Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide



Similar documents
AD RMS Step-by-Step Guide

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide

Windows BitLocker Drive Encryption Step-by-Step Guide

Active Directory Rights Management Service Integration Guide

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

Deploying Microsoft RemoteFX on a Single Remote Desktop Virtualization Host Server Step-by-Step Guide

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Improving Performance of Microsoft CRM 3.0 by Using a Dedicated Report Server

EventTracker: Support to Non English Systems

Lab Answer Key for Module 9: Active Directory Domain Services. Table of Contents Lab 1: Exploring Active Directory Domain Services 1

Windows Server Update Services 3.0 SP2 Step By Step Guide

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook Pipelinersales Inc.

Technical Brief for Windows Home Server Remote Access

File and Printer Sharing with Microsoft Windows

Step-by-Step Guide for Monitoring in Windows HPC Server 2008 Beta 2

Windows Small Business Server 2003 Upgrade Best Practices

Overview of Microsoft Office 365 Development

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1

Lab 05: Deploying Microsoft Office Web Apps Server

Deploying Microsoft RemoteFX for Personal Virtual Desktops Step-by-Step Guide

The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions

Lab Answer Key for Module 6: Configuring and Managing Windows SharePoint Services 3.0. Table of Contents Lab 1: Configuring and Managing WSS 3.

Introduction to DirectAccess in Windows Server 2012

Implementing and Supporting Windows Intune

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

How To Install Outlook Addin On A 32 Bit Computer

Overview of Active Directory Rights Management Services with Windows Server 2008 R2

Information Rights Management in Office for Mac 2011 Deployment Guide

User Guide. Live Meeting. MailStreet Live Support:

Microsoft Corporation. Status: Preliminary documentation

Management Reporter Integration Guide for Microsoft Dynamics GP

TS Gateway Step-By-Step Guide

Troubleshooting File and Printer Sharing in Microsoft Windows XP

Redeploying Microsoft CRM 3.0

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Hyper-V Server 2008 Getting Started Guide

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

Introduction to Hyper-V High- Availability with Failover Clustering

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Implementing and Supporting Windows Intune

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Deploying the Workspace Application for Microsoft SharePoint Online

Microsoft Dynamics GP. Engineering Data Management Integration Administrator s Guide

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

Pipeliner CRM Phaenomena Guide Opportunity Management Pipelinersales Inc.

Lab 02 Working with Data Quality Services in SQL Server 2014

For Active Directory Installation Guide

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

Secure IIS Web Server with SSL

How To Set Up A Load Balancer With Windows 2010 Outlook 2010 On A Server With A Webmux On A Windows Vista V (Windows V2) On A Network With A Server (Windows) On

Lab Answer Key for Module 1: Installing and Configuring Windows Server Table of Contents Lab 1: Configuring Windows Server

Managing Linux Servers with System Center 2012 R2

Enable File and Folder Auditing

Step-by-Step Secure Wireless for Home / Small Office and Small Organizations

Management Reporter Integration Guide for Microsoft Dynamics AX

Mailbox Recovery for Microsoft Exchange 2000 Server. Published: August 2000 Updated: July 2002 Applies To: Microsoft Exchange 2000 Server SP3

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Hyper-V Server 2008 Setup and Configuration Tool Guide

Using Apple Remote Desktop to Deploy Centrify DirectControl

Lepide Exchange Recovery Manager

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2

Windows Azure Pack Installation and Initial Configuration

Pipeliner CRM Phaenomena Guide Administration & Setup Pipelinersales Inc.

Migrating Active Directory to Windows Server 2012 R2

Project management integrated into Outlook

How to Secure a Groove Manager Web Site

Lab Answer Key for Module 11: Managing Transactions and Locks

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

Connector for Microsoft Dynamics Configuration Guide for Microsoft Dynamics SL

2007 Microsoft Office System Document Encryption

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

All other trademarks are property of their respective owners.

