Do you need RMS/IRM in Office for Macintosh?

Steve Riley — Thu, 24 Apr 2008 01:34:16 GMT

Please let me know if this is a feature you'd be interested in. We're looking to build the business case to develop it, and the best way to do that is for you, our customers, to let us know.

Also, if any of you want to deploy RMS now but can't because there's currently no Mac support, I especially need to know. Thanks!

Plan now to eliminate "power users" from your domains

Steve Riley — Mon, 11 Feb 2008 21:03:17 GMT

I've seen some conversations lately about the Power Users group -- how powerful is it, really, and why did we remove the group from Windows Vista?

That group had rights install software and drivers. And if you can install software and drivers, then you can elevate yourself to Administrator or SYSTEM. Vista includes a signed installer that allows standard users to install packages signed by a trusted root. (The "Trusted Installer" is a service that has a SID, so you'll see it in the permissions list on various objects throughout the operating system.) The installer validates the signature chain, then elevates itself to perform the actual installation. Now, standard users can install and update approved software without having to grant membership in the too-powerful Power Users group.

We deprecated the Power Users group and removed it wherever we detected it on ACLs. We recommend that you do the same.

Steve Riley on Security : access control

Do you need RMS/IRM in Office for Macintosh?

Plan now to eliminate "power users" from your domains