Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.
Summary
This article contains the following information:
INTRODUCTION
Information that describes the removal of manifest expiry feature in AD RMS
An update is available for all Active Directory Rights Management Services (AD RMS) clients. This update prevents you from receiving error messages that are related to the application manifest expiry feature of the AD RMS clients. This fix is also necessary for Windows Rights Management clients. This update ensures continued compatibility between RMS-enabled applications and the RMS client.As a follow up to the Office 2003 Information Rights Management (IRM) update, Microsoft has made additional changes in AD RMS. The application manifest expiry feature of AD RMS is no longer required. After careful review of the original design of the AD RMS client, Microsoft has determined that the application manifest expiry feature can be completely removed. The application manifest expiry feature was a legacy feature in the original product. This feature allowed for more specific control of the applications that can access AD RMS protected content. The functionality that was provided by this feature is now included in other features that are contained in AD RMS, such as Application Exclusion and Windows Software Restrictions policies. These new features provide a new approach to allow for controlling what applications can run in your enterprise. The new approach puts the control in your hands.For more information, visit the following Microsoft Web site:
Description of the Office 2003 documents protected with AD RMS/RMS update package: December 11, 2009
More Information
Update information
How to obtain this update
Windows Update This update is available from the Microsoft Update Web site:
http://update.microsoft.com Microsoft Download Center The following files are available for download from the Microsoft Download Center:
|
Operating system |
Update |
|---|---|
|
All supported x64-based versions of Windows XP |
|
|
All supported x86-based versions of Windows Server 2003 |
|
|
All supported x64-based versions of Windows Server 2003 |
|
|
All supported IA-64-based versions of Windows Server 2003 |
|
|
All supported x86-based versions of Windows Vista |
|
|
All supported x64-based versions of Windows Vista |
|
|
All supported x86-based versions of Windows Server 2008 |
|
|
All supported x64-based versions of Windows Server 2008 |
|
|
All supported IA-64-based versions of Windows Server 2008 |
|
|
All supported x86-based versions of Windows 7 |
|
|
All supported x64-based versions of Windows 7 |
|
|
All supported x64-based versions of Windows Server 2008 R2 |
|
|
All supported IA-64-based versions of Windows Server 2008 R2 |
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Prerequisites
There are no prerequisites for installing this update.
Registry information
To use the update in this package, you do not have to make any changes to the registry.
Restart requirement
You do not have to restart the computer after you apply this update.
Update replacement information
This update replaces the existing AD RMS client on the computer. It contains all hotfixes that were included with AD RMS V1 Service Pack 2 and all later hotfixes that were released before this update.
File information
The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Vista and Windows Server 2008 file information notes
-
The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
Version
Product
SR_Level
Service branch
6.0.600 0. 17xxx
Windows Vista
RTM
GDR
6.0.600 0. 21xxx
Windows Vista
RTM
LDR
6.0.600 1. 18xxx
Windows Vista and Windows Server 2008
SP1
GDR
6.0.600 1. 22xxx
Windows Vista and Windows Server 2008
SP1
LDR
6.0.600 2. 18xxx
Windows Vista and Windows Server 2008
SP2
GDR
6.0.600 2. 22xxx
Windows Vista and Windows Server 2008
SP2
LDR
-
GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.
