icon-home icon-gotop

RMS Encryption and Decryption (Available in Website Edition Only)

Overview

Foxit Reader Website Edition integrates RMS plugin in the software to extend the access control of Microsoft Windows Server® AD RMS on client systems. You will be offered a 14-day trial for RMS functions. To continue to use RMS functions after the evaluation period, you can contact Foxit at sales@foxitsoftware.com to purchase a RMS license for the Foxit RMS plug-in.

Prerequisites

If you are using the Microsoft Azure Rights Management (Azure RMS) environment, you can log in to the RMS server directly within Foxit Reader.

If you are using the Microsoft Active Directory Rights Management Services (AD RMS) environment, you need to do the following deployment steps.

Deploy Active Directory Rights Management Services

In order to use Microsoft Rights Management Services in your client system, you need to follow Microsoft's instructions to deploy the Active Directory Rights Management Services (AD RMS) mobile device extension first. For detailed deployment steps, please refer to “Active Directory Rights Management Services Mobile Device Extension”.

When deploying Active Directory Rights Management Service mobile device extension, you need to run the following Windows PowerShell commands in order to authorize Foxit Reader for your devices.

Add-AdfsClient -Name "Foxit Reader for OS X" -ClientId "3df27ee0-ee38-44ef-af7c-f7f4850f4450" -RedirectUri @("com.foxitsoftware.com.reader-for-osx://authorize")

RMS Encryption

Tip: Foxit Reader allows you to encrypt PDF files with the official rights policy templates as well as custom templates. Official rights policy templates are based on the RMS server. Custom templates are customized by users. For instructions on how to customize a template, please refer to “Create Custom Templates”.

Specify the Permissions to PDF Files

Create Custom Templates

Security Watermark Management

Foxit Configuration Tool (Used in a Windows RMS Server)

Foxit Reader RMS protector provides a handy configuration tool for administrators to better modify the protection settings on a RMS server. Administrators can directly enable/disable each tool, edit the extended policies of official templates, dynamically revoke permissions, audit logs, and customize wrapper files.

To use the configuration tool to encrypt PDFs, please do the following:

Template Extended Policy

With the Foxit Configuration Tool, administrators can easily edit the extended policy of official templates. Click Template ExtendedPolicy tool and choose one template to edit. See also Extended Policy.

Tip: Click the Back button in the left corner to return to the Foxit Configuration Tool window.

Dynamic Revocation

Revocation is a mechanism that revokes a PDF document that has already been issued. A common use of revocation is to remove rights from an individual when he is no longer authorized or to restrict access to a document when it becomes out of date or invalid.

Note: To revoke a PDF document/user in an on-premise environment, please refer to Web Service Configuration to configure the web service and SQL first. Then choose the Revocation tool in the Foxit Configuration Tool window and enable the tool by clicking the button .

To revoke a PDF document, click Document Revocation. Select the PDF document you want to revoke, click the Add button to add the document to the Revocation List. Or you can click Browse to select a document from a local drive to add to the Revocation List. To remove the revocation, please select the document in the Revocation List and click the Remove button.

To revoke a user, click User Revocation. Click Add button to add a user to the User Revocation List. To remove the revocation, please select the user in the list and click Remove button.

Extended Policy

Foxit Configuration Tool provides you with Extended Policy to add complete PDF protection and control to your PDF documents. The policy allows documents owners to control the number of access and the number of prints in an on-premise environment. Before you specify the two permissions, please refer to Web Service Configuration to configure the web service and SQL first, and then choose the Extended Policy tool in the Foxit Configuration Tool window and enable the tool by clicking the button .

Auditing Logs

Foxit Reader enables you to track the usage of RMS protected files to record the actions on the files during workflow, including who accessed the document, what document was accessed, when it was accessed, how it was accessed and the success of that access, and more.

To audit logs, please refer to Web Service Configuration to configure the web service and SQL first, and then choose the Audit Log tool in the Foxit Configuration Tool window and enable the tool by clicking the button .

Choose one log and click on the Export button to export to Foxit Reader's registry or Foxit PhantomPDF's to generate a .reg file for the administrator's configuration. The administrator can distribute the .reg file to client-end computers.

Edit Wrapper Content

If you open a PDF which is encrypted by Foxit with other PDF viewers, a wrapper (which is a PDF page) appears with a prompt that you need to download Foxit Reader/PhantomPDF to open the encrypted PDF. With Foxit Configuration Tool, you can customize the wrapper by selecting a desired PDF file.

To apply a custom wrapper, please refer to Web Service Configuration to configure the web service and SQL first. Then choose the Edit Wrapper Content tool in the Foxit Configuration Tool window, enable the tool by clicking the button , and select a desired PDF file.

RMS Decryption

You can decrypt the RMS protected PDF file if you are authorized.

Change RMS Account

To change the RMS account, click Protect > Settings > Change Account, and input your new account to sign in. To successfully switch the RMS account, you need to close the RMS-protected file before changing the account.