Tuesday, June 26, 2007

Restrict permission to confidential information in e-mail messages

The purpose of IRM and its limitations

Information Rights Management (IRM) allows individuals to specify access permissions to e-mail messages. This helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people. After permission for a message has been restricted by using IRM, the access and usage restrictions are enforced no matter where the information is, because the permissions to access an e-mail message are stored in the message file itself.

IRM helps individuals enforce their personal preferences concerning the transmission of personal or private information. IRM also helps organizations enforce corporate policy governing the control and dissemination of confidential or proprietary information.

IRM helps to do the following:

  • Prevent an authorized recipient of restricted content from forwarding, copying, modifying, printing, faxing, or cutting and pasting the content for unauthorized use
  • Prevent restricted content from being copied by using the Print Screen feature in Microsoft Windows
  • Restrict content wherever it is sent
  • Provide the same level of restriction to e-mail attachments, as long as the attachments are files created by using other Microsoft Office programs, such as Microsoft Office Word 2007, Microsoft Office Excel 2007, or Microsoft Office PowerPoint 2007
  • Support file expiration so that content in documents and e-mail messages can no longer be viewed after a specified period of time
  • Enforce corporate policies that govern the use and dissemination of content within the company

IRM can't prevent the following:

  • Content from being erased, stolen, or captured and transmitted by malicious programs such as Trojan horses, keystroke loggers, and certain types of spyware
  • Content from being lost or corrupted because of the actions of computer viruses
  • Restricted content from being hand-copied or retyped from a display on a recipient's screen
  • A recipient from taking a digital photograph of the restricted content displayed on a screen
  • Restricted content from being copied by using third-party screen-capture programs

Configure your computer to use IRM

To use IRM in the 2007 Office release, the minimum required software is Windows Rights Management Services (RMS) Client Service Pack 1 (SP1), which can be installed on your computer either by you or your RMS administrator. The RMS administrator can configure company-specific IRM policies that define who can access information and what level of editing is permitted for an e-mail message. For example, a company administrator might define a rights template called "Company Confidential," which specifies that an e-mail message that uses that policy can be opened only by users inside the company domain.

Install the Windows Rights Management Services (RMS) Client

  1. In Microsoft Windows, click the Start button, and then click Control Panel.
  2. Do one of the following:
    • Microsoft Windows Vista  Click Programs, and then under Installed Programs, click Install a program from the network. In the list of programs, click Windows Rights Management Services Client, and then click Add.

       Note    In Classic view, double-click Programs, and then click Get programs. From the list of programs, click Windows Rights Management Services Client, and then click Add.

    • Microsoft Windows XP  Click Add or Remove Programs, and then click Add or Remove Programs. In the left pane, click Add New Programs. From the list of programs, click Windows Rights Management Services Client, and then click Add.

       Note    In Classic view, double-click Add or Remove Programs, and then in the left pane, click Add New Programs. From the list of programs, click Windows Rights Management Services Client, and then click Add.

Alternatively, when you first try to open e-mail messages that have been rights-managed by using IRM, Office Outlook 2007 prompts you to download the Windows Rights Management Services Client. For more information about the Windows Rights Management Services Client, visit the Windows Rights Management Services Web site.

Download permissions

The first time that you attempt to open an e-mail message with restricted permission, you must connect to a licensing server to verify your credentials and to download a use license. The use license defines the level of access that you have to a file. This process is required for each file with restricted permission. In other words, content with restricted permission cannot be opened without a use license. Downloading permissions requires that Microsoft Office send your credentials (which includes your e-mail address) and information about your permission rights to the licensing server. Information contained in the e-mail message is not sent to the licensing server. For more information, read the Privacy Statement.

Send an e-mail message with restricted permission

  1. Start Outlook, and then open a new message.
  2. Click the Microsoft Office Button , and then click Permission.

    To use a custom permission policy (permission policy: An approach to restricting permission for a given document, workbook, presentation, or message. The policy defines which Office features are available, which information can be accessed, and what level of editing is allowed.) that an e-mail administrator has created for people in your company, click the arrow next to Permission, and then click a custom permission policy on the menu.

  3. The InfoBar of the new message displays Do Not Forward, indicating that the message is rights-managed. This means that recipients cannot forward, print, or copy the message content. Only the person initiating the message, known as the conversation owner, has no restrictions.

  4. Address and send the message.

    Each recipient will be able to view additional content when replies are sent by anyone on the conversation thread.

Tip  You can also restrict permission to a new message by doing the following: In the new message, on the Message tab, in the Options group, click Permission .

 Notes 

  • If you attach a document, workbook, or presentation to a message with restricted permission, Office Outlook 2007 automatically applies the same restricted permissions to the attachment.
  • If the attached document, workbook, or presentation has already been rights-managed in its originating program, such as Office Word 2007, Office Excel 2007, or Office PowerPoint 2007, those permissions remain in effect.

Set an expiration date for a message

Even though it is not an IRM feature in Office Outlook 2007, you might want to set an expiration date for the new message so that its content can no longer be viewed after a specified period of time.

  1. In the new message, on the Message tab, in the Options group, click the Options Dialog Box Launcher .
  2. In the Message Options dialog box, under Delivery options, select the Expires after check box, and then select a date and time.

Use a different Windows user account to rights-manage e-mail messages

  1. Open the message.
  2. Click the Microsoft Office Button , click the arrow next to Permission, and then click Manage Credentials.
  3. In the Select User dialog box, do one of the following:
    • Select the e-mail address for the account you want to use, and then click OK.
    • Click Add, type your credentials for the new account, and then click OK twice.

View messages with restricted permission in Outlook

Messages with restricted permission that you receive can be identified by the following icon, which appears next to the message in the message list of your Inbox.

If you attempt to open and view a message with restricted permission without first obtaining a certificate, Outlook gives you the option to obtain one. After the certificate is installed, you can view the contents of the message by opening the message.

 Note    You cannot view the contents of a rights-managed message in the Reading Pane.

 Note    If the recipient replies to the message, only the sender who restricted the message, also known as the conversation owner, has full permission to the reply content. In other words, replies have the same restrictions to recipients as the original message.

If you need to read or open content with restricted permission but the 2007 Office release is not available on the computer that you are using, you can download the Rights Management Add-on for Microsoft Windows Internet Explorer, which enables you to view the messages in Internet Explorer. With this add-on, recipients can only view messages. Recipients cannot reply to, forward, copy, or print the messages.

 Note    When using the Rights Management Add-on to view messages, attachments that might have been sent with the message cannot be viewed.

Resource adapted from Microsoft Outlook 2007 (MS Office Enterprise edition-2007)

0 responses:

Post a Comment

Thanking you for your comment(s). Hope you will visit this blog again!

Subscribe to geeklog feed Bookmark and Share

Design by Free blogger template