can use Windows RMS (Rights Management Service) to encrypt and protect your
documents in SharePoint 2010 and SharePoint 2007. In this article, we will look
at some of the complexities and features that you should know about before
setting it up.
only encrypts SharePoint documents and applies access control restrictions when
they are downloaded from a SharePoint document library. When documents are
stored on SharePoint server, they are not kept encrypted. This enables
SharePoint to index and scan the documents for faster searches. When you
download a document to your computer, RMS applies encryption to it. This
encryption is removed after the document is uploaded to SharePoint once again.
integration in this particular scenario ensures that security restrictions and
permissions are enforced even after a document has been downloaded to a client
system, which can't be achieved using the standard SharePoint permissions
mechanism. This integration also applies an organization's RMS document
security policies. A SharePoint administrator can easily create and configure
different policies for all document libraries residing on a SharePoint 2007/2010
server. Any documents in a library automatically inherit RMS permissions. This
protection applies to both existing and new documents in the SharePoint
RMS protection of SharePoint data only supports Word, Excel, PowerPoint,
InfoPath, and XPS files out-of-the-box. You must use the Information Rights
Management section in the Permissions and Management configuration section of a
document library to set up RMS. Just select the Ã¢â‚¬Å“Restrict permission to
documents in any library on downloadÃ¢â‚¬Â check box. Additionally, you can further
refine RMS protection in the following ways:
Allow/disallow users to print documents.
Enforce user credential verification every x
number of days.
Reject files that do not support Information
Rights Management (IRM).
Remove RMS protection policy on a particular
is enabled at the document library level. However, in order for it to be an
option at the document-library level, IRM must be configured for Windows
SharePoint Services as a whole. Enabling IRM for Windows SharePoint Services
generally requires installing the rights management platform(s) on each
front-end Web server, and making sure that Windows SharePoint Services and any
associated service accounts have the necessary permissions on those platforms.