Télécharger cours configuring and troubleshooting identity and access solutions with windows server active directory, tutoriel document PDF.
How Access Management Is Enforced by Using
AD RMS
AD RMS enforces access management by :
Establishing trusted participants within the AD RMS system
Assigning persistent usage rights and conditions on how a trusted participant can use protected information
Encrypting information and allowing access to users that have the required components and rights to open and view the information
Types of information that can be protected includes:
Sensitive documents such as plans, proposals, reports
E-mail messages
Content stored in AD RMS-aware intranet services
AD RMS Certificates and Licenses
Server Licensor Certificate
Gets created when the AD RMS server role is installed and configured on the first server of an
AD RMS Root Cluster
Machine Certificate
Identifies a trusted computer and contains the unique public key for that machine, on a per user
per computer basis
Rights Account Certificate
Names a trusted user identity by using the e-mail address or SID of the user on a per user basis
Client Licensor Certificate
Names a trusted user that is authorized to publish RMS-protected information without requiring connectivity to an RMS server. This naming is based on per user on a computer
Publishing License
Sets the policy for acquiring a used license for rights-protected information
Use License
Grants an authorized user with valid RAC rights to consume rights-protected information based on policy established in the publishing license
Preinstallation Considerations
Consider the following points before deploying AD RMS:
Determine whether to use an external database or the internal database provided by Windows Server® 2008.
-Make the account used to install AD RMS, as the member of the Enterprise Admins group or equivalent, if the service connection point is to be registered during installation.
-Install AD RMS on a member server in the same domain as the user accounts that will participate in AD RMS.
-Create a DNS alias (CNAME) record for the AD RMS cluster URL, and a CNAME record for the computer hosting the configuration database.
-Obtain an Secure Socket Layer (SSL) certificate from a trusted Certification Authority, if secure communication to and from the AD RMS cluster is required.
-Create a specific AD RMS service account with standard user permissions.
Demonstration: How to Install the First Server of an AD RMS Cluster
• To use DNS to configure a CNAME for the AD RMS cluster
• To use Server Manager to install the AD RMS server role
Configuring Client Service Discovery
AD DS service connection point
AD RMS client registry override
HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM\ServiceLocation
Activation (syntax: http(s):// <cluster>/_wmcs/ certification)
EnterprisePublishing (syntax: http(s):// <cluster> /_wmcs /certification)
AD RMS clients discover the AD RMS cluster using the following methods: