ZDNet UK / News and Analysis / Business of IT / IT Strategy

Windows Server 2003 gets 'Big Brother'

By Joe Wilcox, CNet, 24 February, 2003 06:53

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Microsoft, Windows 2003 Server

NEWS
Microsoft on Friday announced a new security technology that would allow businesses more control over who accesses documents and information stored on their computers. The company plans to release next week a new test version of Windows Rights Management Services (RMS), which works with Windows Server 2003. Microsoft plans to launch a broader test release during the second quarter. Microsoft has focused this version of the software on securing data stored on corporate portals and intranets. A later release will expand the security mechanism's scope to documents transmitted over the Internet between companies. "This is really focused on enterprise, not individual users," said Gartner analyst Ray Wagner. "At the enterprise, they're looking for more control of content." A lot of the time, regulatory compliance is the driving reason behind businesses' desire to manage access to files, he said, noting that it could be used to keep confidential information from getting out. RMS would give companies tight control over the permissions that apply to their business documents, said Mike Nash, corporate vice president of Microsoft's Security Business Unit. Microsoft's existing permissions technologies work mainly by allowing people on a user list associated with a document to access that document. RMS issues a licence that must be authenticated by the server for the user to access the document. "What we've done here is put persistent protection in the document itself," Nash said. "Even if the file is no longer part of the file system or the infrastructure of the company, the protection is still there as part of the file." Using RMS, a business could restrict access by user, limit or time-out user access, or prevent the copying and pasting of specific bits of information. Businesses also could prevent important emails from being forwarded to nonapproved recipients, such as reporters or competitors. "What this does is allow customers to better protect their information, from a leak perspective," Nash said. The introduction of RMS could raise concerns among users that Microsoft -- and the larger businesses that install the tool -- could act as "Big Brother", constantly monitoring their computer use. However, Wagner said he didn't see anything "intrinsically evil" about the technology. "I'm sure there are people who will say that," he said, but argued that Microsoft is developing RMS "because enterprise customers are asking for it." Microsoft had planned to announce RMS next week, but apparently changed its plans following Wednesday's accidental posting of Office 2003 Beta 2, or testing version, code on the Microsoft Developer Network (MSDN) Web site. Office 2003 documents come with a new "Permission" button that accesses RMS. So that Office 2003 testers can try out the permissions feature, Microsoft plans to offer a "trial hosted service" concurrent with Beta 2, a Microsoft spokesman said. Nash used the new Office 2003 Permission feature as an example of RMS in action. "What you see in the case of the Office beta that you have, is just that application taking advantage of that platform capability and exposing it in that button," he said. Nash described three scenarios where RMS would be most applicable to businesses: limiting Web content access, protecting documents and preventing email from being forwarded. In the first scenario, a company might provide on an intranet Web documents that contain confidential information. "You certainly want people using that portal access to that information, but you don't want them to cut and paste that information and then forward it," Nash said. A company could use RMS to prevent unauthorised users from taking such action. The second scenario would allow companies to post a restricted-access document on an internal file server that would be protected so "only people with the right authorisation could get into and look at the file, even when that file gets moved around," Nash said. At the same time, businesses would have detailed control over rights, giving one user full access while restricting another's save or print access. "The other thing you can do with Windows Rights Management is control how long that access will last," Nash said. "I could give you the right to view a document up until six o'clock... and then your right-to-view is revoked automatically." The third scenario would prevent employees from forwarding emails to people not authorised to access the information. "We've seen this is as a big issue in corporations large and small," Nash said. Using Microsoft as an example, he said: "One of the challenges we have had here is the need to be open and share information with employees, but at the same time worry that with such a large number of people in the target base...one of them (might) inadvertently share that information." To provide this level of rights management for the three scenarios, RMS issues a licence certificate containing access permissions when a document is created. So, in the case of a Word document created in Office 2003, the person creating it would use the "permission" button to set or restrict access. The process accesses RMS, which encrypts the file and includes a license for permissions. But one important protection mechanism could cause headaches for companies that don't implement RMS carefully. A user's computer must be able to access the Windows Server 2003 running RMS on first opening a document to authenticate the rights and decrypt the document. Otherwise, the document cannot be opened. In the future, Microsoft plans to offer an "offline" rights authentication mechanism, but not with this version of RMS. Other issues affecting the portability of rights associated with documents could cause other problems. Nash claimed that RMS is "platform agnostic" -- meaning it will work with any operating system -- in that "Windows Rights Management supports industry standards." But for people to be able to access RMS-protected documents on, say, Mac OS X or Linux, the operating systems must use XrML (Extensible Rights Markup Language) in the same way Microsoft does. In that case, "there is the opportunity for interoperability of document interchange," Nash said. Otherwise, the document could not be opened on the non-Windows operating system. The same restriction in one sense applies to other Windows users. "If you shared the document with another Windows user and that Windows user hadn't installed (RMS), that other Windows user couldn't open the document as well," Nash said. Gartner's Wagner rebuffed any concerns that Microsoft would use RMS as a means of making companies more reliant on Windows. "In the enterprise, they're already dependent on Windows anyway," he said. "You wouldn't become anymore dependent on Windows than you would be from using Exchange or Office." If nothing else, Microsoft, which is protective of its own intellectual property, has its own reasons for developing RMS. "There's no question that Microsoft wants to protect (its) own intellectual property, but all companies with intellectual property want to protect it," Wagner said. As Microsoft continues to refine this version of RMS and its successor, developers' eyes will be on the enterprise. "We have also provided -- for the enterprise -- centralised policy control. So it's possible for the enterprise, if they want to, track where these documents are being protected and who's getting access to those things," Nash said. In the future, Microsoft plans to replace the underlying "platform" with the forthcoming security technology formerly known as Palladium," Nash said. RMS is solely a software technology, whereas Palladium will add hardware security chips as an additional protection and rights management mechanism.
See the Windows News Section for the latest news, reviews and briefing papers on everything from Windows NT and 95 to service pack releases for XP. Let the editors know what you think in the Mailroom.

