Lab 13 - Implementación de AD RMS

ADMINISTRACIÓN DE SISTEMAS OPERATIVOS
AVANZADO
LABORATORIO N° 13
Implementación de AD RMS
CODIGO DEL CURSO: C33366
Alumno(s): Nota
Grupo: Ciclo:
Requiere No
Excelente Bueno Puntaje
Criterios de Evaluación (4pts) (3pts)
Mejora Acept.
Logrado
(2pts) (0pts)
Identifica correctamente los requerimientos
para la creación de un dominio con diferentes
sitios.
Prepara correctamente el entorno para la
instalación de AD DS complejo
Instala, configura un dominio con múltiples
sitios.
Redacta correctamente los pasos principales
de la implementación y conclusiones.
Se comunica de manera efectiva, trabaja con
orden, limpieza y puntualidad.
REDES Y COMUNICACIONES DE DATOS

PROGRAMA DE FORMACIÓN REGULAR
Administración de Sistemas Operativos Avanzado
Laboratorio 13: Implementación de AD RMS

Objetivos:
Al finalizar el laboratorio el estudiante será capaz de:
 Instalar y configurar AD RMS
 Configurar plantillas AD RMS
 Implementar directivas AD RMS
 Verificar la implementación de AD RMS
Seguridad:
 Ubicar maletines y/o mochilas en el gabinete al final de aula de Laboratorio o en los casilleros
asignados al estudiante.
 No ingresar con líquidos, ni comida al aula de Laboratorio.
 Al culminar la sesión de laboratorio apagar correctamente la computadora y la pantalla, y ordenar
las sillas utilizadas.
Equipos y Materiales:
 Una computadora con:

 Windows 7 o superior
 VMware Workstation 10+ o VMware Player 7+
 Conexión a la red del laboratorio
 Máquinas virtuales:
 DVD:
 De Windows Server 2012
Guía de Laboratorio Pág. 2

Procedimiento:
Escenario
Debido a la naturaleza de alta confidencialidad en las investigaciones realizadas en A. Datum, el equipo

de seguridad desea implementar una seguridad adicional para ciertos documentos que el departamento
de investigación crea. El equipo de seguridad está consciente que cualquiera con el acceso de lectura
al documento puede modificar y distribuir los documentos en la forma que ellos deseen. El equipo d
seguridad debería de proveer un nivel extra de protección que persista con el documento aún si este
es movido dentro de la red o fuera de la red.
Como uno de los administradores, necesita planear e implementar una solución AD RMS que proveerá
el nivel de protección requerida por el equipo de seguridad. La solución AD RMS debería proporcionar
muchas opciones diferentes que pueden ser adaptados por una variedad de negocios y requerimientos
de seguridad.
Lab Setup
1. Abrir VMware Workstation y crear un “snapshot” de las máquinas virtuales: LON-DC1, LON-SVR1,
LON-CL1, TREY-DC1 y TREY-CL1.
2. Encender las máquinas virtuales e iniciar sesión con la cuenta Administrador y la contraseña
Pa$$w0rd.

EJERCICIO 1: Instalando y configurando AD RMS
Escenario
El primer paso en la implementación de AD RMS es implementar un servidor en un cluster AD RMS.

Comenzará configurando los registros DNS apropiados y la cuenta para el servicio AD RMS.
Entonces instalará y configurará el primer servidor AD RMS. También deberá habilitar el grupo de
super usuarios AD RMS.
Las principales tareas para este ejercicio son las siguientes:

 Configurar los registros DNS y la cuenta para el servicio AD RMS.
 Instalar y configurar el rol AD RMS
 Configurar el grupo de super usuarios AD RMS
Task 1: Configure DNS and configure an AD RMS service account

1. Sign in to LON-DC1 with the Adatum\Administrator account and the password Pa$$w0rd.
2. In Server Manager, click Tools, and then click Active Directory Administrative Center.
3. Select and then right-click Adatum (local), click New, and then click Organizational Unit.
4. In the Create Organizational Unit dialog box, in the Name text box, type Service Accounts,
and then click OK.
5. Right-click the Service Accounts OU, click New, and then click User.
6. On the Create User dialog box, enter the following details, and then click OK:
 First name: ADRMSSVC
 User UPN logon: ADRMSSVC
 Password: Pa$$w0rd
 Confirm Password: Pa$$w0rd
 Password never expires: Enabled
 User cannot change password: Enabled

7. Right-click the Users container, click New, and then click Group.
8. In the Create Group dialog box, enter the following details, and then click OK:
 Group name: ADRMS_SuperUsers
 E-mail: [email protected]
9. Right-click the Users container, click New, and then click Group.
10. In the Create Group dialog box, enter the following details, and then click OK.
 Group name: Executives
 E-mail: [email protected]
11. Double-click the Managers OU.

12. Press and hold the Ctrl key, and click the following users:
 Aidan Delaney
 Bill Malone
13. In the tasks pane, click Add to group.
14. In the Select Groups dialog box, type Executives, and then click OK.
15. Close the Active Directory Administrative Center.

16. In Server Manager, click Tools, and then click DNS.
17. In the DNS Manager console, expand LON-DC1, and then expand Forward Lookup Zones.
18. Select and then right-click Adatum.com, and then click New Host (A or AAAA).
19. In the New Host dialog box, enter the following information, and then click Add Host:
 Name: adrms
 IP address: 172.16.0.21

20. Click OK, and then click Done.

21. Close the DNS Manager console.
► Task 2: Install and configure the AD RMS server role
1. Sign in to LON-SVR1 with the Adatum\Administrator account and the password Pa$$w0rd.
2. In the Server Manager, click Manage, and then click Add roles and features.
3. In the Add Roles and Features Wizard, click Next three times.
4. On the Server Roles page, click Active Directory Rights Management Services.
5. In the Add Roles and Features dialog box, click Add Features, and then click Next four times.
6. Click Install, and then click Close.

7. In Server Manager, click the AD RMS node.

8. Next to Configuration required for Active Directory Rights Management Services at LON-
SVR1, click More.
9. On the All Servers Task Details and Notifications page, click Perform Additional
Configuration.
10. In the AD RMS Configuration: LON-SVR1.Adatum.com dialog box, click Next.
11. On the AD RMS Cluster page, click Create a new AD RMS root cluster, and then click Next.
12. On the Configuration Database page, click Use Windows Internal Database on this server,
and then click Next.
13. On the Service Account page, click Specify.
14. In the Windows Security dialog box, enter the following details, click OK, and then click Next:
 Username: ADRMSSVC

15. On the Cryptographic Mode page, click Cryptographic Mode 2, and then click Next.
16. On the Cluster Key Storage page, click Use AD RMS centrally managed key storage, and
then click Next.
17. On the Cluster Key Password page, enter the password Pa$$w0rd twice, and then click Next.
18. On the Cluster Web Site page, verify that Default Web Site is selected, and then click Next.
19. On the Cluster Address page, provide the following information, and then click Next:
 Connection Type: Use an unencrypted connection (http://)
 Fully Qualified Domain Name: adrms.adatum.com
 Port: 80 (Note that in production, we would use an encrypted, that is, https connection)

20. On the Licensor Certificate page, type Adatum AD RMS, and then click Next.

21. On the SCP Registration page, click Register the SCP now, and then click Next.
22. Click Install, close All Servers Task Details dialog box and then click Close.
Note: The installation may take several minutes.

23. In the Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
24. In the Internet Information Services (IIS) Manager, expand LON-
SVR1(ADATUM\Administrator)\Sites\Default Web Site, and then click _wmcs.
25. Under /_wmcs Home, In the details pane, in the IIS section, double-click Authentication, click
Anonymous Authentication, and in the Actions pane, click Enable.
26. In the Connections pane, expand _wmcs, and then click licensing.
27. Under /_wmcs/licensing Home, in the details pane, in the IIS section, double-click
Authentication, click Anonymous Authentication, and then in the Actions pane, click Enable.
28. Click to the Start screen, click Administrator, and then click Sign Out.
Note: You must sign out before you can manage AD RMS.
► Task 3: Configure the AD RMS Super Users group

1. Sign in to LON-SVR1 with the Adatum\Administrator account and the password Pa$$w0rd.
2. In Server Manager, click Tools, and then click Active Directory Rights Management Services.
3. In the Active Directory Rights Management Services console, expand the lon-svr1(Local) node,
and then click Security Policies.
4. In the Security Policies area, under Super Users, click Change super user settings.

5. In the Actions pane, click Enable Super Users.
6. In the Super Users area, click Change super user group.

7. In the Super Users dialog box, in the Super user group text box, type
[email protected], and then click OK.

Entregable 1. Capture la pantalla que muestre que el grupo Super User ha sido habilitado.

EJERCICIO 2: Configurando plantillas AD RMS
Escenario
Después de implementar el servidor AD RMS, debe configurar las plantillas de directivas de derechos
y las directivas de exclusión para la organización.

 Configurar una plantilla de directivas de derechos
 Configurar la distribución de plantillas
 Configurar un directiva de exclusión
► Task 1: Configure a new rights policy template

1. Ensure that you are signed in to LON-SVR1.
2. In the Active Directory Rights Management Services console, click the lon-svr1 (local)\Rights
Policy Templates node.
3. In the Actions pane, click Create Distributed Rights Policy Template.
4. In the Create Distributed Rights Policy Template Wizard, on the Add Template Identification
information page, click Add.
5. On the Add New Template Identification Information page, enter the following information, and
then click Add:
 Language: English (United States)
 Name: ReadOnly
 Description: Read only access. No copy or print
6. Click Next.
7. On the Add User Rights page, click Add.
8. On the Add User or Group page, type [email protected], and then click OK.

9. When [email protected] is selected, under Rights, click View. Verify that Grant owner
(author) full control right with no expiration is selected, and then click Next.
10. On the Specify Expiration Policy page, choose the following settings, and then click Next:
 Content Expiration: Expires after the following duration (days): 7
 Use license expiration: Expires after the following duration (days): 7
11. On the Specify Extended Policy page, click Require a new use license every time content is
consumed (disable client-side caching), click Next, and then click Finish.
Entregable 2. Capture la pantalla que muestre la plantilla creada.

► Task 2: Configure the rights policy template distribution

1. On LON-SVR1, on the taskbar, click the Windows PowerShell icon.
2. At the Windows PowerShell® prompt, type the following command, and then press Enter:
New-Item c:\rmstemplates -ItemType Directory
3. At the Windows PowerShell prompt, type the following command, and then press Enter:
New-SmbShare -Name RMSTEMPLATES -Path c:\rmstemplates -FullAccess
ADATUM\ADRMSSVC
New-Item c:\docshare -ItemType Directory
New-SmbShare -Name docshare -Path c:\docshare -FullAccess Everyone

6. To exit Windows PowerShell, type exit.

7. Switch to the Active Directory Rights Management Services console.

8. Click the Rights Policy Templates node, and in the Distributed Rights Policy Templates area,
click Change distributed rights policy templates file location.
9. In the Rights Policy Templates dialog box click Enable export.
10. In the Specify Templates File Location (UNC) text box, type \\LON-SVR1\RMSTEMPLATES,
and then click OK.
11. On the taskbar, click the File Explorer icon.

12. Navigate to the C:\rmstemplates folder, and verify that ReadOnly.xml displays.
13. Close the File Explorer window.

► Task 3: Configure an exclusion policy

1. Switch to the Active Directory Rights Management Services console.
2. Click the Exclusion Policies node, and then click Manage application exclusion list
3. In the Actions pane, click Enable Application Exclusion.
4. In the Actions pane, click Exclude Application.
5. In the Exclude Application dialog box, enter the following information, and then click Finish:
 Application File name: Powerpnt.exe
 Minimum version: 14.0.0.0
 Maximum version: 16.0.0.0

Entregable 3. Capture la pantalla que las exclusiones creadas.
Results: After completing this exercise, you should have configured AD RMS templates.

EJERCICIO 3: Implementación de las directivas de confianza de AD RMS
Escenario
Como parte de la implementación AD RMS, usted necesita asegurarse que la funcionalidad AD RMS
está extendida a la implementación de AD RMS de Trey Research. Configurará las directivas de
confianza requeridas y entonces validar que el contenido compartido entre ambas empresas está
protegido.

 Exportar la directiva de confianza para usuarios del dominio
 Exportar la directiva de confianza para dominios publicados
 Importar la directiva de usuarios del dominio desde otro dominio
 Importar la directiva de dominios publicados desde otro dominio
► Task 1: Export the Trusted User Domains policy

1. On LON-SVR1, on the taskbar, click the Windows PowerShell icon.
New-Item c:\export -ItemType Directory
New-SmbShare -Name Export -Path c:\export -FullAccess Everyone
4. Close the Windows PowerShell window.

5. In the Active Directory Rights Management Services console, expand the Trust Policies node,
and then click the Trusted User Domains node.
6. In the Actions pane, click Export Trusted User Domains.
7. In the Export Trusted User Domains As dialog box, navigate to \\LON-SVR1\export, set the file
name to ADATUM-TUD.bin, and then click Save.

8. Sign in to TREY-DC1 with the TREYRESEARCH\Administrator account and the password

Pa$$w0rd.
9. In the Server Manager, click Tools, and then click Active Directory Rights Management
Services.
10. In the Active Directory Rights Management Services console, expand trey-dc1(local), expand
the Trust Policies node, and then click the Trusted User Domains node.
11. In the Actions pane, click Export Trusted User Domains.
12. In the Export Trusted User Domains As dialog box, navigate to \\LON-SVR1\export, set the file
name to TREYRESEARCH-TUD.bin, and then click Save.

13. On TREY-DC1, on the taskbar, click the Windows PowerShell icon.

14. At the Windows PowerShell command prompt, type the following command, and then press
Enter:
Add-DnsServerConditionalForwarderZone -MasterServers 172.16.0.10 -Name
adatum.com
15. Close the Windows PowerShell window.

► Task 2: Export the Trusted Publishing Domains policy

1. Switch to LON-SVR1.
2. In the Active Directory Rights Management Services console, under the Trust Policies node,
click the Trusted Publishing Domains node.
3. In the Actions pane, click Export Trusted Publishing Domains.
4. In the Export Trusted Publishing Domain dialog box, click Save As.
5. In the Export Trusted Publishing Domain File As dialog box, navigate to \\LON-SVR1\export,
set the file name to ADATUM-TPD.xml, and then click Save.
6. In the Export Trusted Publishing Domain dialog box, enter the password Pa$$w0rd twice, and
then click Finish.

7. Switch to TREY-DC1.

9. In the Actions pane, click Export Trusted Publishing Domains.
10. In the Export Trusted Publishing Domain dialog box, click Save As.
11. In the Export Trusted Publishing Domain File As dialog box, navigate to \\LON-SVR1\export,
set the file name to TREYRESEARCH-TPD.xml, and then click Save.
12. In the Export Trusted Publishing Domain dialog box, enter the password Pa$$w0rd twice, and
then click Finish.

► Task 3: Import the Trusted User Domain policy from the partner domain
click the Trusted User Domains node.
3. In the Actions pane, click Import Trusted User Domain.
4. In the Import Trusted User Domain dialog box, enter the following details, and then click Finish:
 Trusted user domain file: \\LON-SVR1\Export\TREYRESEARCH-TUD.bin
 Display Name: Trey Research

click the Trusted User Domains node.
7. In the Actions pane, click Import Trusted User Domain.
8. In the Import Trusted User Domain dialog box, enter the following details, and then click Finish:
 Trusted user domain file: \\LON-SVR1\Export\ADATUM-TUD.bin
 Display Name: Adatum

Entregable 4. Capture la pantalla que muestre la directiva importada.

► Task 4: Import the Trusted Publishing Domains policy from the partner domain
2. In the Active Directory Rights Management Services console, under the Trust policies node,
3. In the Actions pane, click Import Trusted Publishing Domain.
4. In the Import Trusted Publishing Domain dialog box, enter the following information, and then
click Finish:
 Trusted publishing domain file: \\LON-SVR1\export\TREYRESEARCH-TPD.xml
 Display Name: Trey Research

6. In the Active Directory Rights Management Services console, under the Trust policies node,
7. In the Actions pane, click Import Trusted Publishing Domain.
8. In the Import Trusted Publishing Domain dialog box, provide the following information, and
then click Finish:
 Trusted publishing domain file: \\LON-SVR1\export\adatum-tpd.xml
 Display Name: Adatum

Entregable 5. Capture la pantalla que muestre la directiva importada.


Results: After completing this exercise, you should have implemented the AD RMS trust policies.

EJERCICIO 4: Verificando AD RMS en un cliente
Escenario
Como paso final en la implementación, debe validar que la configuración está trabajando
correctamente.

 Crear un documento con los derechos protegidos
 Verificar el acceso interno a un contenido protegido
 Abrir el documento protegido como un usuario no autorizado
 Abrir y editar un documento protegido como un usuario no autorizado en Trey Research
Task 1: Create a rights-protected document

1. Sign on to LON-CL1 as Adatum\administrator with a password of Pa$$w0rd.
2. On the Start screen, select the Desktop tile.
3. Click the File Explorer icon.
4. In File Explorer, right-click This PC, and then click Properties.
5. In the System window, in the console tree, click Remote settings.
6. Select the Select Users button.
7. Click the Add button.
8. In the Select Users and Groups, pop-up, in the Enter the object names to select text box, type
Aidan; Bill; Carol, and then click OK three times.
9. On the taskbar, click the Windows start icon.

10. On the Start screen, click Administrator, and then click Sign out.
11. Sign in to LON-CL1 as Adatum\Aidan using the password Pa$$w0rd.
12. On the Start screen, click the Desktop tile.
13. On the taskbar, click the Internet Explorer icon. Close any warnings about add-ons.
14. In Windows® Internet Explorer®, in the Address bar, type http://adrms.adatum.com, and then
click the arrow immediately to the right of the uniform resource locator (URL) text box.

15. Click the Gear icon in the far upper right of Internet Explorer.
16. Select Internet Options.
17. Select the Security tab.
18. In the Select a zone to view or change security settings, click the Local intranet icon, and then
click the Sites button.
19. Click the Advanced button.
20. Click the Add button, click Close, and then click OK twice.

21. Close Internet Explorer.

22. Return to the Start screen.
23. On the Start screen, type Word. In the Results area, click Word 2013.
24. In the First things first dialog box, select the Ask me later radio button, and then click Accept.
In the Office dialog box, click the X in the far upper right.
25. In the Word Recent window, click the Blank document icon. In the Microsoft® Word document,
type the following text:

This document is for executives only, it should not be modified.

26. Click File, click Protect Document, click Restrict Access, and then click Connect to Digital
Rights Management Servers and get templates.
27. A Microsoft Word dialog box informing you it is connecting to the server will display.
28. After the dialog box closes, click Protect Document and Restrict Access, and then click
Restricted Access.
29. In the Permission dialog box, enable Restrict Permission to this document.
30. In the Read text box, type [email protected], and then click OK.
31. Click Save.

