Active Directory Rights Management Services
I recently got my first 2008 training (6416B: Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008), from Arhur Goudswaard, again. A really great Microsoft Trainer 
. On of the new things in Windows Server 2008, I really like is Active Directory Rights Management Services(AD RMS).
Active Directory Rights Management Services(AD RMS) is a technology that is a form of selective functionality denial used for limiting the uses of documents such as corporate e-mail, Word documents, and web pages.Companies can use this technology to encrypt information stored in such document formats, and through server-based policies, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.
The RM server debuted in Windows Server 2003, with client API libraries made available for Windows XP and Windows 2000 as well. Windows Vista and Windows Server 2008 also supports Rights Management Services. In Windows Server 2008, Windows Rights Management Services has been renamed to Active Directory Rights Management Services, reflecting a higher level of integration with Active Directory.
An AD RMS system includes a Windows Server 2008 R2-based server running the Active Directory Rights Management Services (AD RMS) server role that handles certificates and licensing, a database server, and the AD RMS client. The latest version of the AD RMS client is included as part of the Windows 7 and Windows Vista operating systems. The deployment of an AD RMS system provides the following benefits to an organization:
Safeguard sensitive information. Applications such as word processors, e-mail clients, and line-of-business applications can be AD RMS-enabled to help safeguard sensitive information Users can define who can open, modify, print, forward, or take other actions with the information. Organizations can create custom usage policy templates such as “confidential – read only” that can be applied directly to the information
.
Persistent protection. AD RMS augments existing perimeter-based security solutions, such as firewalls and access control lists (ACLs), for better information protection by locking the usage rights within the document itself, controlling how information is used even after it has been opened by intended recipients.
Flexible and customizable technology. Independent software vendors (ISVs) and developers can AD RMS-enable any application or enable other servers, such as content management systems or portal servers running on Windows or other operating systems, to work with AD RMS to help safeguard sensitive information. ISVs are enabled to integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.
I think this a great new improvement in security for organisations working with highly confidential information. Some documents are so sensitive, that we all need to do our upmost best to secure them as much as we can. With AD RMS we get steps closer to achieving this.
Below you can view a good Youtube video, about the best practices for deploying AD RMS in an organisation.
