AIP Protect (Only Available in the Edition Downloaded from Foxit Official Website)

• Overview
• Prerequisites
• AIP Encryption
• Foxit Configuration Tool (Used in a Windows AIP Server)
• AIP Decryption
• Change AIP Account
• Classify and Protect PDFs with Sensibility Labels in AIP

Overview

Foxit PDF Reader (the edition downloaded from Foxit official website) integrates AIP plugin in the software to extend the access control of Microsoft Windows Server® AD RMS on client systems. You will be offered a 14-day trial for AIP functions.

Prerequisites

If you are using the Microsoft Azure Rights Management (Azure RMS) environment, you can log in to the AIP server directly within Foxit PDF Reader.

If you are using the Microsoft Active Directory Rights Management Services (AD RMS) environment, you need to do the following deployment steps.

Deploy Active Directory Rights Management Services

In order to use Microsoft Rights Management Services in your client system, you need to follow Microsoft's instructions to deploy the Active Directory Rights Management Services (AD RMS) mobile device extension first. For detailed deployment steps, please refer to “Active Directory Rights Management Services Mobile Device Extension”.

When deploying Active Directory Rights Management Service mobile device extension, you need to run the following Windows PowerShell commands in order to authorize Foxit PDF Reader for your devices.

Add-AdfsClient -Name "Foxit Reader for OS X" -ClientId "3df27ee0-ee38-44ef-af7c-f7f4850f4450" -RedirectUri @("com.foxitsoftware.com.reader-for-osx://authorize")

AIP Encryption

• Click Protect.
• If you are using the AIP functions for the first time, choose Restrict Access > Connect to Digital Right Management Servers and Get Templates to log in to the AIP server first.
• If you have logged in to the AIP server before, choose Restrict Access.
• Select a template to encrypt the PDF file.
• If you don't want to use the template, click Restricted Access option to specify the permissions. Please refer to “Specify the Permissions to PDF Files” for more details.

Tip: Foxit PDF Reader allows you to encrypt PDF files with the official rights policy templates as well as custom templates. Official rights policy templates are based on the AIP server. Custom templates are customized by users. For instructions on how to customize a template, please refer to “Create Custom Templates”.

Specify the Permissions to PDF Files

• Click Protect > Restrict Access > Restricted Access.
• In the pop-up Permission window, check Restrict permission to this document, and do the following:
  • 1. Enter the email addresses of users in the respective boxes. You can also click to authorize all users with the permissions.
  • 2. Click More Options to set additional permissions.
  • 2.1. In the User List, click Add or Remove to add or remove an authorized user.
  • 2.2. Check the additional permissions in the “Additional permissions for users”. You can click Extended policy to control the document usage:
    • Only allow access by this IP range: specify an IP range that is allowed to access a document.
    • Only allow access to these pages: specify the page number(s) that a user is allow to access.
    • Number of accesses: specify the number of times that a user is allowed to access a document.
    • Number of prints: specify the number of times that a user is allowed to print a document.
      
      Note: To specify the “Number of accesses” and “Number of prints” items in an on-premise environment, click the Web Service Configuration to configure the web service and SQL first, and then enable the extended policy with the Foxit Configuration Tool.
  • 2.3. Check the additional settings and select a security watermark. For the instructions on how to add a security watermark, please refer to “Security Watermark Management”.
  • 2.4 If needed, click Save Defaults to make the additional settings the default, or click Save As Template to save the settings as a template for further use.
• Click OK to encrypt the PDF files with the settings you specified.

Create Custom Templates

• Click Protect > Settings > Custom Templates.
• Click Create: You can click Edit or Delete to edit or delete an existing custom template.
• Specify the template outline, and click Next.
• Add users, check the permissions for users, and click Next.
• Specify when the content expires, and click Next.
• Specify the security watermark and extended policies, and then click Finish. For detailed instructions, please refer to Security Watermark Management and Extended Policy.
• Click OK, and the custom template will be added to the template list under Restricted Access.

Security Watermark Management

• Click Protect > Settings > Security Watermark.
• Do one of the following:
  • New Profile: Add a new watermark profile.
  • Add: Add a security watermark.
  • Edit: Edit an existing watermark.
  • Delete: Delete the selected watermark.

Foxit Configuration Tool (Used in a Windows AIP Server)

Foxit PDF Reader AIP Protect feature provides a handy configuration tool for administrators to better modify the protection settings on an AIP server. Administrators can directly enable/disable each tool, edit the extended policies of official templates, dynamically revoke permissions, audit logs, and customize wrapper files.

