Given recent history, weve come to expect Microsoft service packs to be significant revisions—on the order of a major new release. SP1 for Windows Rights Management, however, is much more typical of a standard service pack, with many of the new capabilities and updates on the back-end and development side, where they will be invisible to most users.
Click here to read the full review of Windows Rights Management Services SP1.
2
Given recent history, weve come to expect Microsoft service packs to be significant revisions—on the order of a major new release. SP1 for Windows Rights Management, however, is much more typical of a standard service pack, with many of the new capabilities and updates on the back-end and development side, where they will be invisible to most users.
This service pack continues the Microsoft practice of setting the stage for third-party vendors to extend the Windows Rights Management Services. Indeed, since the first release of Rights Management Services, in November 2003, Microsoft has hoped to encourage third-party extensions to its client capabilities. The company has made some progress here, with vendors such as Liquid Machines buying into the strategy.
With this newest release, Microsoft has increased the ability of Windows Rights Management Services to control access to server-based content. Microsoft has added a Web-services-aware SDK (software development kit) and API to encourage third parties to extend these server-based controls. SP1 makes Windows Rights Management Services easier to deploy to client systems and improves its authentication and encryption capabilities.
Companies that have already deployed Windows Rights Management Services will find SP1 a worthy upgrade. However, IT managers who found Windows Rights Management Services too limiting wont be swayed much by SP1, despite the availability of new third-party tools that remove some of the platforms client limitations.
Windows Rights Management Services SP1 runs on Windows Server 2003 and requires Microsoft SQL Server 2000. We got up and running quickly with the product, and initial setup of the service was similarly painless—in hardly any time at all, we provisioned a rights domain and connected to our Active Directory server.
In the initial version of Windows Rights Management Services, the main server had to be connected to the Internet to gain the root certificates from Microsoft that are required to activate and enroll the Rights Management Services. This made the enrollment process quick and painless, but it also proved to be a potential problem for highly security-conscious organizations.
To address this, Microsoft has made it possible in Windows Rights Management Services SP1 to perform enrollment in offline mode. To do this, we simply created an XML file on the server and exported it to another system that was on the Internet. From there, we uploaded the file to a Microsoft enrollment server, which then provided another file that we transferred to our rights server and imported into the Rights Management Services system. This completed the root certificate enrollment.
We found the browser-based administration interface sparse but effective. It allowed us to quickly define settings, set exclusions policies, and—through a nice feature called Trust Policies— define other RMS domains that we would trust.
With Windows Rights Management Services SP1, we could also define broad and complex rights policies templates, controlling a wide variety of viewing, printing and editing rights and setting expiration policies.
Probably the biggest weakness in Windows Rights Management Services SP1 from an administration standpoint is the products lack of integrated reporting options. We could, however, turn on logging for analysis through third-party tools.
The Windows Rights Management Services SP1 client—which runs on Windows 2000, Windows Server 2003 and Windows XP—was easier to deploy than the initial release, with administration rights not required and with the option to install it through Microsofts Software Update Services or Systems Management Server.
Administrators can now choose whether to deploy the products encryption lockbox onto client systems or to use the new server-based lockbox.
Client capabilities are essentially the same as they were in the previous version of the Windows Rights Management Services platform: The client works only with Office 2003 and Outlook 2003.
During tests, we were able to connect the Liquid Machines client to a Windows Rights Management Services server, allowing older Office systems and other Microsoft applications such as Visio to use the Microsoft rights platform, although at additional client cost.
The new SDK uses standard Microsoft APIs as well as protocols such as SOAP (Simple Object Access Protocol) to allow organizations to leverage the potential server-based applications of the Windows Rights Management Services platform. Anyone who used the previous SDK will see little difference in the new one. But users accustomed to starter or sample applications from Microsoft may be surprised to find that there are no prebuilt capabilities in the product. Microsoft officials said applications that use these features will appear in the near future.
Windows Rights Management Services is included as part of Windows Server 2003, but companies will have to pay for client access licenses to use it. To create protected content, a client access license, which starts at $37, is required. Also, if a company wants to expose rights management to external users, an $18,066 connector license is required.
Next page: Evaluation Shortlist: Related Products.
Page Three
Evaluation Shortlist
Adobes LiveCycle Policy Server 7.01 Provides flexible server-based rights management capabilities for PDF documents created in Acrobat 7.0 (www.adobe.com)
Authenticas Active Rights Management Classic rights management platform that supports several Windows client applications and integrates with many access mechanisms (www.authentica.com)
Client-based permission and rights controls Many enterprise content-creation tools include some form of document locking, permission restriction or security, providing some, although not all, of the capabilities of a full rights management system
Liquid Machines Document Control 5.0 An easily managed and flexible rights management system with strong auditing capabilities and unobtrusive client implementations (www.liquidmachines.com)
SealedMedia Inc.s SealedMedia 4.0 A full-scale dedicated enterprise rights management system with a focus on collaborative capabilities (www.sealedmedia.com)
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.