-
Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Msdrm.dll |
6.0.6000.17008 |
312,320 |
25-Jan-2010 |
12:56 |
x86 |
|
Msdrm.dll |
6.0.6000.21210 |
312,832 |
25-Jan-2010 |
12:34 |
x86 |
|
Msdrm.dll |
6.0.6001.18411 |
329,216 |
25-Jan-2010 |
12:45 |
x86 |
|
Msdrm.dll |
6.0.6001.22613 |
336,384 |
25-Jan-2010 |
12:31 |
x86 |
|
Msdrm.dll |
6.0.6002.18193 |
332,288 |
25-Jan-2010 |
11:58 |
x86 |
|
Msdrm.dll |
6.0.6002.22321 |
352,768 |
25-Jan-2010 |
12:35 |
x86 |
For all supported x64-based versions of Windows Server 2008 and of Windows Vista
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Msdrm.dll |
6.0.6000.17008 |
433,664 |
25-Jan-2010 |
13:01 |
x64 |
|
Msdrm.dll |
6.0.6000.21210 |
434,176 |
25-Jan-2010 |
13:12 |
x64 |
|
Msdrm.dll |
6.0.6001.18411 |
457,216 |
25-Jan-2010 |
13:00 |
x64 |
|
Msdrm.dll |
6.0.6001.22613 |
465,408 |
25-Jan-2010 |
13:04 |
x64 |
|
Msdrm.dll |
6.0.6002.18193 |
460,288 |
25-Jan-2010 |
12:08 |
x64 |
|
Msdrm.dll |
6.0.6002.22321 |
486,912 |
25-Jan-2010 |
12:17 |
x64 |
For all supported IA-64-based versions of Windows Server 2008
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Msdrm.dll |
6.0.6001.18411 |
772,608 |
25-Jan-2010 |
12:42 |
IA-64 |
|
Msdrm.dll |
6.0.6001.22613 |
788,992 |
25-Jan-2010 |
12:28 |
IA-64 |
|
Msdrm.dll |
6.0.6002.18193 |
778,752 |
25-Jan-2010 |
11:51 |
IA-64 |
|
Msdrm.dll |
6.0.6002.22321 |
827,904 |
25-Jan-2010 |
12:06 |
IA-64 |
Windows 7 and Windows Server 2008 R2 file information notes
-
The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Version
Product
Milestone
Service branch
6.1.760 0.16xxx
Windows 7 and Windows Server 2008 R2
RTM
GDR
6.1.760 0.20xxx
Windows 7 and Windows Server 2008 R2
RTM
LDR
-
GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.
For all supported x86-based versions of Windows 7
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Rmactivate_ssp_isv.exe |
6.1.7600.16506 |
277,504 |
18-Jan-2010 |
23:28 |
x86 |
|
Secproc_ssp_isv.dll |
6.1.7600.16506 |
85,504 |
18-Jan-2010 |
23:29 |
x86 |
|
Rmactivate_ssp_isv.exe |
6.1.7600.20621 |
277,504 |
19-Jan-2010 |
11:54 |
x86 |
|
Secproc_ssp_isv.dll |
6.1.7600.20621 |
85,504 |
19-Jan-2010 |
11:55 |
x86 |
|
Rmactivate_isv.exe |
6.1.7600.16506 |
324,608 |
18-Jan-2010 |
23:28 |
x86 |
|
Secproc_isv.dll |
6.1.7600.16506 |
365,568 |
18-Jan-2010 |
23:29 |
x86 |
|
Rmactivate_isv.exe |
6.1.7600.20621 |
324,608 |
19-Jan-2010 |
11:54 |
x86 |
|
Secproc_isv.dll |
6.1.7600.20621 |
365,568 |
19-Jan-2010 |
11:55 |
x86 |
|
Rmactivate_ssp.exe |
6.1.7600.16506 |
280,064 |
18-Jan-2010 |
23:28 |
x86 |
|
Secproc_ssp.dll |
6.1.7600.16506 |
85,504 |
18-Jan-2010 |
23:29 |
x86 |
|
Rmactivate_ssp.exe |
6.1.7600.20621 |
280,064 |
19-Jan-2010 |
11:54 |
x86 |
|
Secproc_ssp.dll |
6.1.7600.20621 |
85,504 |
19-Jan-2010 |
11:55 |
x86 |
|
Rmactivate.exe |
6.1.7600.16506 |
320,512 |
18-Jan-2010 |
23:28 |
x86 |
|
Secproc.dll |
6.1.7600.16506 |
369,152 |
18-Jan-2010 |
23:29 |
x86 |
|
Rmactivate.exe |
6.1.7600.20621 |
320,512 |
