What's New in Active Directory Rights Management Services
The following table identifies what is new for each release of Active Directory Rights Management Services (AD RMS) software.
Version | Description of features |
---|---|
Windows Server 2008 Windows Vista Service Pack 1 (SP1) |
The AD RMS server and client are included in the operating system, and the AD RMS SDK is included in the Microsoft Windows SDK. An AD RMS administrator can now enable AD RMS clients to automatically retrieve templates from an AD RMS server by using a Windows Management Instrumentation (WMI) job in the task scheduler. The DRMEnumerateLicense function can now be used to enumerate the retrieved templates. You can also use the following functions and Web methods if you find it necessary to manually download the issuance license templates: You can use the new scripting API to administer an AD RMS server and generate reports. For more information, see Active Directory Rights Management Scripting API. |
Windows Vista | Beginning with Windows Vista, the client software is now included in the operating system, and the name has been changed to Active Directory Rights Management Services (AD RMS). The name of all other versions, including version 1.0 SP2, remains Rights Management Services (RMS). The AD RMS SDK is included in the Microsoft Windows SDK. The AD RMS SDK is identical to the RMS version 1.0 SP1 SDK except for the following:
|
Version 1.0 SP2 | Version 1.0 SP2 is intended to be used on operating systems released prior to Windows Vista. It is identical to the AD RMS SDK released in Windows Vista except for the following:
|
Version 1.0 SP1 | Introduces the lockbox for Rights Management Services client 1.0 SP1 and the server lockbox, and enables RMS deployment for isolated networks and for clients that require FIPS compliance. Although the lockbox for RMS client 1.0 SP1 is similar to the lockbox for RMS client 1.0 in many respects, a key difference is that the lockbox for RMS client 1.0 SP1 performs machine activation locally, whereas the lockbox for RMS client 1.0 has a dependency on an Internet connection to the Microsoft Activation Service for machine activation. Another difference is that the lockbox for RMS client 1.0 SP1 uses CryptoAPI as the underlying encryption technology for the lockbox, whereas the lockbox for RMS client 1.0 uses a proprietary technique for the encryption technology.
The server lockbox is provided for server applications that need to publish, consume, or process RMS-protected content. Some examples of server applications that would use the server lockbox are a virus scanner or other type of scanner, a document library or archival tool, a workflow engine, or a Web portal. For an example that uses the server lockbox, see Creating an Application That Uses a Server Lockbox. Support for encryption with the DES algorithm has been removed. Content that was previously encrypted with the DES algorithm can still be decrypted, but new content cannot be encrypted with the DES algorithm. Rights Management Services client 1.0 SP1 can be installed from https://www.microsoft.com/downloads. |
Version 1.0 | Initial release that provides the ability for client computers to run applications based on Rights Management technologies. Introduces the lockbox for RMS client 1.0 and a nonlockbox solution, which uses Msdrm.dll with SOAP APIs. For more information about the lockbox for RMS client 1.0 and Msdrm.dll with SOAP API solutions, see Determining Whether to Use a Lockbox.
Rights Management Services client 1.0 can be installed from https://www.microsoft.com/downloads. |
For information about the different types of lockboxes, or whether a lockbox should be used for your application, see Determining Whether to Use a Lockbox.
The following functions were added to the Rights Management Services client 1.0 SP1.
Function | Description |
---|---|
DRMGetClientVersion | Returns the version number of the Rights Management client software and whether the hierarchy is for Production or Pre-production purposes. |
DRMGetIntervalTime | Retrieves the number of days from issuance that can pass before an end–user license must be renewed. |
DRMGetOwnerLicense | Retrieves from memory an owner license created by a call to the DRMGetSignedIssuanceLicense function with the DRM_OWNER_LICENSE_NO_PERSIST flag set. |
DRMRepair | Repairs a client computer by deleting certificates previously created for the computer or user. |
DRMSetGlobalOptions | Sets the transport protocol to a specified value and optionally specifies whether the RM server lockbox is used. |
DRMSetIntervalTime | Specifies the number of days from issuance that can pass before an end–user license must be renewed. |
The following enumerations were added to the Rights Management Services client 1.0 SP1.
Enumeration | Description |
---|---|
DRM_CLIENT_VERSION_INFO | Receives information about the version of the Rights Management Services client and the hierarchy, such as Production or Pre-production. |
DRMGLOBALOPTIONS | Defines values for specifying which protocol is used for the transport protocol and whether the server lockbox is used. |
The following functions were modified in the Rights Management Services client 1.0 SP1.
Function | RMS client 1.0 SP1 behavior |
---|---|
DRMActivate | The activation no longer requires a server transaction because the lockbox is installed with the Rights Management Services client 1.0 SP1 software. |
DRMAddLicense | Support is provided for adding the license to a permanent license store. |
DRMAcquireLicense | Nonsilent license acquisition is no longer supported. |
DRMAttest | This function is no longer supported and returns E_NOTIMPL. |
DRMCheckSecurity | This function returns S_OK for any level of the security check being run. |
DRMEnumerateLicense | Machine certificates are returned from a per-user store, instead of one certificate for the entire machine. |
DRMGetEnvironmentInfo | The only supported attribute is g_wszQUERY_BLOCKSIZE. |
DRMGetInfo | The only supported attribute is g_wszQUERY_BLOCKSIZE. |
DRMGetSecurityProvider | The path retrieved is the path to the Rights Management Services client 1.0 SP1 lockbox unless the DRMGLOBALOPTIONS_USE_SERVERSECURITYPROCESSOR option has not been set in a previous call to DRMSetGlobalOptions. If this option option has not been set, the path retrieved is the path to the lockbox used by DRMInitEnvironment. |
DRMGetSignedIssuanceLicense | If the DRM_OWNER_LICENSE_NOPERSIST value is specified for uFlags, the owner license is stored in memory instead of in the permanent store. The owner license can subsequently be retrieved by using the DRMGetOwnerLicense function. |
DRMIsActivated | When querying for the activation status of the machine, the machine is considered activated if there is a valid machine lockbox for the logged-on user and a valid machine certificate in the per-user certificate store. |
DRMVerify | This function is no longer supported and returns E_NOTIMPL. |
Send comments about this topic to Microsoft
Build date: 3/13/2008