I've been doing a couple of events recently with my manager, James and one of the points he always raises is around protection of information, especially things like emails and documents. The example James gives is around the internal Microsoft emails/memo's that, a few years back, seemed to always find their way out onto the wonderful world wide web, and once it's left your 'four walls', that's it, it's out of your hands.
Step up, Windows Server Active Directory Rights Management Services.
"The goal of an AD RMS deployment is to be able to protect information, no matter where it goes. Once AD RMS protection is added to a digital file, the protection stays with the file. By default, only the content owner is able to remove the protection from the file. The owner grants rights to other users to perform actions on the content, such as the ability to view, copy, or print the file. For more information about the business reasons behind an AD RMS deployment, see the white paper "Windows Rights Management Services: Helping Organizations Safeguard Digital Information from Unauthorized Use" (http://go.microsoft.com/fwlink/?LinkId=64636)."
So, to put that in context, check out this shot from my Outlook 2007 client:
I've created a new email, and I then have the option, with choosing one button, protect this email and restrict it to the person I'm sending it to. Now, I haven't personally created those options in the screenshot - that's the work of the Microsoft IT Admins, but for the end user, it makes it really easy to apply confidentiality to an email and, also, a document:
Now, if I send that email, or document to someone in Microsoft, short of taking their laptop or screen to the photocopier, or handwriting it out, there is no way to distribute that information. That includes screenshots, screen clips etc.
Now, how to set this up?
Well, check out this guide: http://technet2.microsoft.com/windowsserver2008/en/library/437d3040-89f0-40ac-a2af-c288a48714c41033.mspx?mfr=true
Happy days :-)