19-Jan-2010 |
11:54 |
x86 |
|
Secproc.dll |
6.1.7600.20621 |
369,152 |
19-Jan-2010 |
11:55 |
x86 |
For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Rmactivate_ssp_isv.exe |
6.1.7600.16506 |
305,152 |
19-Jan-2010 |
09:00 |
x64 |
|
Secproc_ssp_isv.dll |
6.1.7600.16506 |
121,856 |
19-Jan-2010 |
09:05 |
x64 |
|
Rmactivate_ssp_isv.exe |
6.1.7600.20621 |
305,152 |
19-Jan-2010 |
10:25 |
x64 |
|
Secproc_ssp_isv.dll |
6.1.7600.20621 |
121,856 |
19-Jan-2010 |
10:30 |
x64 |
|
Rmactivate_isv.exe |
6.1.7600.16506 |
357,888 |
19-Jan-2010 |
09:00 |
x64 |
|
Secproc_isv.dll |
6.1.7600.16506 |
422,912 |
19-Jan-2010 |
09:05 |
x64 |
|
Rmactivate_isv.exe |
6.1.7600.20621 |
357,888 |
19-Jan-2010 |
10:25 |
x64 |
|
Secproc_isv.dll |
6.1.7600.20621 |
422,912 |
19-Jan-2010 |
10:30 |
x64 |
|
Rmactivate_ssp.exe |
6.1.7600.16506 |
306,688 |
19-Jan-2010 |
09:00 |
x64 |
|
Secproc_ssp.dll |
6.1.7600.16506 |
121,856 |
19-Jan-2010 |
09:05 |
x64 |
|
Rmactivate_ssp.exe |
6.1.7600.20621 |
306,688 |
19-Jan-2010 |
10:24 |
x64 |
|
Secproc_ssp.dll |
6.1.7600.20621 |
121,856 |
19-Jan-2010 |
10:30 |
x64 |
|
Rmactivate.exe |
6.1.7600.16506 |
356,352 |
19-Jan-2010 |
09:00 |
x64 |
|
Secproc.dll |
6.1.7600.16506 |
424,960 |
19-Jan-2010 |
09:05 |
x64 |
|
Rmactivate.exe |
6.1.7600.20621 |
356,352 |
19-Jan-2010 |
10:24 |
x64 |
|
Secproc.dll |
6.1.7600.20621 |
424,960 |
19-Jan-2010 |
10:30 |
x64 |
For all supported IA-64-based versions of Windows Server 2008 R2
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Rmactivate_ssp_isv.exe |
6.1.7600.16506 |
297,984 |
19-Jan-2010 |
07:31 |
IA-64 |
|
Secproc_ssp_isv.dll |
6.1.7600.16506 |
285,696 |
19-Jan-2010 |
07:37 |
IA-64 |
|
Rmactivate_ssp_isv.exe |
6.1.7600.20621 |
297,984 |
19-Jan-2010 |
08:55 |
IA-64 |
|
Secproc_ssp_isv.dll |
6.1.7600.20621 |
285,696 |
19-Jan-2010 |
09:02 |
IA-64 |
|
Rmactivate_isv.exe |
6.1.7600.16506 |
335,872 |
19-Jan-2010 |
07:31 |
IA-64 |
|
Secproc_isv.dll |
6.1.7600.16506 |
595,456 |
19-Jan-2010 |
07:37 |
IA-64 |
|
Rmactivate_isv.exe |
6.1.7600.20621 |
335,872 |
19-Jan-2010 |
08:55 |
IA-64 |
|
Secproc_isv.dll |
6.1.7600.20621 |
595,456 |
19-Jan-2010 |
09:02 |
IA-64 |
|
Rmactivate_ssp.exe |
6.1.7600.16506 |
300,032 |
19-Jan-2010 |
07:31 |
IA-64 |
|
Secproc_ssp.dll |
6.1.7600.16506 |
285,696 |
19-Jan-2010 |
07:37 |
IA-64 |
|
Rmactivate_ssp.exe |
6.1.7600.20621 |
300,032 |
19-Jan-2010 |
08:55 |
IA-64 |
|
Secproc_ssp.dll |
6.1.7600.20621 |
285,696 |
19-Jan-2010 |
09:02 |
IA-64 |
|
Rmactivate.exe |
6.1.7600.16506 |
334,336 |
19-Jan-2010 |
07:31 |
IA-64 |
|
Secproc.dll |
6.1.7600.16506 |
593,408 |
19-Jan-2010 |
07:37 |
IA-64 |
|
Rmactivate.exe |
6.1.7600.20621 |
334,336 |
19-Jan-2010 |
08:55 |
IA-64 |
|
Secproc.dll |
6.1.7600.20621 |
593,408 |
19-Jan-2010 |
09:01 |
IA-64 |
For all supported x86-based versions of Windows 2000, of Windows XP, and of Windows Server 2003:
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Msdrm.dll |
5.2.3790.433 |
339,336 |
14-Jan-2010 |
13:14 |
x86 |
|