32. In the Save As dialog box, click the Browse icon.
33. In the File name text box, type \\lon-svr1\docshare\ExecutivesOnly.docx, and then click Save.

34. Close Word.

35. Click to the Start screen, click the Aidan Delaney icon, and then click Sign out.
► Task 2: Verify internal access to protected content
1. Sign in to LON-CL1 as Adatum\Bill using the password Pa$$w0rd.
4. In the URL text box, type http://adrms.adatum.com, click the arrow immediately to the right of
the URL text box.



13. In the File Explorer window, navigate to \\lon-svr1\docshare.
14. In the docshare folder, double-click the ExecutivesOnly document.

15. In the First things first dialog box, select the Ask me later radio button, and then click Accept.
• In the Office dialog box, click the letter X in the far upper right.
16. When the document opens, verify that you are unable to modify or save the document.
17. Select a line of text in the document.
18. Right-click the text, and verify that you cannot make changes.
19. Click View Permission on the yellow bar, review the permissions, and then click OK.
20. Close Word.
21. Click to the Start screen, click the Bill Malone icon, and then click Sign out.
Entregable 6. Capture la pantalla que muestre los permisos sobre el documento protegido.

► Task 3: Open the rights-protected document as an unauthorized user

1. Sign in to LON-CL1 as Adatum\Carol using the password Pa$$w0rd.
3. Open Internet Explorer. Close any warnings about add-ons.
4. In the URL text box, type http://adrms.adatum.com, and then click the arrow immediately to the
right of the URL text box.

14. In the docshare folder, double-click the Executives Only document.
15. Verify that Carol is unable to open the document. You will receive a message with option to
Change User or request access.

16. Click No.

17. Select Ask me later, click Accept, and then select the X in the far upper right of the Microsoft
Office window.
18. Close Word.
19. Click to the Start screen, click the Carol Troup icon, and then click Sign out.
Entregable 7. Capture la pantalla que muestre el mensaje al acceder al documento protegido.
► Task 4: Open and edit the rights-protected document as an authorized user at Trey Research
1. Sign in to LON-CL1 as Adatum\Aidan using the password Pa$$w0rd.
2. On the Start screen, type Word. In the Results area, click Word 2013.
3. In Word, click Blank document.
4. In the Word document, type the following text:
This document is for Trey Research only, it should not be modified.
5. Click File, click Protect Document, click Restrict Access, and then click Connect to Digital
Rights Management Servers and get templates.
6. In the Permission dialog box, enable Restrict Permission to this document.
7. In the Read text box, type [email protected], click OK, click Save, and then click Browse.

8. In the Save As dialog box, save the document to the \\lon-svr1\docshare location as
TreyResearch-Confidential.docx. Close Word.

9. Click to the Start screen, click the Aidan Delaney icon, and then click Sign Out.
10. Sign on to Trey-CL1 as TREYRESEARCH\administrator with a password of Pa$$w0rd.
12. On the taskbar, click the File Explorer icon
13. In File Explorer, right-click This PC, and then select Properties
14. In the System window, in the console tree, select Remote settings.
15. Select the Select Users button.
16. Click the Add button.
17. In the Select Users and Groups, pop-up, in the Enter the object names to select text box, type
April, and then click OK three times.
18. On the taskbar, click the Windows start icon.

19. On the Start screen, click Administrator, and then click Sign out.
20. Sign in to TREY-CL1 as TREYRESEARCH\APRILwith the password Pa$$w0rd.
23. In the URL text box, type http://adrms.treyresearch.net, and then click the arrow immediately to
the right of the URL text box.

