answer me in a simple english this questions about AD RMS, please?

    1. What is the meaning of "protecting with RMS"?

    - Means it that a file can be encrypted with AES?

    - Files can be protected with the policy templates, which are deployed in the AD RMS Server?

    - Anything else? ...

    2. Is it possible to protect whole Folders in an AD with RMS?

    3. Which files can be "protected" with RMS?

    - Is it only possible to protect each file or only microsoft files and pdf?

    4. Is it possible to read a policy template for the whole Folder with the Rights Management Services SDK 2.1 and the Function "IpcGetTemplateList"?

    Thank you very much for your attention and your answer.

  • #2
    Protecting with RMS means applying permissions beyond NTFS (where if you can open a file, you can save as, forward, print, copy paste etc). With RMS you can block activities even when someone can open the file - the protection stays with the file both inside and outside your network

    RMS is at a file level, not folders (although some scripting might be possible)

    Word/Excel/PowerPoint/SharePoint/Exchange (others with third party add-ins as RMS is an exstensible platform

    No idea about number 4!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Thank you for your very fast answer Ossian .
      With RMS it is possible to give a user or computer the rights (open, read, write, print, ... ) and the files are persistant protected.
      RMS is at a file level. If I want to protect a folder, I have to protect all files inside the choosen folder. RMS doesn't support all file types, only Office Products like Word/Excel/PowerPoint,SharePoint/Exchange. Other files can only be protected with third party add-ins (for example from GigaTrust/SecureIslands, ...)

      I read from here that with the SDK it is possible to protect all other files, if I programm this myself. Is that correct?
      Alternatively, you can extend AD RMS protection to additional file formats by leveraging the AD RMS Software Development Kit (SDK). Specifically, the AD RMS SDK enables you to programmatically encrypt and decrypt content, associate rights with content, discover AD RMS services, and publish and acquire content licenses.
      And here I read:
      Microsoft Rights Management sharing application supports protection at two different levels:
      Native protection:
      For text, image, Microsoft Office (Word, Excel, PowerPoint) files, .pdf files, and other application file types that support AD RMS, native protection provides a strong level of protection that includes both encryption and enforcement of rights (permissions).
      PFile protection:
      For all other applications and file types, generic protection provides a level of protection that includes both file encapsulation using the .pfile file type and authentication to verify if a user is authorized to open the file.
      Last edited by Pitre; 19th August 2015, 21:12.

      Comment


      • #4
        That appears to be correct, although I have never attempted developing with RMS
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Hello All,
          I am installing AD RMS and DAC to classify and secure corporate data.
          But it seem that the microsoft DAC feature or RMS could only classify and apply security on data locate in a share of the file server.
          My question is how can i automatically identify, classify and secure data locate on client computer (on it D:\ disk for example) or another location on the C:\ disk ?
          Thanks a lot.

          Comment

          Working...
          X