Secproc.dll |
6.0.6406.0 |
558,984 |
14-Jan-2010 |
13:14 |
x86 |
|
Secproc_isv.dll |
6.0.6406.0 |
562,064 |
14-Jan-2010 |
13:14 |
x86 |
|
Secproc_ssp.dll |
6.0.6406.0 |
192,904 |
14-Jan-2010 |
13:14 |
x86 |
|
Secproc_ssp_isv.dll |
6.0.6406.0 |
192,912 |
14-Jan-2010 |
13:14 |
x86 |
|
RmActivate.exe |
6.0.6406.0 |
567,176 |
14-Jan-2010 |
13:14 |
x86 |
|
RmActivate_isv.exe |
6.0.6406.0 |
575,880 |
14-Jan-2010 |
13:14 |
x86 |
|
RmActivate_ssp.exe |
6.0.6406.0 |
362,888 |
14-Jan-2010 |
13:14 |
x86 |
|
RmActivate_ssp_isv.exe |
6.0.6406.0 |
361,872 |
14-Jan-2010 |
13:14 |
x86 |
For all supported x64-based versions of Windows 2000, of Windows XP, and of Windows Server 2003:
Â
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Msdrm.dll |
5.2.3790.433 |
586,640 |
14-Jan- 2010 |
13:17 |
x64 |
|
Secproc.dll |
6.0.6406.0 |
615,312 |
14-Jan- 2010 |
13:17 |
x64 |
|
Secproc_isv.dll |
6.0.6406.0 |
613,264 |
14-Jan- 2010 |
13:17 |
x64 |
|
Secproc_ssp.dll |
6.0.6406.0 |
197,512 |
14-Jan- 2010 |
13:17 |
x64 |
|
Secproc_ssp_isv.dll |
6.0.6406.0 |
197,520 |
14-Jan- 2010 |
13:17 |
x64 |
|
RmActivate.exe |
6.0.6406.0 |
647,568 |
14-Jan- 2010 |
13:17 |
x64 |
|
RmActivate_isv.exe |
6.0.6406.0 |
649,616 |
14-Jan- 2010 |
13:17 |
x64 |
|
RmActivate_ssp.exe |
6.0.6406.0 |
427,920 |
14-Jan- 2010 |
13:17 |
x64 |
|
RmActivate_ssp_isv.exe |
6.0.6406.0 |
436,104 |
14-Jan- 2010 |
13:17 |
x64 |
|
Msdrm.dll |
5.2.3790.433 |
339,336 |
14-Jan- 2010 |
13:17 |
x86 |
|
Secproc.dll |
6.0.6406.0 |
558,992 |
14-Jan- 2010 |
13:17 |
x86 |
|
Secproc_isv.dll |
6.0.6406.0 |
562,056 |
14-Jan- 2010 |
13:17 |
x86 |
|
Secproc_ssp.dll |
6.0.6406.0 |
192,912 |
14-Jan- 2010 |
13:17 |
x86 |
|
Secproc_ssp_isv.dll |
6.0.6406.0 |
192,912 |
14-Jan- 2010 |
13:17 |
x86 |
|
RmActivate.exe |
6.0.6406.0 |
567,176 |
14-Jan- 2010 |
13:17 |
x86 |
|
RmActivate_isv.exe |
6.0.6406.0 |
575,888 |
14-Jan- 2010 |
13:17 |
x86 |
|
RmActivate_ssp.exe |
6.0.6406.0 |
362,896 |
14-Jan- 2010 |
13:17 |
x86 |
|
RmActivate_ssp_isv.exe |
6.0.6406.0 |
361,872 |
14-Jan- 2010 |
13:17 |
x86 |
References
Error message that you may receive when you access AD RMS protected content
The following is an example of an error message that you may receive when you try to access AD RMS protected content.If you use the Rights Management Add-on for Internet Explorer, you may receive the following error message if the manifest is expired:
You cannot open this document because we cannot set up your computer to open documents that have restricted permission.
If you click Advanced Information in the error message, you may see one of the following error messages:
The Rights Management client returned the following result code: 0x80004005(-2147467259).
The Rights Management client returned the following result code: E_DRM_SERVICE_NOT_FOUND.
The Rights Management client returned the following result code: E_DRM_BIND_VALIDITY_TIME_VIOLATED.
