What's New in Active Directory Rights Management Services

The following table identifies what is new for each release of Active Directory Rights Management Services (AD RMS) software.

Version Description of features

Windows Server 2008

Windows Vista Service Pack 1 (SP1)

The AD RMS server and client are included in the operating system, and the AD RMS SDK is included in the Microsoft Windows SDK.

An AD RMS administrator can now enable AD RMS clients to automatically retrieve templates from an AD RMS server by using a Windows Management Instrumentation (WMI) job in the task scheduler. The DRMEnumerateLicense function can now be used to enumerate the retrieved templates. You can also use the following functions and Web methods if you find it necessary to manually download the issuance license templates:

You can use the new scripting API to administer an AD RMS server and generate reports. For more information, see Active Directory Rights Management Scripting API.

Windows Vista

Beginning with Windows Vista, the client software is now included in the operating system, and the name has been changed to Active Directory Rights Management Services (AD RMS). The name of all other versions, including version 1.0 SP2, remains Rights Management Services (RMS). The AD RMS SDK is included in the Microsoft Windows SDK.

The AD RMS SDK is identical to the RMS version 1.0 SP1 SDK except for the following:

  • The public/private key pair and Pre-production certificate used when developing an AD RMS-enabled application are included with the SDK.
  • 64-bit application development is now supported.
  • The DRMDeleteLicense function now allows you to delete an end-user license based on a handle to the client session or a handle to the license storage session.
  • The DRMActivate function returns a new error code, E_DRM_PLATFORM_POLICY_VIOLATION, if a system DLL fails the module authentication check.
Version 1.0 SP2 Version 1.0 SP2 is intended to be used on operating systems released prior to Windows Vista. It is identical to the AD RMS SDK released in Windows Vista except for the following:

  • It is not included with the operating system and requires a separate download.
  • The name remains the Rights Management Services (RMS) SDK.
  • The AcquireLicense Web method now enables you to retrieve multiple use licenses for different user accounts from a single license request to the RMS server.
Version 1.0 SP1 Introduces the lockbox for Rights Management Services client 1.0 SP1 and the server lockbox, and enables RMS deployment for isolated networks and for clients that require FIPS compliance. Although the lockbox for RMS client 1.0 SP1 is similar to the lockbox for RMS client 1.0 in many respects, a key difference is that the lockbox for RMS client 1.0 SP1 performs machine activation locally, whereas the lockbox for RMS client 1.0 has a dependency on an Internet connection to the Microsoft Activation Service for machine activation. Another difference is that the lockbox for RMS client 1.0 SP1 uses CryptoAPI as the underlying encryption technology for the lockbox, whereas the lockbox for RMS client 1.0 uses a proprietary technique for the encryption technology.

The server lockbox is provided for server applications that need to publish, consume, or process RMS-protected content. Some examples of server applications that would use the server lockbox are a virus scanner or other type of scanner, a document library or archival tool, a workflow engine, or a Web portal. For an example that uses the server lockbox, see Creating an Application That Uses a Server Lockbox.

Support for encryption with the DES algorithm has been removed. Content that was previously encrypted with the DES algorithm can still be decrypted, but new content cannot be encrypted with the DES algorithm.

Rights Management Services client 1.0 SP1 can be installed from http://www.microsoft.com/downloads.

Version 1.0 Initial release that provides the ability for client computers to run applications based on Rights Management technologies. Introduces the lockbox for RMS client 1.0 and a nonlockbox solution, which uses Msdrm.dll with SOAP APIs. For more information about the lockbox for RMS client 1.0 and Msdrm.dll with SOAP API solutions, see Determining Whether to Use a Lockbox.

Rights Management Services client 1.0 can be installed from http://www.microsoft.com/downloads.

For information about the different types of lockboxes, or whether a lockbox should be used for your application, see Determining Whether to Use a Lockbox.

Version 1.0 SP1

The following functions were added to the Rights Management Services client 1.0 SP1.

Function Description
DRMGetClientVersion Returns the version number of the Rights Management client software and whether the hierarchy is for Production or Pre-production purposes.
DRMGetIntervalTime Retrieves the number of days from issuance that can pass before an end–user license must be renewed.
DRMGetOwnerLicense Retrieves from memory an owner license created by a call to the DRMGetSignedIssuanceLicense function with the DRM_OWNER_LICENSE_NO_PERSIST flag set.
DRMRepair Repairs a client computer by deleting certificates previously created for the computer or user.
DRMSetGlobalOptions Sets the transport protocol to a specified value and optionally specifies whether the RM server lockbox is used.
DRMSetIntervalTime Specifies the number of days from issuance that can pass before an end–user license must be renewed.

The following enumerations were added to the Rights Management Services client 1.0 SP1.

Enumeration Description
DRM_CLIENT_VERSION_INFO Receives information about the version of the Rights Management Services client and the hierarchy, such as Production or Pre-production.
DRMGLOBALOPTIONS Defines values for specifying which protocol is used for the transport protocol and whether the server lockbox is used.

The following functions were modified in the Rights Management Services client 1.0 SP1.

Function RMS client 1.0 SP1 behavior
DRMActivate The activation no longer requires a server transaction because the lockbox is installed with the Rights Management Services client 1.0 SP1 software.
DRMAddLicense Support is provided for adding the license to a permanent license store.
DRMAcquireLicense Nonsilent license acquisition is no longer supported.
DRMAttest This function is no longer supported and returns E_NOTIMPL.
DRMCheckSecurity This function returns S_OK for any level of the security check being run.
DRMEnumerateLicense Machine certificates are returned from a per-user store, instead of one certificate for the entire machine.
DRMGetEnvironmentInfo The only supported attribute is g_wszQUERY_BLOCKSIZE.
DRMGetInfo The only supported attribute is g_wszQUERY_BLOCKSIZE.
DRMGetSecurityProvider The path retrieved is the path to the Rights Management Services client 1.0 SP1 lockbox unless the DRMGLOBALOPTIONS_USE_SERVERSECURITYPROCESSOR option has not been set in a previous call to DRMSetGlobalOptions. If this option option has not been set, the path retrieved is the path to the lockbox used by DRMInitEnvironment.
DRMGetSignedIssuanceLicense If the DRM_OWNER_LICENSE_NOPERSIST value is specified for uFlags, the owner license is stored in memory instead of in the permanent store. The owner license can subsequently be retrieved by using the DRMGetOwnerLicense function.
DRMIsActivated When querying for the activation status of the machine, the machine is considered activated if there is a valid machine lockbox for the logged-on user and a valid machine certificate in the per-user certificate store.
DRMVerify This function is no longer supported and returns E_NOTIMPL.

Send comments about this topic to Microsoft

Build date: 3/13/2008

Show: