Windows 2008 Active Directory Rights Management Service

  

Familiar with Windows Server 2003 friends, I believe that RMS (rights management service) is no stranger, it can effectively protect our digital assets from disclosure beyond the scope of the corresponding authorization . In Windows Server 2008, this important feature has been improved and enhanced. Microsoft calls it AD RMS (Active Directory Rights Management Services), the Active Directory Rights Management Service. Compared with the RMS under 2003, there have been major improvements and improvements, such as: no need to download separately to install, no need to connect to Microsoft to register, and so on.

The AD RMS system includes Windows Server 2008-based servers running the Active Directory Rights Management Services (AD RMS) server role for handling certificates and authorizations, database servers, and AD RMS clients. The deployment of the AD RMS system provides organizations with the following benefits:

- Protect sensitive information. Applications such as word processors, email clients, and industry applications can enable AD RMS to help protect sensitive information. Users can define who opens, modifies, prints, forwards, or performs other actions on the information. Organizations can create sub-customized usage policy templates (such as "confidential-read-only") that can be applied directly to the above information.

- Permanent protection. AD RMS enhances existing perimeter-based security solutions such as firewalls and access control lists (ACLs) by locking usage rights within the document itself and controlling how information is used (even after the target recipient opens the message) Better protect information.

- Flexible and customizable technology. Independent software vendors (ISVs) and developers can use any application with AD RMS enabled or enable other servers (such as content management systems or portal servers running on Windows or other operating systems) to work with AD RMS to help Protect sensitive information. The purpose of ISV is to integrate information protection into server-based solutions such as document and records management, email gateways and archiving systems, automated workflows, and content inspection.

Page 2: Hardware and Software Considerations

Features in AD RMS

In Windows Server 2008, you can set the following for AD RMS by using Server Manager Component:

- Active Directory Rights Management Services. The Active Directory Rights Management Services (AD RMS) role service is a required role service for installing the AD RMS components used to publish and use rights-protected content.

- Federated authentication support. The Federation Support Role Service is an optional role service that allows federated identity to use rights-protected content with Active Directory Federation Services.

Briefly deploying AD RMS

(1) Hardware and software considerations

When installing the AD RMS server role, the system installs the required services at the same time, one of which is Internet Information Services (IIS). AD RMS also requires a database (such as Microsoft SQL Server) that runs on the same server as AD RMS or in a remote server and Active Directory Domain Services forest.

The following table describes the minimum hardware requirements and recommendations for running a Windows Server 2008-based server with the AD RMS server role.

Note:

A set of limited server roles available for Server Core installation options for Windows Server 2008 and Windows Server 2008 for Itanium-based systems.

The following table describes the Windows Server 2008 server-based software requirements for running the AD RMS server role. For features that can be met by enabling features on the operating system, you can configure these features as needed by installing the AD RMS server role.

Note: Clients with AD RMS enabled must have an AD RMS enabled browser or application (such as Microsoft Word, Outlook, or PowerPoint in Microsoft Office 2007). In order to create rights-protected content, you need Microsoft Office 2007 Enterprise, Professional Plus, or Ultimate. For additional security, you can integrate AD RMS with other technologies such as smart cards.

Page 3: Formally deploying AD RMS

(2) Formally deploying AD RMS

Next, begin formal configuration of the AD RMS server.

1. Install a Windows Server 2008 with the computer name "WS2008-ADRMS”.

2. After configuring the TCP/IP properties to log in to the system, click “Start”, click “Control Panel", double-click “Network and Sharing Center", click “View Status ”. Click “Properties”. Double-click "Internet Protocol Version 4 (TCP/IPv4)" in the "Local Area Connection Properties" window. Enter the relevant information.

3. Add WS2008-ADRMS to the domain. Click “Start”, right click on “My Computer", click “Properties”. Click “Change Settings”. Click “Change” in the "System Properties" window. Enter the domain name you want to join and click “OK”. Enter a user and password that has permission to join the domain. Finally confirm and restart the computer.

4. Add the user “ADRMS-admin” to the local Administrators group.

5. Add the AD RMS Server role using “ ADRMS-admin “Log in to the ”ADRMS“ server. Click " Start & ldquo;, click & rdquo; Administrative Tools “, click & rdquo; Server Manager & ldquo;. In the "User Account Control" window click & rdquo; Continue & ldquo;. Click ”Add Role";&#&#>>> Add the required role service “. The system automatically checks the related services, click "Next", appears" "Active Directory Rights Management Services Introduction", click ”Next“. Select the installed role service, the default is ” Active Directory is only for the management server “, click & rdquo; next & ldquo;. Select “New AD RMS Cluster", click ”Next“.

7. On the "Configure Database“ page, select “Use another database server", click "Select“, enter the database server name and click ”OK“. Select “Default“ in “Database Instance" and click & rdquo;Verify“. Finally click ”Next“. On the "Service Account" page, click ”specify“. In the "Add Role Wizard" window, enter the user and password created earlier. Click ”OK“.

8. On the “ cluster key storage “ page, keep the default selection “ use the key storage managed by AD RMS “, click & rdquo; next & ldquo;. Enter a password on the "Cluster Key Password" page. On the "Cluster Site" page, select “Default Site", click ”Next“. On the "Cluster Address" page, check “Use unencrypted connection (https://)“, “port”use the default “80”, click “verify”. Finally click “Next”.

9. Enter a name on the "License Certificate Name" page. On the “SCP Registration” page, keep the default “Register Now AD RMS Service Connection Point”. The “Web Server Profile (IIS)” page appears, click “Next” & rdquo;. The system lists the role services of the relevant web server. Click “Next”. Click on the “Confirm” page to get an overview of the relevant information. If you have no problem, click “Install”. The system displays the process of installing. Upon success, an information page is displayed in which you must log out and log back in to manage AD RMS. Click “Close"; and log out of the system.

After logging in again, click “Start”, click “Administrative Tools", click “Active Directory Rights Management Services”. Click on the "User Account Control" window to "Continue". Open the AD RMS Manager. Here you can perform related management operations on AD RMS.

At this point, the entire server RMS installation and deployment is complete.

Admin AD RMS

In Windows Server 2008, the management of many tasks has become quite simple due to the existence of the server manager. The server role is managed using the Microsoft Management Console (MMC) snap-in. AD RMS can be managed using the Active Directory Rights Management Services console. The specific opening method is: click “Start”, point to “Administrative Tools", and then click “Active Directory Rights Management Services”



Copyright © Windows knowledge All Rights Reserved