You
can use Windows Rights Management Services (RMS) to protect SharePoint
documents in the two most recent releases of SharePoint; SharePoint Server 2010
and SharePoint Server 2007 both include RMS support. However, there are some
restrictions and complexities you should be aware of if you plan to set up RMS
with your SharePoint installations.
An
important thing to know is that RMS can only encrypt SharePoint documents and
subject them to RMS access control restrictions when they are downloaded from a
SharePoint 2010 or SharePoint 2007 document library. RMS doesn't leave
SharePoint documents encrypted while they're stored on the SharePoint server.
This restriction exists so that SharePoint can index and scan the documents on
a SharePoint storage provider. RMS applies its restrictions to a document only
right before it's downloaded to a client computer. Similarly, when an
RMS-protected document is uploaded to a SharePoint site, RMS removes all
protection from the document until a new download request is received.
SharePoint-RMS
integration ensures that security restrictions are enforced even after a
document has left a SharePoint server, which is something that can't be
achieved using the standard SharePoint permissions. SharePoint-RMS integration
also automatically enforces an organization's RMS document security policies. A
SharePoint administrator can centrally define different RMS policies for the
document libraries hosted on a SharePoint server. Therefore, individual users
don't have to decide what protection they need to apply to documents they post
in SharePoint libraries. RMS permissions are defined at the SharePoint document
library level: Documents in a library automatically inherit the library's RMS
permissions. This protection applies to both existing and new documents in the
SharePoint library.
The
RMS protection of SharePoint data is, just like the RMS protection that's
bundled with Windows and Microsoft Office, only possible for certain file
formats. Out of the box, it supports Word, Excel, PowerPoint, InfoPath, and XPS
files. Extensions to apply RMS protection to other file formats (e.g., .pdf,
.cad) can be added through special software from Microsoft partners such as
Liquid Machines (now part of Check Point Software Technologies) and GigaTrust.
RMS
support for SharePoint can be set up using either RMS SP2 or RMS V2, which is
bundled with Windows Server 2008. Provided you already have a functioning RMS
infrastructure, enabling RMS protection in SharePoint is relatively
straightforward. The main configuration actions are
- enabling RMS support on the SharePoint server
- setting the actual RMS restrictions in the configuration of a given document library
You
can enable RMS support in SharePoint by selecting either the Use the default
RMS server specified in Active Directory or Use this RMS server
option in the Information Rights Management section of the SharePoint Central
Administration\Operations configuration section.
To
set RMS restrictions on a SharePoint document library you must use the
Information Rights Management section in the Permissions and Management
configuration section of the document library. When you select the Restrict
permission to documents in this library on download check box, you can
further refine the RMS protection as follows:
- Allow users to print documents.
- Enforce users to verify their credentials every x number of days. This setting can be useful when someone who has access to RMS-protected confidential data leaves your organization; the individual will retain access to the data only for x days after his or her last successful authentication to an RMS server.
- Reject files that don't support Microsoft Information Rights Management (IRM). Selecting this option results in SharePoint rejecting the upload of document formats that don't support RMS.
- Remove RMS protection on a particular date. This setting is useful for publishing company financial results, for instance. After the quarterly results are published, the RMS protection policy on the quarterly results SharePoint library automatically changes -- meaning that the RMS restrictions are removed.
Microsoft
provides more detailed guidance on how to set up SharePoint-RMS integration in
the article "Deploying Windows Rights Management
Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide,"
which is available from Microsoft's website.
Courtesy: www.sharepointpromag.com