Use AD RMS to protect off-line copies of protected files RRS feed

  • Question

  • Hi,

    I'm trying to evaluate if AD-RMS can protect local copies of protected files. The use case is the following:

    A user has "Change" access to an Excel file on SharePoint. With option “Require a connection to verify a user’s permission” active;

    The user takes a local copy on his USB stick under another file name.

    The user leaves the company. The company removes the rights of the user to the file on SharePoint.

    Can the user still access the local copy on his USB Stick? Or does the RMS encryption prevent this?


    Monday, October 3, 2016 9:43 AM

All replies

  • Not if they have disabled his/her account in AD. it would attempt to authenticate them and fail (game over). The setting in SharePoint itself wont matter much.
    Even if the "require a connection" wasn't set, when the file was moved to a machine that had never been certified against RMS, it would have to connect and they would get denied.

    Hope this helps.

    Monday, October 10, 2016 8:36 PM