Just a quick post to advise Microsoft has now released a KB to remove the application manifest expiry feature in AD RMS. The reason for this is that this legacy feature was previously used to confirm that applications accessing or creating RMS protected content were to be trusted.

This was done by applications being signed by application signing certs issued by MS. Once the application signing cert expired the application would no longer be trusted to open or create RMS protected content until it was renewed with application updates, which would cause problems and errors between expiring signing certs and application updates!

This can now be controlled by the system administrator rather than by signing certs, administrators can now define applications, or older versions of applications as untrustworthy themselves.

The update to remove this feature is KB979099 where the update can be found for all RMS client operating systems.