33. In the Windows Security dialog box, enter the following credentials, and then click OK:
 Username: Adatum\Administrator

34. Copy the file TreyResearch-Confidential.docx to the desktop.
35. Open the file TreyResearch-Confidential.docx.

36. In the Active Directory Rights Management Services pop-up, click OK.

37. If the First things first page opens, click the Use recommend settings radio button and then
click Accept.
38. When the document opens, verify that you are unable to modify or save the document.
39. Select a line of text in the document and verify that you cannot make any changes.
40. Right-click the text, and verify that you cannot make changes.
41. Click View Permission, review the permissions, and then click OK.
Entregable 8. Capture la pantalla que muestre el mensaje al acceder al documento protegido.
Results: After completing this exercise, you should have verified that the AD RMS deployment is
successful

► Task 5: To Prepare for the Next Module
1. Volver el estado de las máquinas virtuales al “snapshot” creado antes de iniciar el laboratorio.
Conclusiones:
Indicar las conclusiones que llegó después de los temas tratados de manera práctica en este
laboratorio.

Lab 13 - Implementación de AD RMS

Cargado por

Copyright:

Formatos disponibles

Lab 13 - Implementación de AD RMS

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Lab 13 - Implementación de AD RMS

Cargado por

Copyright:

Formatos disponibles

ADMINISTRACIÓN DE SISTEMAS OPERATIVOS

CODIGO DEL CURSO: C33366

REDES Y COMUNICACIONES DE DATOS

Laboratorio 13: Implementación de AD RMS

 Una computadora con:

Guía de Laboratorio Pág. 2

Debido a la naturaleza de alta confidencialidad en las investigaciones realizadas en A. Datum, el equipo

Guía de Laboratorio Pág. 3

EJERCICIO 1: Instalando y configurando AD RMS

El primer paso en la implementación de AD RMS es implementar un servidor en un cluster AD RMS.

Las principales tareas para este ejercicio son las siguientes:

Task 1: Configure DNS and configure an AD RMS service account

Guía de Laboratorio Pág. 4

11. Double-click the Managers OU.

Guía de Laboratorio Pág. 5

15. Close the Active Directory Administrative Center.

Guía de Laboratorio Pág. 6

20. Click OK, and then click Done.

Guía de Laboratorio Pág. 7

7. In Server Manager, click the AD RMS node.

Guía de Laboratorio Pág. 8

Guía de Laboratorio Pág. 9

Guía de Laboratorio Pág. 10

Note: The installation may take several minutes.

► Task 3: Configure the AD RMS Super Users group

Guía de Laboratorio Pág. 11

5. In the Actions pane, click Enable Super Users.

6. In the Super Users area, click Change super user group.

Guía de Laboratorio Pág. 12

Guía de Laboratorio Pág. 13

EJERCICIO 2: Configurando plantillas AD RMS

Las principales tareas para este ejercicio son las siguientes:

► Task 1: Configure a new rights policy template

Guía de Laboratorio Pág. 14

Entregable 2. Capture la pantalla que muestre la plantilla creada.

Guía de Laboratorio Pág. 15

► Task 2: Configure the rights policy template distribution

Guía de Laboratorio Pág. 16

6. To exit Windows PowerShell, type exit.

Guía de Laboratorio Pág. 17

11. On the taskbar, click the File Explorer icon.

Guía de Laboratorio Pág. 18

► Task 3: Configure an exclusion policy

Guía de Laboratorio Pág. 19

Entregable 3. Capture la pantalla que las exclusiones creadas.

Guía de Laboratorio Pág. 20

EJERCICIO 3: Implementación de las directivas de confianza de AD RMS

Las principales tareas para este ejercicio son las siguientes:

► Task 1: Export the Trusted User Domains policy

4. Close the Windows PowerShell window.

Guía de Laboratorio Pág. 21

8. Sign in to TREY-DC1 with the TREYRESEARCH\Administrator account and the password

Guía de Laboratorio Pág. 22

13. On TREY-DC1, on the taskbar, click the Windows PowerShell icon.

Guía de Laboratorio Pág. 23

► Task 2: Export the Trusted Publishing Domains policy

Guía de Laboratorio Pág. 24

Guía de Laboratorio Pág. 25

Guía de Laboratorio Pág. 26