Forefront Team Blog

News, updates and insights about enterprise identity and security solutions.

Required update for all AD RMS customers

Required update for all AD RMS customers

  • Comments 7
  • Likes

Important information for Active Directory Rights Management Services (AD RMS) customers!


Today Microsoft is releasing an update to AD RMS to completely remove the “application manifest expiry” feature. This update is particularly important for AD RMS customers using Internet Explorer, because the certificate for the RMA add-in for Internet Explorer will expire on February 22nd.  The RMA add-in for Internet Explorer allows users to view content with restricted permission in Internet Explorer.   It is critical that these customers install the update before then, in order to avoid any issues accessing or protecting web-based content. 


If AD RMS customers using IE do not install the update before February 22nd, they will not be able to create or access protected content when using the following applications:

  • Outlook Web Access 2000, 2003, 2007
  •  Word, Excel, Powerpoint web viewers
  •  Any web-based application with protected content

All customers with client or server apps that use AD RMS will need to install the update as soon as possible.  This update is available on Windows Update and here for Windows 7, Windows XP, Windows Server 2003, Windows Server 2008 R2.  The update for Windows Vista and Windows Server 2008 is available for download here and will be available via Windows Update by Feb 23. 

Once this update is applied and the manifest expiry feature is removed, the AD RMS aware applications (including Internet Explorer) will no longer need to renew their manifests. This will eliminate the possibility of manifest expiration. The change will be effective for both new as well as existing RMS products. Applications will still need to have a manifest and RMS Partner ISVs will still need to have a Microsoft issued production certificate for creating that manifest.


Application manifest expiry was a legacy feature in the original product that was intended to allow for more granular control of the applications that can access RMS protected content. The functionality this feature provided has since been subsumed by other features in AD RMS, such as Application Exclusion as well as Windows Software Restrictions Policies, which allow for controlling what applications can run in your enterprise. This approach puts the control in the hands of our customers and is therefore preferable to the original design. As a result of this update to the software, the application manifest expiry feature will no longer be required.


  • The updates that you have a fast and he was good for us, I thank you

  • Thanks to the optimized new was needed

  • Thank you for sharing your day with us the necessary updates.

  • Thank you for providing updated information to our business was very useful.

  • Thank you for providing updated information to our business was very useful.

  • Hi!

    I have two problems:

    a) when I want to exacute windows update, I have an error (0x80070002))

    b)My computer (Asus) and not old does not want to recognize the external hard disk seagate

    <could you please help me? otherwise, I might get creazy:-)

    my mail:

    Many thanks

  • very nice job thank you

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment