Policy Server appeared with the release of Acrobat 7 earlier this year. It builds substantially on the encryption and password security of past editions of Acrobat and provides control over how Acrobat PDF format documents are accessed.
The software is Java-based, which makes it suitable for Linux, Unix and Windows with Java 2 SDK 1.4.2_04 or later, and it works with JBoss, IBM WebSphere and BEA WebLogic servers. It offers support for MySQL, Oracle, IBM DB/2 and Microsoft SQL Server databases.
The crucial requirement is that an LDAP-compatible directory is available on the server. Adobe recommends Microsoft Active Directory, Sun One Directory Server and Novell eDirectory. Installation is in simple, clearly documented steps using a wizard.
Policy Server is a standalone system and any users have to have access to the server and must be registered in the directory. Even the registration service is a wizard, with customized layouts for the invitation, confirmation and change of password emails to send the end-users.
The range of controls provided through Policy Server is fairly extensive. Offline access can be fixed for a specific period and blocked from being copied or forwarded. The recommended access is online only for the highest levels of security and this can be limited to behind the firewall for sensitive documents.
Event tracking can also be turned on to audit the number of times a document is accessed, by whom or number of copies made. Controls can also be applied and audited as to who can view, forward, print or copy content.
Sadly a lot of this merely makes it harder to copy, not impossible. With a screen grabber and OCR software it was possible to reconstruct a document.
Standard Adobe document controls can be included in the properties, which determine what degree of access a reader has.
Although Adobe's controls are diverse, the ability to screen grab or photograph documents means that the only real advancement is the ability to track document usage over a predetermined lifecycle – which makes the price tag look extremely high.
Offers tracking and some control over what happens to a document during its lifecycle. Keeps document access neatly self-contained.
Very expensive and not totally foolproof.
Cannot control who sees a document, but excellent if you want to track document usage.