To use the configuration tool to encrypt PDFs, please do the following:

• Log in to your AIP server.
• Download the Foxit Configuration Tool from:
  • Foxit Configuration Tool (for X86)
  • Foxit Configuration Tool (for X64)
• Unzip and Run Foxit Configuration Tool, you can then use the different tools in the Foxit Configuration Tool window. Note: Before getting started, you need to configure the VBScript in the unzipped folder by inputting your specific localhost address and port number in the script. The default port number in the script is 80, such as admin_role = config_manager.Initialize(true,"localhost",80,"","",""). You need to change the port number to the one your server currently uses.

Template Extended Policy

With the Foxit Configuration Tool, administrators can easily edit the extended policy of official templates. Click Template ExtendedPolicy tool and choose one template to edit. See also Extended Policy.

Tip: Click the Back button in the left corner to return to the Foxit Configuration Tool window.

Dynamic Revocation

Revocation is a mechanism that revokes a PDF document that has already been issued. A common use of revocation is to remove rights from an individual when he is no longer authorized or to restrict access to a document when it becomes out of date or invalid.

Note: To revoke a PDF document/user in an on-premise environment, please refer to Web Service Configuration to configure the web service and SQL first. Then choose the Revocation tool in the Foxit Configuration Tool window and enable the tool by clicking the button .

To revoke a PDF document, click Document Revocation. Select the PDF document you want to revoke, click the Add button to add the document to the Revocation List. Or you can click Browse to select a document from a local drive to add to the Revocation List. To remove the revocation, please select the document in the Revocation List and click the Remove button.

To revoke a user, click User Revocation. Click Add button to add a user to the User Revocation List. To remove the revocation, please select the user in the list and click Remove button.

Extended Policy

Foxit Configuration Tool provides you with Extended Policy to add complete PDF protection and control to your PDF documents. The policy allows documents owners to control the number of access and the number of prints in an on-premise environment. Before you specify the two permissions, please refer to Web Service Configuration to configure the web service and SQL first, and then choose the Extended Policy tool in the Foxit Configuration Tool window and enable the tool by clicking the button .

Auditing Logs

Foxit PDF Reader enables you to track the usage of AIP protected files to record the actions on the files during workflow, including who accessed the document, what document was accessed, when it was accessed, how it was accessed and the success of that access, and more.

To audit logs, please refer to Web Service Configuration to configure the web service and SQL first, and then choose the Audit Log tool in the Foxit Configuration Tool window and enable the tool by clicking the button .

Choose one log and click on the Export button to export to Foxit PDF Reader's registry or Foxit PDF Editor's to generate a .reg file for the administrator's configuration. The administrator can distribute the .reg file to client-end computers.

Edit Wrapper Content

If you open a PDF which is encrypted by Foxit with other PDF viewers, a wrapper (which is a PDF page) appears with a prompt that you need to download Foxit PDF Reader/Foxit PDF Editor to open the encrypted PDF. With Foxit Configuration Tool, you can customize the wrapper by selecting a desired PDF file.

To apply a custom wrapper, please refer to Web Service Configuration to configure the web service and SQL first. Then choose the Edit Wrapper Content tool in the Foxit Configuration Tool window, enable the tool by clicking the button , and select a desired PDF file.

AIP Decryption

You can decrypt the AIP protected PDF file if you are authorized.

• Open the encrypted PDF file with Foxit PDF Reader;
• Click Protect > Restrict Access > Unrestricted Access;
• Click OK in the pop-up message to confirm your operation.

Change AIP Account

To change the AIP account, click Protect > Settings > Change Account, and input your new account to sign in. To successfully switch the AIP account, you need to close the AIP-protected file before changing the account. 

Classify and Protect PDFs with Sensibility Labels in AIP

Protect PDFs with Sensibility Labels

With Foxit PDF Reader, you can classify and protect documents with sensitivity labels configured by the administrator in your organization.

• Click Protect > Sensibility. (Sign in to your AIP account if you haven’t by clicking Connect to Microsoft Azure Information Protection to get the list of configured sensibility labels.)
• Select a label from the list to apply to the document.
• When the labelling process is complete, the document is saved automatically.

Remove Sensibility Labels from the Protected PDFs

You can remove the sensibility label from a protected PDF file that you have created.

• Open the protected PDF file with Foxit PDF Reader.
• Click Protect > Sensibility.
• (Optional) Click Connect to Microsoft Azure Information Protection to sign in to your AIP account if you haven’t.
• Select Remove Label from the list, and confirm your operation. 
• Click the Save button  (or File > Save) to save the changes to the PDF file.

Change AIP Account

• Make sure that you have closed all the AIP protected PDFs.
• Click Protect > Sensibility > Change Account.
• Input the account information to sign in to your new AIP account based on the on-screen instructions.