Please note that RMS client will have no support after 31 Jan 2019 and will be replaced by Azure Information Protection client. Please refer to Protect files with Azure Information Protection for details. This page will be removed after the date.
The Microsoft Rights Management (RMS) sharing application helps you keep important documents (Word, PDF, Excel, PowerPoint etc) and pictures safe from people who shouldn't see them, even if the files are accidentially released to unauthorized persons. RMS leverages on identity-based encryption. This means ITSC username and password are used for encrypting and decrypting data. Users do not need to invent an arbritary password each time when a file is required to be encrypted.
You may also refer to Microsoft's RMS sharing application user guide for more information.
Below are the information on using RMS:
- Install RMS sharing application
- How to view files that have been protected?
- How to protect a file on a Windows platform (protect in-place)?
- How to tell a file is protected?
- How to change the protection on a file?
- How to remove protection on files?
- How to send protected documents via email?
- Can I protect documents with combination of users?
- Other advanced features
- Limitations for Office 2010 and RMS
- Known problems
- FAQ for RMS application for Windows
- FAQ for RMS application for mobile and Mac platforms
Check if your devices supports RMS:
- Windows 7, 8, 8.1, 10 (x86, x64)
- Mac OS X: 10.10 or above
- iPhone and iPad: iOS 7.0 or above
- Android phones and tablets: 4.0.3 or above
- You can protect documents using the RMS client for Windows 7, 8, 8.1 or 10 only.
- For Windows/Mac OS, Office 2013 / 2016 (Windows) or Office 2016 (Mac) is required for reading protect documents.
- For Windows platdorm, logon your computer with Administrative right.
- Download the correct the Rights Management (RMS) sharing application, which is available in various perform, including Windows, Mac OS X, iOS, and Android. (Not all supported client devices support all RMS capabilities, please click here to identify which applications support the RMS capabilities, and the exceptions.)
Run the Setup program (some Windows users will need to install Microsoft .Net Framework 4 before you can install the RMS Sharing application. You may skip the configuration for Office 2010 if both Office 2013 and Office 2010 are co-exist in your computer) or install the RMS Sharing app. Below are screen capture for Windows:
Close the application upon completed the installation
Office 2010 user will need to configure Office 2010 as well
When the Rights Management (RMS) sharing application is installed on your computer or mobile devices (iPad, iPhone), you could view a protected file by simply double-clicking it. The document may be an attachment in an email message, or you may see it when you use File Explorer. You can only view protected document if you have the required permission.
Protected MS Office document files can be opened by Office 2013, 2016 that are enlightened for RMS. For protected PDF, TXT, JPG, PNG files (with .ppdf/.ptxt/.pjpg/.ppng/.pgif file name extension), they must be opened by using RMS sharing application.
When you protect a file in-place, it replaces the original unprotected file. You can then leave the protected file where it is, and copy it to another folder or device. You can also attach the protected file to an email message.
To protect a file on a device (protect in-place):
In File Explorer, select a file to protect. Right-click, and then select Protect in-place.
Note: You can also protect multiple files and a folder using the HKUST templates. When you select a folder, all the files in that folder are automatically selected for protection. You will need to perform file protection for any newly added file as new files will not be automatically protected. For custom protection, you can only protect one file at a time.
Select either of the following HKUST templates or custom permission depending on your requirements:
- HKUST - Confidential View Only
- HKUST - Confidential
- Custom Permission...
HKUST - Confidential View Only: This content is proprietary information intended for internal users only. This content cannot be modified.
HKUST - Confidential: This content is proprietary information intended for internal users only. This content can be modified but cannot be copied and printed.
For Custom Permission..., the following options are available:
Viewer – View Only
Users can view the attachments, but cannot print, edit, or copy content.
Reviewer – View and Edit
User can view and edit the attachments, but cannot print or copy content.
Co-Author – View, Edit, Copy and Print
Users can view, edit, copy, and print the attachments, but cannot unprotect the content.
Co-owner – All permission
Users have full control for the attachments; they can view, edit, print, and unprotect the content.For example, the screen of the Reviewer option:
- You may quickly see a dialog box telling you that the file is being protected, and the focus will then return to File Explorer. The selected file(s) are now protected.
Note: Only the Windows version can add protection to PDF files.
If you are the document owner, just invoke the office document and the Office application will tell you the permission status:
- HKUST - CONFIDENTIAL VIEW ONLY
- HKUST - CONFIDENTIAL
- RESTRICTED ACCESS
For non-office documents such as PDF, PNG, GIF, JPG, etc., you will note a protected icon of the file in the file explorer or just displays name of the protected documents without any indication (with file extension such as .ppdf, .ppng, .pgif or .pjpg) . For the following example, files gifo1 and pdf01 are protected, but not the others:
Just follows the steps in How to protect a file on a device to assign new protection. For files with custom permission together with specified users, you may just update the user list and select the right permission. For example, adding email@example.com to the USER list:
If you want to remove the protection from a file, right-click the file, click Protect in-place, and then click Remove Protection (Note: You must be an owner of the file to remove the protection).
If the document is already protected using RMS (this is the recommended way to protect documents containing high risk data), you can just attach the protect document using any email tools such as Outlook, OWA, Thunderbird, HKUST WebMail and sent to the recipients.
In case you would like to send a protected copy of your document using email tools such as Outlook 2013 or Outlook 2016, you may following the steps below. Please note that only the attachment copy in the email is protected while the original document remains UN-protected.
- Install the RMS Sharing application if it is not.
- Invoke Outlook 2013 or Outlook 2016
- Click New Email
- Add email recipients, subject and the email body as usual
- Attach the require attachments
Click Share Protected
Choose Reviewer (or Viewer, Co-Author, Co-Owner if necessary)
- Press Send Now
- An additional PPDF file (protected PDF) will be attached along with the attached document for user's easy access in mobile devices.
- If your original document is already protected (say with the HKUST - Confidential protection) and you you would like sending to specific users using the above Share Protected method, the newly selected options (Viewer, Reviewer, Co-Author, Co-Owner) becomes the new protection for the attachment copy.
You can also protect Office documents using the option Restrict Access:
- Open your Office document
Click File -> Protect Document -> Restrict Access -> Restricted Access
Tick the Restrict permission to this document option and enter the email addresses of users in the Read... and Change... boxes separate name with semicolon.
Click More Options... if you would like others to print your document, etc. if it is necessary
- Click OK and then save your protected document
- Sharing with people in another organization.
- Email notification, which lets the sender know when somebody tries to open a protected attachment.
- A document tracking site for users, which includes the ability to revoke a document.
Multiple people on the same computer cannot view protected documents from Azure RMS.
When you install the RMS sharing application in this configuration, the installation configures settings for your account. Other users who log on to your computer will not be able to view protected documents from Azure RMS.
You cannot change your organizational account that you use for the RMS sharing application.
Reinstalling the RMS sharing application does not let you change the original organizational account that you used previously on that computer.
You cannot change your user account in Office 2010 after the RMS application has been installed on your computer.
If you change your user account in Office after the RMS sharing application has been installed, Office 2010 will no longer work with Azure RMS.
You cannot sign in with multiple accounts.
Office 2010 and Azure RMS do not support more than one account per user.
If you cannot open protected document, you will need to send email to the document owner explicitly. Your email tools might not be invoked when you click Yes to request updated permission via the following interface: