Important information for Active Directory Rights Management Services (AD RMS) customers!
Today Microsoft is releasing an update to AD RMS to completely remove the “application manifest expiry” feature. This update is particularly important for AD RMS customers using Internet Explorer, because the certificate for the RMA add-in for Internet Explorer will expire on February 22nd. The RMA add-in for Internet Explorer allows users to view content with restricted permission in Internet Explorer. It is critical that these customers install the update before then, in order to avoid any issues accessing or protecting web-based content.
If AD RMS customers using IE do not install the update before February 22nd, they will not be able to create or access protected content when using the following applications:
All customers with client or server apps that use AD RMS will need to install the update as soon as possible. This update is available on Windows Update and here for Windows 7, Windows XP, Windows Server 2003, Windows Server 2008 R2. The update for Windows Vista and Windows Server 2008 is available for download here and will be available via Windows Update by Feb 23.
Once this update is applied and the manifest expiry feature is removed, the AD RMS aware applications (including Internet Explorer) will no longer need to renew their manifests. This will eliminate the possibility of manifest expiration. The change will be effective for both new as well as existing RMS products. Applications will still need to have a manifest and RMS Partner ISVs will still need to have a Microsoft issued production certificate for creating that manifest.
Application manifest expiry was a legacy feature in the original product that was intended to allow for more granular control of the applications that can access RMS protected content. The functionality this feature provided has since been subsumed by other features in AD RMS, such as Application Exclusion as well as Windows Software Restrictions Policies, which allow for controlling what applications can run in your enterprise. This approach puts the control in the hands of our customers and is therefore preferable to the original design. As a result of this update to the software, the application manifest expiry feature will no longer be required.