Related stories

Microsoft rethinks server software

Windows Server's identity crisis

Test version of .Net Server on tap

Microsoft polishing .Net Server software

Microsoft details Server 2003 features

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

JCB33

How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

2 hours ago by JCB33 on ACTA stumbles in Germany
Moley

@GrueMaster. I prefer horses for courses rather than one size fits all. I, and I suspect most other computer users, do not really wish to have...

5 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
greycynic

The product that scares me every time I have to use it is the Office 2007 version of Excel. The first bug that I found was applying the median...

5 hours ago by greycynic on Ten flawed products that derail productivity
GrueMaster

Nice review and very informative. One thing I'd like to add (in reply to whs001's 1st question), the main reason to have the same interface from...

6 hours ago by GrueMaster on A tale of two distros: Ubuntu and Linux Mint
Frederick Wrigley

I'be been using Mint 12 since the RC came out, and I am far more happy with the Cinnamon, the Mate, and, yes (with extensions), theGnome 3...

7 hours ago by Frederick Wrigley via Facebook on A tale of two distros: Ubuntu and Linux Mint
bdantas

Excellent article. One small correction, though--although a fresh installation of Linux Mint 12 will, indeed, provide the user with a version of...

8 hours ago by bdantas on A tale of two distros: Ubuntu and Linux Mint
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

8 hours ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

8 hours ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Moley

For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

9 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
ramwellian

Your comments would seem pretty naive and immature. Your 'solution' appears to be, "gee, let's all just give in to the hackers and give them...

9 hours ago by ramwellian on Cloud computing security: no more oxymoron?
BugStalker

"Interesting thought ... If you installed Win7 as a dual boot on a machine that previously only had Linux, and it wrecked your Linux installation,...

9 hours ago by BugStalker on Windows 7 Declares War on GRUB
whs001

This is an excellent summary of Ubuntu and Mint and the interface differences between them. Most such articles take a very partisan position for...

9 hours ago by whs001 on A tale of two distros: Ubuntu and Linux Mint
Moley

@ewallace. Not so clear. Anyone can obtain the text, for example from here http://www.ustr.gov/webfm_send/2379. I support ACTA so long as it and...

10 hours ago by Moley on ACTA: Facts, misconceptions and questions
45283

I think WinRT is fantastic. I just wish it was an option for people that didn't want to go through Microsoft's App Store with its attendant...

13 hours ago by 45283 on Why Windows 8 needs architectural hygiene for WOA
Burn-IT

Nine people? £30m? Who's back pocket is that lot going in? And IF they say it is for new buildings, what about all the ones the government has...

14 hours ago by Burn-IT on Police set to launch three £30m e-crime hubs
ewallace

Just to be clear, nobody knows what is in the text of ACTA, here is a photograph of the text of ACTA http://twitpic.com/8h9iju as submitted to the...

14 hours ago by ewallace on ACTA: Facts, misconceptions and questions
fgvrg56

Unfortunately main issue is that ASUS is refusing to accept that they make some mistake on this version of asus Transformer prime. 1 - GPS sensor...

15 hours ago by fgvrg56 on Asus Eee Pad Transformer Prime Wi-Fi & GPS problems?
Ben Woods

@Marcus A fair question. Just talked with Archos which said it was working on an announcement for next week....

16 hours ago by Ben Woods on Archos confirms G9 Ice Cream Sandwich update schedule
Marcus Karlsson

Any update on this, considering the claimed "first week of February"?

17 hours ago by Marcus Karlsson via Facebook on Archos confirms G9 Ice Cream Sandwich update schedule
apexwm

Bill Goodrich : Just as al_langevin pointed out, with Windows Server 2008 there is no Services for Macintosh anymore. It's gone, not available....

1 day ago by apexwm on Windows Server 2008 drops the ball for Mac compatibility

Latest in IT Strategy

Heart of England NHS begins massive digitisation plan

Hard-drive woes hit PC shipments in fourth quarter

Featured white papers

How cloud adds strategy to IT outsourcing

SAVVIS

How cloud adds strategy to IT outsourcing

Thanks to cloud computing, IT outsourcing is back, but this time it can help both in cutting costs and helping the business... Read more

Tech breakthroughs to watch in 2012

ZDNet UK

Tech breakthroughs to watch in 2012

From invisibility cloaks to virtual atom smashing, from Cern to Nasa, this ZDNet UK guide presents the discoveries to watch in... Read more

Key trends driving global business resilience and risk

IBM

Key trends driving global business resilience and risk

This IBM research paper looks at how businesses are thinking more about business resilience by improving the ability to adapt to a continuously changing business... Read more

Inside ZDNet UK

A tale of two distros: Ubuntu and Linux Mint

A tale of two distros: Ubuntu and Linux Mint

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

Case study: How cloud enables growth

Case study: How cloud enables growth

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault