Configure Active Directory Rights Management Service (AD RMS) in Windows Server 2022
4 هزار بار بازدید -
2 سال پیش
-
Donate Us : paypal.me/MicrosoftLab
Configure
Donate Us : paypal.me/MicrosoftLab
Configure Active Directory Rights Management Service AD RMS in Windows Server 2022
1. Prepare
- DC1 : Domain Controller Yi.vn | DC2 : Exchange Server
- DC23 : Domain Member install AD RMS server | DC24 : Domain Memberinstall Certificate Server
- WIN101, WIN102 : Clients | Turn off Firewall local at all
2. Step by step : Configure Active Directory Rights Management Service AD RMS on DC23
- DC1 : Create a new user named rmsservices service account
- DC24 : Install Certificate service and create a template named SSL for Web Server
- DC23 : Install and Configure Active Directory Rights Management Service AD RMS
+ Start - mmc - File - Add/Remove Snap-in... - Certificates - Add- Computer account - Right-click Personal - All Tasks - Request New Certificate... maybe need restart server
- Select SSL - Click "More information is required to enroll ..." - Subject tab - Subject name : Type : Common name, Value : DC23 - Add
- Alternative name : Type : DNS, Value : DC23.Yi.vn - Add - Enroll
+ Server Manager - Manage - Add Roles and Features - Next to "Server Roles" : Select "Active Directory Rights Management Services" - Add Features - Next to Install
+ Click Notifications - Perform additional configuration - Configuration Database : Choose "Use Windows Internal Database on this server" - Service Account : Yi\rmsservices
- Cluster Key Password : Enter password - Cluster Address : Choose "Use SSL-encrypted connection https://", Fully-Qualified Domain Name : DC23.Yi.vn/
- Server Certificate : Choose "Choose an existing certificate for SSL encryption recommended" - Next to Install - Restart server
+ Server Manager - Tools - Internet Information Services IIS Manager - DC23 - Sites - Default Web Site - Bindings... - https - Edit... - SSL certificate : Choose DC23
+ Default Web Site - _wmcs, certification, licensing - Authentication - Anonymous Authentication : Enable
+ Default Web Site - _wmcs - Right-click certification - Switch to content view - Right-click ServerCertification.asmx - Edit Permission... - Security tab - Edit...
- Add... - DC2, exchange servers, rmsservices
+ Right-click ServiceLocator.asmx - Switch to Features View - Authentication - Right-click "Anonymous Authencation" : Disable
+ Create and share a folder named Policy with network shared \\DC23\Policy
+ Server Manager - Tools - Active Directory Rights Management Services - DC23.Yi.vn Local - Enable : Users, Applications, Super Users
+ Rights Policy Tempaltes :
+ Create distributed rights policy template :
+ 1. Add Template Identifica... - Add - Name : Prevent Print, Description : Prevent Print - Add
+ 2. Add User Rights - Users ans rights - Add... [email protected], [email protected] - Rights : Tick all eliminate Full Control and Print
+ 4. Specify Extended Policy - Select "Enable users to view protected content using a browser add-on" ---- Finish
+ Change distributed rights policy templates file location - Select "Enable export" - Specify templates file location UNC : \\DC23\Policy
- DC2 : Create mail group and set AD RMSconfigure
+ Start - Exchange Management shell, Type :
+ New-DistributionGroup -Name "RMSSuper" -OrganizationalUnit "Yi.vn/users" -SAMAccountName "RMSSuper" -Type "Distribution" # Create a mail group named RMSSuper
+ Add-DistributionGroupMember RMSsuper -Member FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 # Add account Federat... to RMSSuper
- DC23 : Active Directory Rights Management Services - DC23.Yi.vn Local - Security Policies - Super Users - Change super user group - Super user group : [email protected]
- DC2 : Restart and set IRM
+ Start - Exchange Management shell, Type :
+ Get-IRMConfiguration # Show IRMConfiguration
+ Set-IRMConfiguration -InternalLicensingEnabled $true # Set InternalLicensingEnabled to True
+ Test-IRMConfiguration -Sender [email protected] # Test send email
- WIN101, WIN102 : Set Internet Explorer
+ Start - Internet Explorer - Tools - Internet options - Security tab - Trusted sites - Sites - Add this website to the zone : DC23.Yi.vn/ - Add
+ Security level for this zone : All - down to Low
- WIN101 : Sign in Email using HiepIT account, test send normanl and using AD RMS to VietIT
- WIN102 : Sign in Email using VietIT account, check email recived using AD RMS can not Print === OK
-----------------------------------------------------------******************** / microsoftlab ********************--------------------------------------------------------
2 سال پیش
در تاریخ 1401/11/01 منتشر شده
است.
4,068
بـار بازدید شده