[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.0, which leverages functionality exposed by the client in Msipc.dll.]
A manifest is a certificate that signs your application into the Active Directory Rights Management Services (AD RMS) Pre-production or Production hierarchy. It is used primarily to protect your application from viruses. By specifying required, optional, and prohibited files, the manifest enables you to control what is loaded into the process space and what is allowed to access protected content. This increases security by helping to prevent viruses from running in the same space as your application and by preventing an attacker from replacing libraries.
You create a manifest by first creating a configuration file and then calling the Genmanifest.exe program, providing the configuration file and the Pre-production or Production certificate as input. The configuration identifies your application and other applications or modules that can, cannot be, and must be included in the process space. The following example shows a basic configuration file.
AUTO-GUID %MYBASEPATH%\\keys\\mypriv1024.dat MODULELIST REQ HASH MyApp.exe REQ NOHASH %SystemRoot%\\system32\\kernel32.dll OPT %SystemRoot%\\system32\\msvcrt.dll POLICYLIST INCLUSION PUBLICKEY C:\\mypub1024.dat EXCLUSION DIG C:\\ecsrv.dll DIG C:\\ud.dll PUBLICKEY C:\\SampleExcPubKey.dat FILE MyApp.exe 5.1.3500.0 5.1.3572.0
For more information about application manifests, see the following topics:
- Creating an Application Manifest
- Manifest Configuration File Syntax
- Manifest Configuration File Example
- Obtaining a Key Pair for Manifest Signing