9.8 Rights Management Services

Rights Management Services (RMS) is a Microsoft technology designed to restrict information access in an enterprise environment. RMS helps enterprise customers control and protect critical digital information by offering flexible and persistent policy expression and enforcement.

Data loss can lead to significant problems in an IT enterprise, with financial, legal, and regulatory compliance consequences -- problems that can cause loss of credibility for an organization. The exchange of information has moved outside the traditional boundaries of a corporate network, including the use of mobile devices such as notebook computers, PDAs, and cellular phones. Typically, organizations secure information by using perimeter-based security methods, such as firewalls, access control lists, and encryption in transit. These methods help organizations control access to sensitive data, but authorized users are still free to do whatever they want with the information.

Active Directory Rights Management Services (AD RMS), introduced in Windows Server 2008 R2 operating system, and the AD RMS client augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved.

RMS is described in detail in the Rights Management Services Protocols Overview [MS-RMSOD].