Windows Rights Management Services (RMS) is one of many so-called out-of-band (OOB) updates to Windows Server 2003 that Microsoft worked on in the first few months after the OS shipped last year, offering enterprises a solid first implementation of rights-management capabilities. Windows RMS lets enterprises protect sensitive email messages and other documents with manageable rights technologies that limit whether others can read, print, forward, edit, or perform other tasks on these documents. As a version 1.0 product, Windows RMS isn't fully extensible or fully capable, but several enterprising third-party vendors are extending the technology into more functional areas. Here's what you need to know about Windows RMS.

What It Does
Windows RMS gives enterprises Digital Rights Management (DRM)-like capabilities for sensitive inhouse documents. Specifically, Windows RMS supplies a policies-based platform for protecting sensitive data with rights such as Read only, Print, and Do not forward. You can create your own policies as well, including specific rules for such policies as company confidential, and you can also configure Windows RMS-protected documents to expire after a certain date.

What It Doesn't Do
First, Windows RMS won't protect your enterprise against determined thieves. And certain applications can bypass the screen-capture functionality in Windows, letting the applications record screens that are ostensibly protected by Windows RMS. Still, Windows RMS will do much to prevent casual document theft.

More important, perhaps, is that many Windows RMS partners are filling functional gaps. For example, if you want to apply rights to a group of files in a folder or protect documents in a Web portal, look to Microsoft's partners. Windows RMS partners such as GigaTrust, Omniva Policy Systems, and HP are filling the product gaps that Windows RMS doesn't address.

Microsoft Product Checklist
Windows RMS comes with some serious requirements if you want to take advantage of its full feature set. First, Windows RMS runs only on Windows 2003 and requires Microsoft SQL Server 2000 Service Pack 3 (SP3), although you can also use the Microsoft SQL Server 2000 Desktop Engine (MSDE) SP3 or later in test environments. The Windows RMS server must run within an Active Directory (AD)-based domain and must run Microsoft Message Queue Services (MSMQ), Microsoft Internet Information Services (IIS) 6.0, and ASP.NET services. Supported clients include Windows 2003, Windows XP, Windows 2000 SP3, Windows Me, and Windows 98 Second Edition (Win98SE). All these client products require a Windows RMS client download, which you can push out though Group Policy or your own software distribution solution.

On the client side, the only mainstream applications that currently support Windows RMS are available in the Microsoft Office 2003 suite. Office Word 2003, Office Excel 2003, Office Outlook 2003, and Office PowerPoint 2003 all support Windows RMS, although the Office implementation is confusingly called Information Rights Management (IRM).

Recommendations
Windows RMS costs $14,000 to $18,000 per CPU for unlimited access through an external connector. Individual Client Access Licenses (CALs) for Window RMS are $29 to $37. Although it's a version 1.0 product, Windows RMS should interest high-end enterprises, governments, or other businesses that must keep their most sensitive documents out of the hands of analysts, competitors, and others outside the company. Whether used alone or with some of the partner add-ons, Windows RMS looks to be an excellent solution for an increasingly important problem.