RMS-enabled Applications

Updated: June 1, 2008

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create or consume rights-protected content, users must have an RMS-enabled application installed, as described in this topic. In addition, the RMS client must be installed and the computers that they are using must be activated. For more information, see "RMS Client" and "RMS Machine Activation" later in this subject.

RMS-enabled applications allow content authors to attach usage rights, in the form of publishing licenses, to files that they create to control the way that content is consumed. RMS-enabled applications also process the encrypted file information, and allow users to consume the content according to the permissions that are defined in the publishing license.

By using the Rights Management Services Client SDK, developers can build RMS-enabled applications that license, publish, and consume rights-protected content. RMS-enabled applications can be developed for computers that are running Microsoft® Windows® 2000 or later.

Developers can also build RMS-enabled server applications by using the Rights Management Services Client SDK. These applications can publish, but not consume, content.

Users who do not have another RMS-enabled application for consuming rights-protected content in e-mail and Web pages can obtain and use the Rights Management Add-on for Microsoft® Internet Explorer. For example, Outlook Web Access (OWA) customers can use the Rights Management Add-on for Internet Explorer to consume rights-protected e-mail messages.

You can download the Rights Management Add-on for Internet Explorer from the Microsoft Download Center (http://www.microsoft.com/downloads/details.aspx?FamilyId=B48F920B-5AF0-46B4-994F-2F62582CC86F&displaylang=en).

If you are using the Rights Management Add-on for Internet Explorer with Windows XP Service Pack 2, Windows Server 2003, or Windows Vista®, the enhanced security configuration may cause some application compatibility problems.

If the extranet connection URL for each domain in your organization is not added to the Local Intranet sites in Internet Explorer, users using Rights Management Add-on for Internet Explorer will repeatedly receive messages asking if they are sure they want to connect to the sites. An incorrect response to these messages could result in the RMS client obtaining a new rights account certificate for the user account.

To set these sites correctly throughout an organization, use a script or deploy a Group Policy object to write the necessary URLs into the registry as part of the Local Intranet zone. The Local Intranet zone provides a high enough security level by default to eliminate the messages.