Active Directory Rights Management Services (AD RMS, known asRights Management Services orRMS beforeWindows Server 2008) is a server software forinformation rights management shipped withWindows Server. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporatee-mails,Microsoft Word documents, andweb pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applieden masse.
RMS debuted inWindows Server 2003, with client API libraries made available forWindows 2000 and later. The Rights Management Client is included inWindows Vista and later, is available forWindows XP, Windows 2000 or Windows Server 2003.[1] In addition, there is an implementation of AD RMS in Office for Mac to use rights protection inOS X and some third-party products are available to use rights protection onAndroid,Blackberry OS,iOS andWindows RT.[2][3]
In April 2016, an alleged attack on RMS implementations (including Azure RMS) was published and reported toMicrosoft.[4][5] The published code allows an authorized user that has been granted the right to view an RMS protected document to remove the protection and preserve the file formatting. This sort of manipulation requires that the user has been granted rights to decrypt the content to be able to view it. While Rights Management Services makes certain security assertions regarding the inability for unauthorized users to access protected content, the differentiation between different usage rights for authorized users is considered part of its policy enforcement capabilities, which Microsoft claims to be implemented as "best effort", so it is not considered by Microsoft to be a security issue but a policy enforcement limitation. Previously the RMS SDK enforced signing of code using the RMS capabilities in order to provide some level of control on which applications interacted with RMS, but this capability was later removed due to its limited ability to restrict such behaviors given the possibility to write applications use the web services directly to obtain licenses to decrypt the content.[6]
In addition, using this same technique, a user that has been granted rights to view a protected document can manipulate the content of the document without leaving traces of the manipulation. Since Azure RMS is not a non-repudiation solution and, unlike document signing solutions, does not claim to provide anti-tampering capabilities, and since the changes can only be made by users that are granted rights to the document, Microsoft does not consider the later issue to be an actual attack against the claimed capabilities of RMS.[7]The researchers provide a proof of concept tool, to allow evaluation of the results, viaGitHub.[8]
RMS is natively supported by the following products:
Third-party solutions, such as those fromSecure Islands (acquired byMicrosoft), GigaTrust and Liquid Machines (acquired byCheck Point) can add RMS support to the following:
