DRM enhancement in Windows Server 2003: Insight - Software

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

DRM enhancement in Windows Server 2003

By Mike Mullins, TechRepublic
September 20, 2004
URL: http://www.zdnet.com.au/insight/software/soa/DRM-enhancement-in-Windows-Server-2003/0,139023769,139159940,00.htm

The most important company secrets your company can vanish in the blink of an eye once you share access to a document that contains confidential information.

After you've created a document and sent it via e-mail, placed it on a network share, or posted it to an internal Web site, your control of that document ceases to exist.

That means that everyone who has access to the file can print it, save it, or send it to everyone on the Internet. To help protect your organisation's classified information, Microsoft has closed this security hole with its Windows Rights Management Service (RMS), included in Windows Server 2003.

Windows Server 2003 and Microsoft Office 2003 give organisations the ability to control access to documents. You can choose which users can view a document and which actions they can take once they have access.

Available for download from Microsoft's Web site and based on digital rights management (DRM) technology, RMS uses digital certificates to identify users and rights. Like most technologies that Microsoft is developing, RMS depends heavily on network connectivity and certificate services through the ASP.NET foundation.

To implement DRM, RMS uses a two-component approach.

Windows Rights Management Service, installed on a Windows Server 2003 server, uses ASP.NET and XML metadata for document management.

Microsoft Office 2003's Information Rights Management (IRM) component offers the ability to set rights on documents created with several Office applications (Word, Excel, PowerPoint, and Outlook).

In addition, there is also a rights management add-on for Internet Explorer for organisations that don't use Microsoft Office 2003.

You can configure RMS for documents by going to File | Permission in the document. The default for each document is Unrestricted Access. However, selecting Do Not Distribute offers additional protection options, including:

Read: Users can read, but they can't change, print, or copy the document.

Change: Users can read, edit, and save changes to the document, but they can't print it.

The More Options tab offers the ability to expire the content, allow users to request additional permissions, and allow non-Office 2003 users to read an IRM document using a supported browser.

In today's online environment, controlling access and rights to your information through document rights management is essential. To protect information even more, consider implementing a usable life cycle for documents, which can further protect access.

While RMS and IRM are an excellent security enhancement to document management by providing a means to control access to documents, they aren't fail-proof.

Remember: This technology is only a digital speed bump -- and it won't stop a determined employee from stealing your data.

biography
Mike Mullins has served as a database administrator and assistant network administrator for the US Secret Service. He is a Network Security Administrator for the US Defense Information Systems Agency.

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

©2004 TechRepublic, Inc.