Microsoft Dynamics GP. Electronic Signatures

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Integrating Business Portal 3.0 with Microsoft Office SharePoint Portal Server 2003: A Natural Fit

WatchDox Administrator's Guide. Application Version 3.7.5

Office Language Interface Pack for Farsi (Persian) Content

Microsoft Office Communicator 2007 Getting Started Guide. Published: July 2007

Using SQL Reporting Services with Amicus

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Microsoft Business Solutions Navision 4.0 Development I C/SIDE Introduction Virtual PC Setup Guide. Course Number: 8359B

DriveLock Quick Start Guide

Exclaimer Alias Manager for Exchange Deployment Guide - Exclaimer Alias Manager for Exchange Outlook Add-In

Writers: Joanne Hodgins, Omri Bahat, Morgan Oslake, and Matt Hollingsworth

Pipeliner CRM Phaenomena Guide Importing Leads & Opportunities Pipelinersales Inc.

Project management integrated into Outlook

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Lab 00: Configuring the Microsoft Lync Ignite Environment Cloud Hosted Version

Module 1: Introduction to Active Directory Infrastructure

Distributed File System Replication Management Pack Guide for System Center Operations Manager 2007

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

About This Guide Signature Manager Outlook Edition Overview... 5

Transcription:

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide Microsoft Corporation Published: January 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide provides instructions for setting up a test environment for creating and deploying Active Directory Rights Management Services (AD RMS) rights policy templates on the Windows Server 2008 operating system.

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, and is the confidential and proprietary information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the recipient and Microsoft. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2008 Microsoft Corporation. All rights reserved. Active Directory, Microsoft, MS-DOS, Vista, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

Contents Creating and Deploying Active Directory Rights Management Services Rights Policy Templates Step-by-Step Guide... 5 About this Guide... 5 What This Guide Does Not Provide... 5 Deploying AD RMS in a Test Environment... 6 Step 1: Creating a Shared Folder on the AD RMS Cluster... 7 Step 2: Creating an AD RMS Rights Policy Template... 8 Step 3: Configuring the AD RMS client... 9 Step 4: Verifying AD RMS Functionality using ADRMS-CLNT... 10

Creating and Deploying Active Directory Rights Management Services Rights Policy Templates Step-by-Step Guide About this Guide This step-by-step guide walks you through the process of creating and deploying Active Directory Rights Management Services (AD RMS) policy templates in a test environment. During this process you create a rights policy template, deploy this template to a client computer running Windows Vista and Microsoft Office Word 2007, and verify that the client computer can rightsprotect a document by using the newly-created rights policy template. Once complete, you can use the test lab environment to assess how AD RMS rights policy templates can be created with Windows Server 2008 and deployed within your organization. As you complete the steps in this guide, you will: Create an AD RMS rights policy template. Deploy the rights policy template. Verify AD RMS functionality after you complete the configuration. The goal of an AD RMS deployment is to be able to protect information, no matter where it is moved. Once AD RMS protection is added to a digital file, the protection stays with the file. By default, only the content owner is able to remove the protection from the file. The owner can grant rights to other users to perform actions on the content, such as the ability to view, copy, or print the file. What This Guide Does Not Provide This guide does not provide the following: Guidance for setting up and configuring AD RMS in either a production or test environment. This guide assumes that AD RMS is already configured for a test environment. For more information about configuring AD RMS, see Windows Server Active Directory Rights Management Services Step-by-Step Guide (http://go.microsoft.com/fwlink/?linkid=72134). Complete technical reference for AD RMS or deploying AD RMS templates within your organization. In a large organization, Systems Management Server (SMS) or Group Policy can provide a way to deploy AD RMS rights policy templates to several workstations at a time. 5

Deploying AD RMS in a Test Environment We recommend that you first use the steps provided in this guide in a test lab environment. Stepby-step guides are not necessarily meant to be used to deploy Microsoft products without accompanying documentation and should be used with discretion as a stand-alone document. Before you start the steps in this guide, you will need to use the steps provided in Windows Server Active Directory Rights Management Services Step-by-Step Guide (http://go.microsoft.com/fwlink/?linkid=72134), also in a lab environment. That guide prepares the basic infrastructure for an AD RMS deployment, with an AD RMS cluster, AD RMS Logging database, and domain controller. This step-by-step guide builds on the previous guide, so it is important to complete it before starting this one. On completion of this step-by-step guide, you will have a working AD RMS rights policy template. You can then test and verify AD RMS rights policy template functionality through the simple task of restricting permissions on a Microsoft Office Word 2007 document with the rights policy template created in this guide. The test environment described in this guide includes three computers connected to a private network and using the following operating systems, applications, and services: Computer Name Operating System Applications and Services ADRMS-SRV Windows Server 2008 AD RMS, Internet Information Services (IIS) 7.0, World Wide Web Publishing Service, Message Queuing (also known as MSMQ), and Windows Internal Database CPANDL-DC Windows Server 2003 with Service Pack 1 (SP1) Active Directory, Domain Name System (DNS) ADRMS-DB Windows Server 2003 with SP1 Microsoft SQL Server 2005 Standard Edition ADRMS-CLNT Windows Vista Microsoft Office Word 2007 Enterprise Edition The computers form a private intranet and are connected through a common hub or Layer 2 switch. This configuration can be emulated in a virtual server environment if desired. This stepby-step exercise uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the intranet. The domain controller is named CPANDL-DC for the domain named cpandl.com. The following figure shows the configuration of the test environment: 6

