Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

Summary

This article contains the following information:

INTRODUCTION

Information that describes the removal of manifest expiry feature in AD RMS

An update is available for all Active Directory Rights Management Services (AD RMS) clients. This update prevents you from receiving error messages that are related to the application manifest expiry feature of the AD RMS clients. This fix is also necessary for Windows Rights Management clients. This update ensures continued compatibility between RMS-enabled applications and the RMS client.

As a follow up to the Office 2003 Information Rights Management (IRM) update, Microsoft has made additional changes in AD RMS. The application manifest expiry feature of AD RMS is no longer required.



After careful review of the original design of the AD RMS client, Microsoft has determined that the application manifest expiry feature can be completely removed. The application manifest expiry feature was a legacy feature in the original product. This feature allowed for more specific control of the applications that can access AD RMS protected content. The functionality that was provided by this feature is now included in other features that are contained in AD RMS, such as Application Exclusion and Windows Software Restrictions policies. These new features provide a new approach to allow for controlling what applications can run in your enterprise. The new approach puts the control in your hands.

For more information, visit the following Microsoft Web site:

Description of the Office 2003 documents protected with AD RMS/RMS update package: December 11, 2009

More Information

Update information

How to obtain this update

Windows Update

This update is available from the Microsoft Update Web site:

http://update.microsoft.com Microsoft Download Center

The following files are available for download from the Microsoft Download Center:

Operating system

Update

All supported x64-based versions of Windows XP

Download Download the update package now.

All supported x86-based versions of Windows Server 2003

Download Download the update package now.

All supported x64-based versions of Windows Server 2003

Download Download the update package now.

All supported IA-64-based versions of Windows Server 2003

Download Download the update package now.

All supported x86-based versions of Windows Vista

Download Download the update package now.

All supported x64-based versions of Windows Vista

Download Download the update package now.

All supported x86-based versions of Windows Server 2008

Download Download the update package now.

All supported x64-based versions of Windows Server 2008

Download Download the update package now.

All supported IA-64-based versions of Windows Server 2008

Download Download the update package now.

All supported x86-based versions of Windows 7

Download Download the update package now.

All supported x64-based versions of Windows 7

Download Download the update package now.

All supported x64-based versions of Windows Server 2008 R2

Download Download the update package now.

All supported IA-64-based versions of Windows Server 2008 R2

Download Download the update package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

There are no prerequisites for installing this update.

Registry information

To use the update in this package, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this update.

Update replacement information

This update replaces the existing AD RMS client on the computer. It contains all hotfixes that were included with AD RMS V1 Service Pack 2 and all later hotfixes that were released before this update.

File information

The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows Vista and Windows Server 2008 file information notes
  • The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.

    Version

    Product

    SR_Level

    Service branch

    6.0.600
    0.
    17xxx

    Windows Vista

    RTM

    GDR

    6.0.600
    0.
    21xxx

    Windows Vista

    RTM

    LDR

    6.0.600
    1.
    18xxx

    Windows Vista and Windows Server 2008

    SP1

    GDR

    6.0.600
    1.
    22xxx

    Windows Vista and Windows Server 2008

    SP1

    LDR

    6.0.600
    2.
    18xxx

    Windows Vista and Windows Server 2008

    SP2

    GDR

    6.0.600
    2.
    22xxx

    Windows Vista and Windows Server 2008

    SP2

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.

