When it comes to issues to do with Active Directory (AD RMS), information privacy is the main issue of concern. This is a data protection platform that allows sharing of protected files so that only the approved user is able to carry out explicit actions on them (Desmond, Richards, Allen, & Lowe-Norris, 2008). With the purpose of ensuring that an item remains secured, AD RMS uses cryptographic technique that involves the creation and storage of unrestricted and personal keys. Although this service offers strong codeword-based security for its server keys, it requires superior operational practices to sustain safety of the keys, restrictions which some companies might not provide sufficient guarantees. Active directory deals with two forms of protection which include encryption and through policy commonly known as “Persistent Protection”. Through policies, active directory controls access via trusted domains protects transmissions as well as setting in digital usage policies. Thus, a person cannot have access to a document if he/she lacks credentials to unlock or view it. However, if that person is authorized to access the file, then the issue of policies comes up permitting or disallowing the individual to do particular things with the file. This policy and encryption is incredibly unique since it follows this file any place that it goes. Therefore, to guarantee protection when the author wants to mail a safe piece of information for the first time, it will create a request to the Rights Management server to get a user licensor credential (Desmond, et al., 2008). Afterwards, it defines the usage policies of this information, creates Publishing License, and encrypts the data.
Active directory rights policy templates are generated on its cluster and then moved to a public file. If the users will be using an active directory application only when connected to the interior server, the templates can be accessed from the public file by the customers as considered necessary. Therefore, all the active directory users must be able to access this public file in order for them to utilize the rights policy template (Desmond, et al., 2008). The templates are capable of being copied from the public file to the user computers, allowing them to be used even when users are not connected to the server, for example, when traveling with a laptop. However, additional configuration is needed on the clients’ active directory workstation to enable the rights policy templates to be accessible. Rights templates are made accessible through copying the active directory policy templates to the client PC and then crafting a registry admission that shows the direction of the rights policy templates
Active directory service can support a range of trust models. The first model is trusted user domains that enable the active directory cluster to carry out requests for other active directory’s’ clusters positioned in different active directory forests (Desmond, et al., 2008). The other one is trusted encrypting domains, which enable private active directory cluster to give use certificates for the information that was protected by a different cluster. Active directory contains Windows ID that permits clients who possess a legitimate Windows certificate to use rights-protected information.
This type of service has both rewards and shortcomings when being implemented in an organization. While focusing on its advantages, AD RMS allows users to sign in using usernames and secret codes that are used in a different place. With active directory platform, creating and preserving user accounts is no longer considered necessary (Chadwick, 2005). While utilizing this service, computer policies can be designed to routinely update and protect workstations. Sharing information is easier in view of the fact that every user has access to set authorizations. On the other hand, using active directory service has various shortcomings. This platform can be very costly as Windows Server 2000 licenses are required and upgrading of the hardware on the server (Chadwick, 2005). This service depends on the operating system meaning that it will only function with Windows server software. Active directory service has high maintenance costs and incase it is designed wrongly, it can take time and capital to get rid of it and redesign it.
Chadwick, D. (2005, January). Threat Modelling for Active Directory. In Communications and Multimedia Security (pp. 173-182). Springer US.
Desmond, B., Richards, J., Allen, R., & Lowe-Norris, A. G. (2008). Active Directory: Designing, Deploying, and Running Active Directory. ” O’Reilly Media, Inc.”.