Step 1: Creating a Shared Folder on the AD RMS Cluster To ease administration of the rights policy templates, you can store AD RMS rights policy templates in a central location so that they can be copied to the AD RMS clients. Some distribution methods include using Systems Management Server, Group Policy, or manually copying the templates to the AD RMS client. In this guide, the rights policy templates are copied manually. Note The AD RMS service account must have Write access to the rights policy template shared folder in order for the rights policy template export function to work correctly. To create a shared folder for the AD RMS rights policy templates and set appropriate permissions for the AD RMS service account, do the following: To create an AD RMS rights policy templates shared folder 1. Log on to ADRMS-SRV as CPANDL\Administrator. 2. Click Start, click Computer, and then double-click Local Disk (C:). 3. Create a new folder named ADRMSTemplates. Click Organize, click New Folder, type the name ADRMSTemplates, and then press ENTER. 4. Right-click the ADRMSTemplates folders, and then click Properties. 5. Click the Sharing tab, and then click Advanced Sharing. 6. Select the Share this Folder check box, and then click Permissions. 7. Click Add, in the Enter the object names to select box type CPANDL\ADRMSSRVC, and then click OK. 8. In the Group or user names box, click ADRMSSRVC (ADRMSSRVC@cpandl.com), and then, in the Permissions for ADRMSSRVC box, select the Change check box in 7

the Allow column. 9. Click OK twice. 10. Click the Security tab, and then click Edit. 11. Click Add, in the Enter the object names to select box type CPANDL\ADRMSSRVC, and then click OK. 12. Click ADRMSSRVC (ADRMSSRVC@cpandl.com), and then, in the Permissions foradrmssrvc box, select the Modify check box in the Allow column, and then click OK. 13. Click Close. Step 2: Creating an AD RMS Rights Policy Template As mentioned earlier in this guide, AD RMS rights policy templates are created on the AD RMS cluster and then exported to a shared folder. If your users will be using the AD RMS-enabled application only when connected to the internal network, the templates can be accessed from the shared folder by the clients as needed. In this case, all AD RMS users should have Read access to this shared folder in order for them to use the rights policy template. Alternatively, the templates can be copied from the shared folder to the client computers. This enables the templates to be used when users are not connected to the network, such as when traveling with a laptop or from another mobile device. Because the most common deployment is to copy the templates to the client computers, this is the approach explained in this guide. To create a new AD RMS rights policy template 1. Open the Active Directory Rights Management Services Administration console. Click Start, point to Administrative Tools, and then click Active Directory Rights Management Services. 2. In the Active Directory Rights Management Services Administration console, click LocalHost. 3. In the Tasks box in the Results pane, click Manage rights policy templates. 4. To enable exporting of the AD RMS rights policy templates, click Properties in the Actions pane. 5. Select the Enable export check box, type \\adrms-srv\adrmstemplates in the Specify templates file location (UNC) box, and then click OK. 6. In the Actions pane, click Create Distributed Rights Policy Template to start Create Distributed Rights Policy template wizard. 7. Click Add. 8

