{"id":9387,"date":"2009-02-02T20:13:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=9387"},"modified":"2009-02-02T20:13:00","modified_gmt":"1999-11-29T20:00:00","slug":"protect-documents-no-matter-where-they-are-ad-rights-management-services","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=9387","title":{"rendered":"Protect Documents No Matter Where They Are: AD Rights Management Services"},"content":{"rendered":"

There’s different types of encryption.\u00a0 The one you might know best is transmission encryption.\u00a0 A message is encrypted only while it is in transit over the wire between a source and destination.\u00a0 It is unprotected at either end.\u00a0 Then there is folder or file encryption.\u00a0 While a document is on the disk or in the folder it is secure.\u00a0 If the document leaves the folder, e.g. on USB stick or by email, it is not secure.\u00a0 Disk encryption (Windows Vista\/7 BitLocker, SafeBoot, etc) or device (e.g. Windows 7 BitLocker to Go) encryption protect everything on a disk.\u00a0 You can put that disk in another machine and have no access to the data without authentication.\u00a0 But this doesn’t protect your data if it leaves that disk.<\/p>\n

I just read a blog post where a company lost control of business data and it was put in a pretty compromised position.\u00a0 A document with valuable information left secure control and was available to "the wild".\u00a0 What can you do to protect documents in case they leave the safety of your encrypted network, folders or disks?\u00a0 What if your documents are out "in the wild"?\u00a0 Can you stop anyone from reading them?<\/p>\n

Someone might suggest using passwords on those documents.\u00a0 You’ve probably seen something similar to "protect" Excel spreadsheets, etc.\u00a0 That won’t help.\u00a0 Such a password is easily cracked using 3rd party tools that you can buy on the net.<\/p>\n

What will help is Rights Management Services<\/a> (RMS).\u00a0 It first turned up as a free download for Windows Server 2003 (but requiring RMS CAL licensing<\/a>) and Windows Server 2008 Active Directory Rights Management Services.\u00a0 Using x.509 certs, you can protect your documents no matter where they are.\u00a0 If someone copies documents and brings them home they have no access to them.\u00a0 If someone takes them to a competitor when they leave the company they have no access to them.\u00a0 If someone sends them to a press reporter they have no access to them.\u00a0 According to MS, "Users can define who can open, modify, print, forward, or take other actions with the information".\u00a0 <\/p>\n

The cool thing about this solution is that it is AD integrated and ties directly into Office to make it very user friendly.\u00a0 You can define policies<\/a> for controlling documents, set up Internet connectivity for non-connected users<\/a>, set up MOSS 2007 integration<\/a> and set up AD Federated Services for partner companies<\/a>.<\/p>\n

There’s a step-by-step guide here<\/a>.\u00a0 Check the sub-pages in the navigation pane on the left for the content.<\/p>\n","protected":false},"excerpt":{"rendered":"

There’s different types of encryption.\u00a0 The one you might know best is transmission encryption.\u00a0 A message is encrypted only while it is in transit over the wire between a source and destination.\u00a0 It is unprotected at either end.\u00a0 Then there is folder or file encryption.\u00a0 While a document is on the disk or in the … Continue reading “Protect Documents No Matter Where They Are: AD Rights Management Services”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[37],"tags":[],"class_list":["post-9387","post","type-post","status-publish","format-standard","hentry","category-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9387"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9387\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}