For all supported x86-based versions of Windows Server 2008 and of Windows Vista

File name

File version

File size

Date

Time

Platform

Msdrm.dll

6.0.6000.17008

312,320

25-Jan-2010

12:56

x86

Msdrm.dll

6.0.6000.21210

312,832

25-Jan-2010

12:34

x86

Msdrm.dll

6.0.6001.18411

329,216

25-Jan-2010

12:45

x86

Msdrm.dll

6.0.6001.22613

336,384

25-Jan-2010

12:31

x86

Msdrm.dll

6.0.6002.18193

332,288

25-Jan-2010

11:58

x86

Msdrm.dll

6.0.6002.22321

352,768

25-Jan-2010

12:35

x86

For all supported x64-based versions of Windows Server 2008 and of Windows Vista

File name

File version

File size

Date

Time

Platform

Msdrm.dll

6.0.6000.17008

433,664

25-Jan-2010

13:01

x64

Msdrm.dll

6.0.6000.21210

434,176

25-Jan-2010

13:12

x64

Msdrm.dll

6.0.6001.18411

457,216

25-Jan-2010

13:00

x64

Msdrm.dll

6.0.6001.22613

465,408

25-Jan-2010

13:04

x64

Msdrm.dll

6.0.6002.18193

460,288

25-Jan-2010

12:08

x64

Msdrm.dll

6.0.6002.22321

486,912

25-Jan-2010

12:17

x64

For all supported IA-64-based versions of Windows Server 2008

File name

File version

File size

Date

Time

Platform

Msdrm.dll

6.0.6001.18411

772,608

25-Jan-2010

12:42

IA-64

Msdrm.dll

6.0.6001.22613

788,992

25-Jan-2010

12:28

IA-64

Msdrm.dll

6.0.6002.18193

778,752

25-Jan-2010

11:51

IA-64

Msdrm.dll

6.0.6002.22321

827,904

25-Jan-2010

12:06

IA-64

Windows 7 and Windows Server 2008 R2 file information notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.1.760
    0.16xxx

    Windows 7 and Windows Server 2008 R2

    RTM

    GDR

    6.1.760
    0.20xxx

    Windows 7 and Windows Server 2008 R2

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.

