www.kreslavsky.com

What Is DRM:

Digital Rights Management, or DRM, is a technology that allows the owner of some forms
of media to enforce the terms to the people who have access to use it. Those who own the
copyright to music, film, books, and video commonly use DRM to protect their property.
You or your company may own media that you deliver on your media server or provide
in email or SharePoint sites. It’s important to protect it. It is common for confidential and
critical information to be sent from one company to a competing company or media outlet.
This can cause public relations, legal, or competition problems for an organization. For
example, a company may create a widget that is far superior to the competitor’s widgets.
The company has spent thousands of man hours and millions of dollars to create and document
this new widget. A disgruntled employee could easily send these documents to the
competitor or post them to a weblog for the world to see. If the company protected these
documents using a DRM solution, it would be able to avoid theft.

How Does DRM work?

When media is created, it is encrypted in order to protect it. For a user to access this encrypted
media, they have to have a license. This license contains information such as the following:
NN How long the content can be used
NN What actions can be done on the media
Simply put, the license or key unlocks the content and allows it to be played. The nice
thing about DRM is that you get to control how long it will be unlocked. For example, say
you want to provide content as a promotion that lasts only five days. With DRM protection,
you can set the key to expire in five days. With DRM you don’t have to worry about
users copying material and giving it to others because no matter who plays the content,
they still need to acquire a key or license.
DRM rights are stored in the key and not the content. This means that you can create
different keys for the same file. A normal DRM scenario would be that you encode content
with DRM protection. Then it would be posted so that users could download it. After
the content is downloaded, the user’s player sees that it is protected and connects to your
license provider site to get the needed key. After the user pays for the key, they are able to
play the content.
DRM also can be used to protect other types of files:
NN Office documents
NN Email
Word, Excel, PowerPoint, and other important company files can be protected using
Active Directory Rights Management Service (AD RMS). A typical example would be
using a SharePoint intranet that has or allows external users to view content.
The following sections, it is assumes that you have installed the AD RMS role and have
reviewed the event log for any errors.

Encryption

Before the Internet boom, encryption was mainly used by the military to protect data.
However, today encryption is a normal and needed protection against theft of content or
documents.
What is encryption? It is locking up data through the use of electronic keys. It is similar
to locking the doors on your home. You need a key to lock and unlock your door locks. It
is doubtful you would ever consider having a home without any locks or leaving the doors
open and going away for six months. If you did, you wouldn’t be surprised if your valuables
were stolen. Some people even pay large amounts of money to purchase high-end security
alarms to ensure that they have the best protection for their home. The same is true of your
data; without locking it with a lock and key, you are inviting anyone to take it.
AD RMS encrypts data by keeping out people who do not have proper keys. With AD
RMS, only trusted entities are granted access rights, just like giving someone you trust a
key to your home.
In addition to the AD RMS clients installed on a computer, AD RMS can be used in
specialized applications, these are enabled to enforce the usage rights. The following applications
are AD RMS enabled:
NN Microsoft Office 2003
NN Office 2007
NN Windows Mobile 6
The AD RMS client is included with Windows Vista and Windows Server 2008. If you are
using Windows 2000 Server, Windows XP, or another operating system, you can download
the AD RMS client from the Microsoft Download Center at www.microsoft.com/downloads/
details.aspx?FamilyId=02DA5107-2919-414B-A5A3-3102C7447838&displaylang=en.
For AD RMS to encrypt your data, you need to both have the AD RMS client installed
and have an AD RMS–enabled application. However, to be able to create protected content
you need to have the following:
NN Office 2007 Enterprise
NN Office 2007 Professional
NN Office 2007 Ultimate

Using AD DR M to Protect a Document

• Open Microsoft Word 2007.
• Open a document you want AD RMS to protect.
• Click the Microsoft button in the top-left corner of the screen.
• Click Prepare.
• Click Restrict Permissions.
• Click Restrict Access.
• Now click Restrict Permission to This Document.
• In the Read box, type in the name of the group that you want to allow read permissions.
• Now save this document in your network location.

  The group you specified can only view this document now. They will not be able to
  change, print, or even copy it.

Related Articles

• Windows 2008 Server Roles (0)
• SharePoint interview questions and answers (2)
• Moving a Group to Another Domain – Using ADMT (0)
• Prepare Your Windows Domain for DST 2009 (0)
• Configure Fax Windows Server 2008 (0)
• Windows Server 2008 DNS Records (0)
• Windows 2008 Ping Command Switches (1)