The RMS server records every license request.
What is recorded?
- The user account cert (RAC/GIC)
- The content issuance license (contains an encrypted list of all user/groups that are granted rights and what rights they are granted)
- The use license issued to the user. (contains an encrypted list of the rights that the user is granted)
Once the client has the use license no other activity is recorded unless the use license contains a policy that requires users to re-license the content (either every X days or every use). There is no logging on the client side of when and what rights used. The tool in the RMS Toolkit, RMSLogAnalyzer can be used to process the verbose server logs into a much more usable format that can then be used for audit tracked (though as stated before the server only knows about the license issued, not how many times it was used etc). The issuance license can be manually pulled from either the content or the RMS logging database. The tool in the RMS Toolkit, RMS CertAnalyzer can be used to decrypt the issuance license to view who has what rights to the content.
Note: Outlook 2003 can be configured so that when it receives an RMS protected e-mail it will automatically request a use license for it. This is done to enable viewing of the content at a later date when the user might not have connectivity. Because of this the fact that the RMS server has issued the user a use license does to translate to the user has view the content.