After you apply this update, the manifest expiry feature is removed. Therefore, the AD RMS client applications will no longer have to renew their manifests. This also eliminates the possibility of having manifests expire accidentally.Note This update is effective for both new and existing AD RMS products. AD RMS applications will still need a manifest. AD RMS Independent Software Vendor (ISV) partners will still need a production certificate issued by Microsoft for creating this manifest.
More information about AD RMS and the legacy application manifest expiry feature
Capabilities of AD RMS
AD RMS is used to protect sensitive data. AD RMS applications that also handle sensitive data share the responsibility of protecting this data.AD RMS provides two main capabilities:
-
AD RMS providespersistent, cryptographically-protected access control at the file level. This prevents unauthorized access to content.
-
AD RMS provides usage policy enforcement that can specify particular rights or restrictions on access to content. For example, "read-only" or "do not forward." To provide the usage policy enforcement capability, AD RMS restricts access to protected content. Only trusted AD RMS applications that can enforce this usage policy may access this protected content.
Mechanism of the application manifest expiry feature
Microsoft issues an application signing certificate to developers who create AD RMS applications. The developer uses this certificate to sign an application manifest for each AD RMS application. Each AD RMS application that creates or that accesses AD RMS protected content contains this signed application manifest. This application manifest verifies that the application has a trusted state. The AD RMS client checks both the signed application manifest and the application signing certificate before it enables the application to create or to access protected content.The application signing certificate contains an expiration date. When this expiration date has passed, the AD RMS client no longer recognizes the trust state of the AD RMS application. Therefore, the AD RMS client does not enable the AD RMS application to create or to access the protected content. This expiration date is a legacy mechanism that is used to verify the trust status of an application. Previously, new application signing certificates and new signed application manifests were distributed with application updates. This occurred especially in updates that involved patching vulnerabilities. This legacy mechanism would then prevent an attacker from using older or un-patched applications in order to access the protected content.A feature that enables the AD RMS system administrator to control application the trust state instead of relying on expiration dates replaces this legacy mechanism. An AD RMS administrator can specify particular AD RMS applications or particular versions of AD RMS applications as untrustworthy. An application that is set as untrustworthy cannot be used to create or to access AD RMS protected information.