For all supported x86-based versions of Windows 7

File name

File version

File size

Date

Time

Platform

Rmactivate_ssp_isv.exe

6.1.7600.16506

277,504

18-Jan-2010

23:28

x86

Secproc_ssp_isv.dll

6.1.7600.16506

85,504

18-Jan-2010

23:29

x86

Rmactivate_ssp_isv.exe

6.1.7600.20621

277,504

19-Jan-2010

11:54

x86

Secproc_ssp_isv.dll

6.1.7600.20621

85,504

19-Jan-2010

11:55

x86

Rmactivate_isv.exe

6.1.7600.16506

324,608

18-Jan-2010

23:28

x86

Secproc_isv.dll

6.1.7600.16506

365,568

18-Jan-2010

23:29

x86

Rmactivate_isv.exe

6.1.7600.20621

324,608

19-Jan-2010

11:54

x86

Secproc_isv.dll

6.1.7600.20621

365,568

19-Jan-2010

11:55

x86

Rmactivate_ssp.exe

6.1.7600.16506

280,064

18-Jan-2010

23:28

x86

Secproc_ssp.dll

6.1.7600.16506

85,504

18-Jan-2010

23:29

x86

Rmactivate_ssp.exe

6.1.7600.20621

280,064

19-Jan-2010

11:54

x86

Secproc_ssp.dll

6.1.7600.20621

85,504

19-Jan-2010

11:55

x86

Rmactivate.exe

6.1.7600.16506

320,512

18-Jan-2010

23:28

x86

Secproc.dll

6.1.7600.16506

369,152

18-Jan-2010

23:29

x86

Rmactivate.exe

6.1.7600.20621

320,512

19-Jan-2010

11:54

x86

Secproc.dll

6.1.7600.20621

369,152

19-Jan-2010

11:55

x86

For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Rmactivate_ssp_isv.exe

6.1.7600.16506

305,152

19-Jan-2010

09:00

x64

Secproc_ssp_isv.dll

6.1.7600.16506

121,856

19-Jan-2010

09:05

x64

Rmactivate_ssp_isv.exe

6.1.7600.20621

305,152

19-Jan-2010

10:25

x64

Secproc_ssp_isv.dll

6.1.7600.20621

121,856

19-Jan-2010

10:30

x64

Rmactivate_isv.exe

6.1.7600.16506

357,888

19-Jan-2010

09:00

x64

Secproc_isv.dll

6.1.7600.16506

422,912

19-Jan-2010

09:05

x64

Rmactivate_isv.exe

6.1.7600.20621

357,888

19-Jan-2010

10:25

x64

Secproc_isv.dll

6.1.7600.20621

422,912

19-Jan-2010

10:30

x64

Rmactivate_ssp.exe

6.1.7600.16506

306,688

19-Jan-2010

09:00

x64

Secproc_ssp.dll

6.1.7600.16506

121,856

19-Jan-2010

09:05

x64

Rmactivate_ssp.exe

6.1.7600.20621

306,688

19-Jan-2010

10:24

x64

Secproc_ssp.dll

6.1.7600.20621

121,856

19-Jan-2010

10:30

x64

Rmactivate.exe

6.1.7600.16506

356,352

19-Jan-2010

09:00

x64

Secproc.dll

6.1.7600.16506

424,960

19-Jan-2010

09:05

x64

Rmactivate.exe

6.1.7600.20621

356,352

19-Jan-2010

10:24

x64

Secproc.dll

6.1.7600.20621

424,960

19-Jan-2010

10:30

x64

For all supported IA-64-based versions of Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Rmactivate_ssp_isv.exe

6.1.7600.16506

297,984

19-Jan-2010

07:31

IA-64

Secproc_ssp_isv.dll

6.1.7600.16506

285,696

19-Jan-2010

07:37

IA-64

Rmactivate_ssp_isv.exe

6.1.7600.20621

297,984

19-Jan-2010

08:55

IA-64

Secproc_ssp_isv.dll

6.1.7600.20621

285,696

19-Jan-2010

09:02

IA-64

Rmactivate_isv.exe

6.1.7600.16506

335,872

19-Jan-2010

07:31

IA-64

Secproc_isv.dll

6.1.7600.16506

595,456

19-Jan-2010

07:37

IA-64

Rmactivate_isv.exe

6.1.7600.20621

335,872

19-Jan-2010

08:55

IA-64

Secproc_isv.dll

6.1.7600.20621

595,456

19-Jan-2010

09:02

IA-64

Rmactivate_ssp.exe

6.1.7600.16506

300,032

19-Jan-2010

07:31

IA-64

Secproc_ssp.dll

6.1.7600.16506

285,696

19-Jan-2010

07:37

IA-64

Rmactivate_ssp.exe

6.1.7600.20621

300,032

19-Jan-2010

08:55

IA-64

Secproc_ssp.dll

6.1.7600.20621

285,696

19-Jan-2010

09:02

IA-64

Rmactivate.exe

6.1.7600.16506

334,336

19-Jan-2010

07:31

IA-64

Secproc.dll

6.1.7600.16506

593,408

19-Jan-2010

07:37

IA-64

Rmactivate.exe

6.1.7600.20621

334,336

19-Jan-2010

08:55

IA-64

Secproc.dll

6.1.7600.20621

593,408

19-Jan-2010

09:01

IA-64

For all supported x86-based versions of Windows 2000, of Windows XP, and of Windows Server 2003:

File name

File version

File size

Date

Time

Platform

Msdrm.dll

5.2.3790.433

339,336

14-Jan-2010

13:14

x86

Secproc.dll

6.0.6406.0

558,984

14-Jan-2010

13:14

x86

Secproc_isv.dll

6.0.6406.0

562,064

14-Jan-2010

13:14

x86

Secproc_ssp.dll

6.0.6406.0

192,904

14-Jan-2010

13:14

x86

Secproc_ssp_isv.dll

6.0.6406.0

192,912

14-Jan-2010

13:14

x86

RmActivate.exe

6.0.6406.0

567,176

14-Jan-2010

13:14

x86

RmActivate_isv.exe

6.0.6406.0

575,880

14-Jan-2010

13:14

x86

RmActivate_ssp.exe

6.0.6406.0

362,888

14-Jan-2010

13:14

x86

RmActivate_ssp_isv.exe

6.0.6406.0

361,872

14-Jan-2010

13:14

x86

For all supported x64-based versions of Windows 2000, of Windows XP, and of Windows Server 2003:




 

