Windows RMS is information protection technology that works with RMS-enabled applications to help safeguard digital information from unauthorized use. RMS combines Windows Server 2003 features, developer tools, and industry security technologies–including encryption, XrML-based certificates, and authentication–to help organizations create reliable information protection solutions for their valuable and sensitive business file content.

The Windows RMS solution requires:

·         Windows RMS for Windows Server 2003

·         RMS client application programming interface (API) for Windows clients (Windows 98 Second Edition and later)

·         eXtensible rights Markup Language (XrML), a powerful rights expression implementation of the eXtensible Markup Language (XML) for the integration of powerful digital rights technology

·         RMS client and server software development kits (SDKs) that enable Windows-based client and server applications to become “rights-enabled”

RMS is a premium information protection service of Windows Server 2003 and is responsible for all machine activation, licensing, enrollment, and other administration-related activities. The creation and consumption of RMS-enabled documents is the responsibility of RMS-enabled client software such as the Microsoft Office 2003 Editions, or an RMS-enabled browser such as Microsoft Internet Explorer with the Rights Management Add-on (RMA). RMS allows users to apply information protection with great ease and efficiency from within their customary software environment. Any Windows platform application can work with the API in the SDK to support RMS. RMS must establish a trust ecosystem, where a PC, user, application, and server are all integral and trusted components. This trust is established and validated through the use of XrML certificates for each component. Every PC must receive a “Machine Certificate” and RMS “lockbox” to become “trusted” and each user must receive a Rights Management Account Certificate (RAC) to be recognized by RMS.  Additionally, each user must have a Client Licensor Certificate (CLC) if they wish to publish rights-protected content on their machine without a connection to RMS. 

RMS-enabled client software also works closely with Microsoft Active Directory®[1] directory services technology, a component of the Microsoft Windows Server operating system, to identify users and distribution groups and to assist in assigning/enforcing access and usage rights. Through the use of Active Directory roles and group policies, information managers can create a wide range of distinct user communities, each of which can have different information access rights.

RMS deployment is straight-forward and demands minimal resources. Organizations can roll out RMS across the network by using, for example, Microsoft Systems Management Server. Users do not need to have administrative privileges to active RMS on their desktops, nor do they need access to the Internet. RMS, for that reason, deploys in air-gap networks as easily as it does within LANs and WANs with Internet access.