8. In the Language list, choose the appropriate language for the rights policy template. 9. Type CPANDL.COM CC in the Name box. 10. Type CPANDL.COM Company Confidential in the Description box, and then click Add. 11. Click Next. 12. Click Add, type employees@cpandl.com in The e-mail address of a user or group box, and then click OK. 13. Select the View check box to grant the EMPLOYEES@CPANDL.COM group Read access to any document created by using this AD RMS rights policy template. 14. Click Finish. Step 3: Configuring the AD RMS client The AD RMS client is included in the default installation of Windows Vista. Previous versions of the client are available for download for other Windows operating systems. This guide assumes that an AD RMS cluster is already configured in a test environment. Additionally, extra configuration is required on the AD RMS client workstation so that the rights policy templates are accessible. To make the AD RMS rights policy templates accessible, you must copy the AD RMS rights policy templates to the client computer and create a registry entry that points to the location of the rights policy templates. In order for the AD RMS client computer to locate the templates, you must add a registry entry and copy the AD RMS rights policy templates locally. To do this, you must complete the following steps before rights-protecting a document: To make AD RMS templates available to users on ADRMS-CLNT 1. Log on to ADRMS-CLNT as Nicole Holliday (nhollida@cpandl.com). 2. Click Start, type regedit.exe in the Start Search box, and then click the regedit.exe icon under Programs. 3. Expand the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM Note If DRM was not already created as a part of the key, you must create it manually. 4. Select DRM, click Edit, point to New, click Expandable String Value, and then type AdminTemplatePath. 5. Double-click the AdminTemplatePath registry value and type %UserProfile%\AppData\Microsoft\DRM\Templates in the Value data box where %UserProfile% equals C:\Users\<user name>, and then click OK. 9

6. Close Registry Editor. 7. Verify that the path C:\Users\nhollida\AppData\Microsoft\DRM\Templates\ is valid. If it is not, create the appropriate folders. 8. Click Start, type \\ADRMS-SRV\ADRMSTemplates in the Start Search box, and then press ENTER. 9. Copy the exported AD RMS rights policy templates from \\ADRMS- SRV\ADRMSTemplates to C:\Users\nhollida\AppData\Microsoft\DRM\Templates. Note Copying the AD RMS rights policy templates to the client computer is not required if the rights policy templates do not have to be available offline. Step 4: Verifying AD RMS Functionality using ADRMS-CLNT To verify the functionality of the AD RMS deployment, you log on as Nicole Holliday and then restrict permissions on a Microsoft Word 2007 document by using the AD RMS rights policy template created earlier in this guide. This policy gives CP&L employees the ability to read the document but not to change, print, or copy. All other people have no access at all to the document. You then log on as Stuart Railson and verify that Stuart Railson, a member of the Employees group at CP&L, cannot print the document. To restrict permissions on a Microsoft Word 2007 document 1. Log on to ADRMS-CLNT as Nicole Holliday (nhollida@cpandl.com). 2. Click Start, click All Programs, click Microsoft Office, and then click Microsoft Office Word 2007. 3. Type CP&L Employees cannot print this document on the blank document page, click the Microsoft Office button, point to Finish, point to Restrict Permission, click Restrict Permission as, select nhollida@cpandl.com in the Select User dialog box, and then click OK. 4. In the Permission dialog box, select the Restrict permission to this document check box, click Read, type the name of the user or group to be restricted. In this case, type employees@cpandl.com, and then click OK twice. 5. Click the Microsoft Office button, click Save As, and then save the file as \\ADRMS- DB\public\ADRMS-TST.docx. 6. Log off as Nicole Holliday. Next, log on as Stuart Railson and open the document, ADRMS-TST.docx. 10

To view a protected document 1. Log on as Stuart Railson (srailson@cpandl.com). 2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007. 3. Click the Microsoft Office button, click Open, navigate to \\ADRMS-DB\public, and then double-click ADRMS-TST.docx. The following message appears: "Permission to this document is currently restricted. Microsoft Office must connect to https://adrms-srv.cpandl.com/_wmcs/licensing to verify your credentials and download your permission." 4. Click OK. The following message appears: "Verifying your credentials for opening content with restricted permissions " 5. When the document opens, click the Microsoft Office button. Notice that the Print option is not available. 6. Click View Permission in the message bar. You should see that AD RMS rights policy template has been applied to this document. 7. Click OK to close the My Permissions dialog box, and then close Microsoft Word. You have successfully deployed and demonstrated the rights templates policy feature of AD RMS, using the simple scenario of applying a rights policy template to a Microsoft Word 2007 document. You can also use this deployment to explore some of the additional capabilities of AD RMS through additional configuration and testing. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information