File name

File version

File size

Date

Time

Platform

Msdrm.dll

5.2.3790.433

586,640

14-Jan- 2010

13:17

x64

Secproc.dll

6.0.6406.0

615,312

14-Jan- 2010

13:17

x64

Secproc_isv.dll

6.0.6406.0

613,264

14-Jan- 2010

13:17

x64

Secproc_ssp.dll

6.0.6406.0

197,512

14-Jan- 2010

13:17

x64

Secproc_ssp_isv.dll

6.0.6406.0

197,520

14-Jan- 2010

13:17

x64

RmActivate.exe

6.0.6406.0

647,568

14-Jan- 2010

13:17

x64

RmActivate_isv.exe

6.0.6406.0

649,616

14-Jan- 2010

13:17

x64

RmActivate_ssp.exe

6.0.6406.0

427,920

14-Jan- 2010

13:17

x64

RmActivate_ssp_isv.exe

6.0.6406.0

436,104

14-Jan- 2010

13:17

x64

Msdrm.dll

5.2.3790.433

339,336

14-Jan- 2010

13:17

x86

Secproc.dll

6.0.6406.0

558,992

14-Jan- 2010

13:17

x86

Secproc_isv.dll

6.0.6406.0

562,056

14-Jan- 2010

13:17

x86

Secproc_ssp.dll

6.0.6406.0

192,912

14-Jan- 2010

13:17

x86

Secproc_ssp_isv.dll

6.0.6406.0

192,912

14-Jan- 2010

13:17

x86

RmActivate.exe

6.0.6406.0

567,176

14-Jan- 2010

13:17

x86

RmActivate_isv.exe

6.0.6406.0

575,888

14-Jan- 2010

13:17

x86

RmActivate_ssp.exe

6.0.6406.0

362,896

14-Jan- 2010

13:17

x86

RmActivate_ssp_isv.exe

6.0.6406.0

361,872

14-Jan- 2010

13:17

x86

References

Error message that you may receive when you access AD RMS protected content

The following is an example of an error message that you may receive when you try to access AD RMS protected content.

If you use the Rights Management Add-on for Internet Explorer, you may receive the following error message if the manifest is expired:

You cannot open this document because we cannot set up your computer to open documents that have restricted permission.

If you click Advanced Information in the error message, you may see one of the following error messages:

The Rights Management client returned the following result code: 0x80004005(-2147467259).

The Rights Management client returned the following result code: E_DRM_SERVICE_NOT_FOUND.

The Rights Management client returned the following result code: E_DRM_BIND_VALIDITY_TIME_VIOLATED.

After you apply this update, the manifest expiry feature is removed. Therefore, the AD RMS client applications will no longer have to renew their manifests. This also eliminates the possibility of having manifests expire accidentally.

Note This update is effective for both new and existing AD RMS products. AD RMS applications will still need a manifest. AD RMS Independent Software Vendor (ISV) partners will still need a production certificate issued by Microsoft for creating this manifest.

More information about AD RMS and the legacy application manifest expiry feature

Capabilities of AD RMS

AD RMS is used to protect sensitive data. AD RMS applications that also handle sensitive data share the responsibility of protecting this data.

AD RMS provides two main capabilities:

  • AD RMS providespersistent, cryptographically-protected access control at the file level. This prevents unauthorized access to content.

  • AD RMS provides usage policy enforcement that can specify particular rights or restrictions on access to content. For example, "read-only" or "do not forward."

    To provide the usage policy enforcement capability, AD RMS restricts access to protected content. Only trusted AD RMS applications that can enforce this usage policy may access this protected content.

Mechanism of the application manifest expiry feature


Microsoft issues an application signing certificate to developers who create AD RMS applications. The developer uses this certificate to sign an application manifest for each AD RMS application. Each AD RMS application that creates or that accesses AD RMS protected content contains this signed application manifest. This application manifest verifies that the application has a trusted state. The AD RMS client checks both the signed application manifest and the application signing certificate before it enables the application to create or to access protected content.


The application signing certificate contains an expiration date. When this expiration date has passed, the AD RMS client no longer recognizes the trust state of the AD RMS application. Therefore, the AD RMS client does not enable the AD RMS application to create or to access the protected content. This expiration date is a legacy mechanism that is used to verify the trust status of an application. Previously, new application signing certificates and new signed application manifests were distributed with application updates. This occurred especially in updates that involved patching vulnerabilities. This legacy mechanism would then prevent an attacker from using older or un-patched applications in order to access the protected content.

A feature that enables the AD RMS system administrator to control application the trust state instead of relying on expiration dates replaces this legacy mechanism. An AD RMS administrator can specify particular AD RMS applications or particular versions of AD RMS applications as untrustworthy. An application that is set as untrustworthy cannot be used to create or to access AD RMS protected information.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!

×