PKI Blog

When RMS Goes Wrong: Samsung Security Flaw

Posted by Sarah Duncan on Apr 14, 2014 9:57:45 AM

Awhile back, I wrote a post (Shocked by an Android) singing the praises of Samsung for supporting RMS in their native Microsoft Exchange ActiveSync email client for Android. Today, however, I'm here to report on a security flaw we've discovered in that implementation of RMS.

Read More

Topics: Rights Management Services, Samsung security flaw, Android Security flaw, Industry Trends, Microsoft Exchange ActiveSync, RMS, Samsung email, Android, Blog, Android RMS, Samsung

File Server Resource Manager and AD RMS

Posted by Sarah Duncan on Jun 3, 2013 8:06:31 AM

You may have heard of the ability back in Windows Server 2008 R2 to use the File Classification Infrastructure (FCI) feature (part of the File Services role) together with the AD RMS Bulk Protection Tool (a command-line tool) to automatically apply rights protections to documents stored on a file server based on things such as key words in the files. That was a nice feature, but a little clunky to use with the command-line AD RMS Bulk Protection Tool. The good news is that the AD RMS integration has now been incorporated into the File Server Resource Manager on Windows Server 2012, eliminating the need for the AD RMS Bulk Protection Tool in this context. The AD RMS Bulk Protection Tool can also be used outside of FCI whenever you need to bulk encrypt or decrypt a batch of files.

Read More

Topics: Active Directory Rights Management Services, IT Security, Microsoft Security Partner, Microsoft Active Directory, Data Protection, FCI, RMS, command line tool, AD RMS Bulk Protection Tool, Blog, Active Directory, File Server Resource Manager, AD, AD RMS, File Classification Infrastructure (FCI)

Shocked by an Android

Posted by Sarah Duncan on May 23, 2012 8:08:50 AM

Stunned is the word for it. There I was getting to know my new Samsung Galaxy Tab 2, a tablet running Android 4.0 (Ice Cream Sandwich). I configured the built-in Exchange ActiveSync client (using certificate-based authentication, but that's a discussion for another day) and was browsing around the interface when I spotted an oddly familiar-looking icon. "Hmmm," I said, "I wonder what that button does."

Read More

Topics: Active Directory Rights Management Services, Microsoft Active Directory AD, Android Ice Cream Sandwich, IT Security, Industry Trends, Microsoft Active Directory, Samsung Galaxy Tab 2, Data Protection, Ice Cream Sandwich, RMS, Rights Management System, Android 4.0, Android, Blog, AD, AD RMS

The Major Challenge in AD RMS Implementations

Posted by Sarah Duncan on Feb 27, 2012 8:00:25 PM

The major challenge in an AD RMS implementation is not getting the infrastructure up and running or getting the client settings, files and application deployed to all users. It's not making RMS available through your firewall or getting it working with your SharePoint server. No, the major challenge is getting your users to actually use RMS to protect e-mail messages and documents. It's very simple for your users to apply RMS protections to an e-mail or document--it's just a couple clicks--but it's hard to train them to remember to take that extra step. Luckily, there are solutions available to help you automate protections, so you're not entirely relying on your users to take that extra step.

Read More

Topics: Active Directory Rights Management Services, IT Security, Microsoft Security Partner, Data Protection, RMS, Rights Management System, Blog, Microsoft SharePoint 2010, Microsoft Exchange 2010, Active Directory, AD, AD RMS

Configuring a Non-Domain-Joined RMS Client Machine

Posted by Sarah Duncan on Nov 8, 2011 4:08:49 AM

In most corporate environments, when you roll out RMS to the client machines you're talking about domain-joined machines that you are configuring via group policy, SCCM and similar desktop deployment tools. But what if you have a few users who need to have access to RMS-protected content from non-domain-joined clients? What if they need to apply rights-protections to content as well? With your custom templates no less, then what? Under some circumstances, it may be possible to get RMS configured on a non-domain-joined client machine just by asking the user to open a rights-protected document, but whether this will work or not depends on a lot of variables, and it's not a reliable solution. Your best bet is to hand the user an easy-to-run script packaged with your rights policy templates to line all the ducks up in a row automatically.

Read More

Topics: Rights Management Services, Active Directory Rights Management Services, IT Security, Microsoft Security Partner, Microsoft RMS, RMS, Blog, PowerShell script, PowerShell, AD RMS

Posts by Topic

see all

Want to Learn more about CSS?