Configure Active Directory Rights Management Service (AD RMS) in Windows Server 2022

Donate Us : paypal.me/MicrosoftLab Configure Active Directory Rights Management Service AD RMS in Windows Server 2022 1. Prepare - DC1 : Domain Controller Yi.vn | DC2 : Exchange Server - DC23 : Domain Member install AD RMS server | DC24 : Domain Memberinstall Certificate Server - WIN101, WIN102 : Clients | Turn off Firewall local at all 2. Step by step : Configure Active Directory Rights Management Service AD RMS on DC23 - DC1 : Create a new user named rmsservices service account - DC24 : Install Certificate service and create a template named SSL for Web Server - DC23 : Install and Configure Active Directory Rights Management Service AD RMS + Start - mmc - File - Add/Remove Snap-in... - Certificates - Add- Computer account - Right-click Personal - All Tasks - Request New Certificate... maybe need restart server - Select SSL - Click "More information is required to enroll ..." - Subject tab - Subject name : Type : Common name, Value : DC23 - Add - Alternative name : Type : DNS, Value : DC23.Yi.vn - Add - Enroll + Server Manager - Manage - Add Roles and Features - Next to "Server Roles" : Select "Active Directory Rights Management Services" - Add Features - Next to Install + Click Notifications - Perform additional configuration - Configuration Database : Choose "Use Windows Internal Database on this server" - Service Account : Yi\rmsservices - Cluster Key Password : Enter password - Cluster Address : Choose "Use SSL-encrypted connection https://", Fully-Qualified Domain Name : DC23.Yi.vn/ - Server Certificate : Choose "Choose an existing certificate for SSL encryption recommended" - Next to Install - Restart server + Server Manager - Tools - Internet Information Services IIS Manager - DC23 - Sites - Default Web Site - Bindings... - https - Edit... - SSL certificate : Choose DC23 + Default Web Site - _wmcs, certification, licensing - Authentication - Anonymous Authentication : Enable + Default Web Site - _wmcs - Right-click certification - Switch to content view - Right-click ServerCertification.asmx - Edit Permission... - Security tab - Edit... - Add... - DC2, exchange servers, rmsservices + Right-click ServiceLocator.asmx - Switch to Features View - Authentication - Right-click "Anonymous Authencation" : Disable + Create and share a folder named Policy with network shared \\DC23\Policy + Server Manager - Tools - Active Directory Rights Management Services - DC23.Yi.vn Local - Enable : Users, Applications, Super Users + Rights Policy Tempaltes : + Create distributed rights policy template : + 1. Add Template Identifica... - Add - Name : Prevent Print, Description : Prevent Print - Add + 2. Add User Rights - Users ans rights - Add... [email protected], [email protected] - Rights : Tick all eliminate Full Control and Print + 4. Specify Extended Policy - Select "Enable users to view protected content using a browser add-on" ---- Finish + Change distributed rights policy templates file location - Select "Enable export" - Specify templates file location UNC : \\DC23\Policy - DC2 : Create mail group and set AD RMSconfigure + Start - Exchange Management shell, Type : + New-DistributionGroup -Name "RMSSuper" -OrganizationalUnit "Yi.vn/users" -SAMAccountName "RMSSuper" -Type "Distribution" # Create a mail group named RMSSuper + Add-DistributionGroupMember RMSsuper -Member FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 # Add account Federat... to RMSSuper - DC23 : Active Directory Rights Management Services - DC23.Yi.vn Local - Security Policies - Super Users - Change super user group - Super user group : [email protected] - DC2 : Restart and set IRM + Start - Exchange Management shell, Type : + Get-IRMConfiguration # Show IRMConfiguration + Set-IRMConfiguration -InternalLicensingEnabled $true # Set InternalLicensingEnabled to True + Test-IRMConfiguration -Sender [email protected] # Test send email - WIN101, WIN102 : Set Internet Explorer + Start - Internet Explorer - Tools - Internet options - Security tab - Trusted sites - Sites - Add this website to the zone : DC23.Yi.vn/ - Add + Security level for this zone : All - down to Low - WIN101 : Sign in Email using HiepIT account, test send normanl and using AD RMS to VietIT - WIN102 : Sign in Email using VietIT account, check email recived using AD RMS can not Print === OK -----------------------------------------------------------********************    / microsoftlab   ********************--------------------------------------------------------