Skip to content
  • Blog
  • Events
  • Help
  • Careers
  • Contact
New Signature
  • About
      • Company

        New Signature has built a record of leadership by delivering exceptional technology and web solutions.

        View Company

      • Awards

        As a company, we are regularly recognized within the IT industry as well as the communities we serve.

        View All Awards
      • News

        Learn about the newest company announcements, technologies, and products at New Signature.

        View News

      • Partners

        New Signature works with a number of outstanding technology companies to deliver the best experiences to our customers.

        View Partners
      • Leadership

        New Signature's executive team includes proven leaders from the most innovative and fast-growing technology fields.

        View Leadership

      • Testimonials

        We love transforming our customers businesses, take a look at what they have to say about New Signature.

        View Testimonials
    Close
  • Services
      • Managed Services

        • Cloud Management for Azure
        • Cloud Management for Office 365
        • Desktop Experience
        • Recovery Experience
        • System Health
        • Technology Managed Services
      • View Managed Services
      • Professional Services

        • Advanced Analytics
        • Application Development
        • Collaboration
        • Identity and Access
        • Infrastructure
        • Process and Automation
        • Strategy
        • Training and Change Management
        • Unified Communications
      • View Professional Services
    Close
  • Technologies
    • Learn more about the technologies that power New Signature solutions View All Technologies


      • Advanced Threat Analytics
      • Azure Active Directory
      • Azure IoT Suite
      • Azure Site Recovery
      • Cortana Intelligence Suite
      • DocuSign
      • Dynamics 365
      • Employee Self Service
      • Enterprise Mobility Suite
      • Exchange
      • ExpressRoute
      • Hyper-V
      • Microsoft 365
      • Microsoft Azure
      • Microsoft Azure Stack
      • Microsoft Identity Manager
      • Microsoft Intune
      • Microsoft Phone System
      • Microsoft Project
      • Microsoft Teams
      • Nintex
      • Office 365
      • OneDrive for Business
      • Operations Management Suite
      • Power BI
      • SharePoint
      • Skype for Business
      • SQL Server
      • System Center
      • System Center Configuration Manager
      • Visual Studio
      • Windows 10
      • Windows Server
      • Xamarin
      • Yammer

    • New Signature Cloud Management Portal (CMP)

      Our exclusive portal is a core component of our managed services providing customers with insight into Azure spend and usage, access to incident support tickets, and reporting on system health. Learn More

      Try the CMP for Free   |    Login to the CMP

    • New Signature Microsoft Licensing

      A Microsoft environment is not complete and usable until the proper licensing has been purchased and activated for your organization. Learn More

    Close
  • Industries
      • Communications & Media

        We develop technological solutions to increase collaboration for industries that never stop.

        Learn More

      • Health & Life Sciences

        Dynamic solutions that respect patient privacy, increase collaboration, and provide tools to access vital information.

        Learn More
      • Financial & Professional

        Bringing you the tools to develop a streamlined customer banking experience and enhanced security.

        Learn More

      • Manufacturing & Resources

        Providing advanced technological solutions to enhance and optimize manufacturing operations.

        Learn More
      • Government & Associations

        Optimizing your technology to heighten cyber-security efforts, enhance collaboration, and encourage growth.

        Learn More

      • Retail & Consumer Goods

        Optimizing data operations to create a retail solution that empowers employees and customers.

        Learn More
    Close
  • Resources
      • Insights

        Examine a wide array of New Signature thought leadership assets including videos, ebooks and infographics to learn more about our services and offers.

      • View Our Insights

      • Featured Insights Guides & Ebooks

        Our eBooks are a collection of learning guides that deliver a comprehensive look at some of the most pressing business trends, and how technologies can help you overcome those challenges.
        Learn More

      • Case Studies

        Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature.

      • View All Case Studies

      • Featured Case Study TalkTalk Modern Workplace

        New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoft 365, which kept the user firmly at the center of the transformation.
        View Case Study

    Close
  • About
    • Company
    • Culture
    • News
    • Leadership
    • Partners
  • Services
    • Managed Services
    • Professional Services
  • Technologies
  • Industries
  • Successes
    • Case Studies
    • Awards
  • Blog
  • Events
  • Careers
  • Help
  • Contact
Blog

Do My Permissions Rock My RMS Rights?

New Signature / Blog / Do My Permissions Rock My RMS Rights?
June 10, 2016| Peter Day
  • Facebook
  • Twitter
  • Google
  • LinkedIn
  • Print

If you’re protecting files on your Windows Server with Microsoft Rights Management Services (RMS), then you need to know how the rights assigned by RMS relate to the NTFS permissions already in place on the file. To explore that relationship we will use the example of one Word document that is both protected by RMS and also stored on an NTFS volume. The table below lists the NTFS permissions and RMS rights for three different users, who are each trying to open that document.

NTFS permissions and RMS rights

Note, the NTFS permission to Read the file only gives these users access to open the file. Because the file has RMS protection embedded, it can only be opened by an RMS-aware application such as Word 2016. When Word opens the file, it checks with the the RMS server to see what rights the user has to the protected document. The application then enforces those rights and restrictions.

In the above table, Rachel has permissions to read the file so she will be able to access it. As Word opens the document the RMS rights are evaluated. Although Rachel has the RMS rights to view and edit the document, in fact she will only be able to view it. Rachel cannot edit the document because that is not supported by the NTFS permissions.
 
Mike is also able to access the file as he has the Full Control permission level in NTFS. However, because the file is protected by RMS, Mike’s rights to use the file are evaluated as it is opened in Word.  Mike is not able to even view the document since he has not been granted any RMS rights to do so. Although he has the NTFS permission level of Full Control for the file, this does not allow him to change the rights granted to him by RMS.
 
John, on the other hand, is unable to open the Word document because he has no NTFS permissions to access it. He is thus unable to view the file, even though RMS has granted him the rights to do so.
 
It should be noted that RMS protection is embedded with the file and travels with it, whereas NTFS permissions will not stay with the file if it is emailed or moved to a non-NTFS file system. This illustrates the benefit of using RMS to protect files that need to be shared with others, as RMS-protected files remain protected both at rest and in transit. It is only when that file is on an NTFS volume that we need to also take into account the NTFS permissions.
 
To summarize: Both the NTFS permissions and the rights assigned by RMS need to be taken into account. If the actions permitted by permissions and rights overlap (e.g. “read” and “view”), then both need to be assigned to the user for them to be able to carry out the action.
 
 
Categories
Tips and Tricks
Contact New Signature

Blog Posts

  • What’s New in Azure: Updates to Azure Log Analytics
  • New Service Offering: Accelerate Your Journey to the Cloud
  • Network Policy Server Extension for Azure MFA: A Step-By-Step Guide
  • What’s New in Azure: Data and Security Updates

Events

Thu 28

Microsoft Azure IT Leaders Dinner (Charlotte, NC)

February 28 @ 4:30 pm - 9:00 pm EST
Mar 12

Microsoft US Tech Summit (Boston, MA)

March 12 @ 8:30 am - 4:45 pm EDT
Apr 11

Controlling Your Azure Environment: Governance for the Modern Enterprise Webinar

April 11 @ 10:00 am - 11:00 am EDT
May 16

A Night @ SunTrust Park with New Signature (Atlanta, GA)

May 16 @ 6:30 pm - 10:00 pm EDT

View More

New Signature
New Signature HQ
901 K Street NW, Suite 450
Washington, DC 20001
Phone: 202-452-5923
New Signature Canada HQ
140 Yonge Street - Suite 400
Toronto, ON M5C 1X6
Phone: 416-971-4267
New Signature UK HQ
57 Bermondsey Street
London SE1 3XJ
Phone: +44 (0) 845-402-1752

About

  • Company
  • Awards
  • News
  • Leadership
  • Partners
  • Testimonials

Managed Services

  • Cloud Management for Azure
  • Cloud Management for Office 365
  • Desktop Experience
  • Recovery Experience
  • System Health
  • Technology Managed Services

Professional Services

  • Advanced Analytics
  • Application Development
  • Collaboration
  • Identity and Access
  • Infrastructure
  • Process and Automation
  • Strategy
  • Training and Change Management
  • Unified Communications

Technologies

  • View all Technologies

Resources

  • Insights
  • Case Studies
  • Industries
Copyright © 2019 New Signature
  • Blog
  • Events
  • Careers
  • Help
  • Contact
  • Privacy Policy
  • CMP Login
To give you the best possible experience, this site uses cookies. Using newsignature.com means you agree to our use of cookies. For more information on cookies and how you can disable them, visit our Cookie Policy.