Академический Документы
Профессиональный Документы
Культура Документы
Microsoft Corporation Published: January 2008 Author: Brian Lich Editor: Carolyn Eller
Abstract
This step-by-step guide provides instructions for setting up a test environment for creating and deploying Active Directory Rights Management Services (AD RMS) rights policy templates on the Windows Server 2008 operating system.
This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, and is the confidential and proprietary information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the recipient and Microsoft. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2008 Microsoft Corporation. All rights reserved. Active Directory, Microsoft, MS-DOS, Vista, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Contents
AD RMS Templates Deployment Step-by-Step Guide....................................................................1 Abstract....................................................................................................................................1 Contents..........................................................................................................................................3 Creating and Deploying Active Directory Rights Management Services Rights Policy Templates Step-by-Step Guide.....................................................................................................................4 About this Guide..........................................................................................................................4 What This Guide Does Not Provide..........................................................................................4 Deploying AD RMS in a Test Environment...................................................................................5 Step 1: Creating a Shared Folder on the AD RMS Cluster..............................................................6 Step 2: Creating an AD RMS Rights Policy Template.....................................................................7 Step 3: Configuring the AD RMS client...........................................................................................8 Step 4: Verifying AD RMS Functionality using ADRMS-CLNT........................................................9
Creating and Deploying Active Directory Rights Management Services Rights Policy Templates Step-by-Step Guide
About this Guide
This step-by-step guide walks you through the process of creating and deploying Active Directory Rights Management Services (AD RMS) policy templates in a test environment. During this process you create a rights policy template, deploy this template to a client computer running Windows Vista and Microsoft Office Word 2007, and verify that the client computer can rightsprotect a document by using the newly-created rights policy template. Once complete, you can use the test lab environment to assess how AD RMS rights policy templates can be created with Windows Server 2008 and deployed within your organization. As you complete the steps in this guide, you will: Create an AD RMS rights policy template. Deploy the rights policy template. Verify AD RMS functionality after you complete the configuration.
The goal of an AD RMS deployment is to be able to protect information, no matter where it is moved. Once AD RMS protection is added to a digital file, the protection stays with the file. By default, only the content owner is able to remove the protection from the file. The owner can grant rights to other users to perform actions on the content, such as the ability to view, copy, or print the file.
ADRMS-SRV
AD RMS, Internet Information Services (IIS) 7.0, World Wide Web Publishing Service, Message Queuing (also known as MSMQ), and Windows Internal Database Active Directory, Domain Name System (DNS) Microsoft SQL Server 2005 Standard Edition Microsoft Office Word 2007 Enterprise Edition
Windows Server 2003 with Service Pack 1 (SP1) Windows Server 2003 with SP1 Windows Vista
The computers form a private intranet and are connected through a common hub or Layer 2 switch. This configuration can be emulated in a virtual server environment if desired. This step-bystep exercise uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the intranet. The domain controller is named CPANDL-DC for the domain named cpandl.com. The following figure shows the configuration of the test environment:
9. Click OK twice. 10. Click the Security tab, and then click Edit. 11. Click Add, in the Enter the object names to select box type CPANDL\ADRMSSRVC, and then click OK. 12. Click ADRMSSRVC (ADRMSSRVC@cpandl.com), and then, in the Permissions forADRMSSRVC box, select the Modify check box in the Allow column, and then click OK. 13. Click Close.
9. Type CPANDL.COM CC in the Name box. 10. Type CPANDL.COM Company Confidential in the Description box, and then click Add. 11. Click Next. 12. Click Add, type employees@cpandl.com in The e-mail address of a user or group box, and then click OK. 13. Select the View check box to grant the EMPLOYEES@CPANDL.COM group Read access to any document created by using this AD RMS rights policy template. 14. Click Finish.
7. Verify that the path C:\Users\nhollida\AppData\Microsoft\DRM\Templates\ is valid. If it is not, create the appropriate folders. 8. Click Start, type \\ADRMS-SRV\ADRMSTemplates in the Start Search box, and then press ENTER. 9. Copy the exported AD RMS rights policy templates from \\ADRMSSRV\ADRMSTemplates to C:\Users\nhollida\AppData\Microsoft\DRM\Templates. Note Copying the AD RMS rights policy templates to the client computer is not required if the rights policy templates do not have to be available offline.
2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007. 3. Click the Microsoft Office button, click Open, navigate to \\ADRMS-DB\public, and then double-click ADRMS-TST.docx. The following message appears: "Permission to this document is currently restricted. Microsoft Office must connect to https://adrms-srv.cpandl.com/_wmcs/licensing to verify your credentials and download your permission." 4. Click OK. The following message appears: "Verifying your credentials for opening content with restricted permissions" 5. When the document opens, click the Microsoft Office button. Notice that the Print option is not available. 6. Click View Permission in the message bar. You should see that AD RMS rights policy template has been applied to this document. 7. Click OK to close the My Permissions dialog box, and then close Microsoft Word. You have successfully deployed and demonstrated the rights templates policy feature of AD RMS, using the simple scenario of applying a rights policy template to a Microsoft Word 2007 document. You can also use this deployment to explore some of the additional capabilities of AD RMS through additional configuration and testing.
10