Scribd
Upload
489 views17 pages

Step by Step How To Installing and Configuring AD RMS in Windows Server-Part-1 PDF

This document provides instructions for installing and configuring Active Directory Rights Management Services (AD RMS) in Windows Server 2016. It discusses why and when to use AD RMS to protect data in transit and at rest by controlling permissions and access for files and emails. The document outlines the steps to set up an AD RMS service account, create security groups, and configure rights policy templates to enforce consistent access policies across an organization. Templates can be used to grant standard permissions for viewing, editing, printing, forwarding or replying to protected content.

Uploaded by

Om Pal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
489 views17 pages

Step by Step How To Installing and Configuring AD RMS in Windows Server-Part-1 PDF

This document provides instructions for installing and configuring Active Directory Rights Management Services (AD RMS) in Windows Server 2016. It discusses why and when to use AD RMS to protect data in transit and at rest by controlling permissions and access for files and emails. The document outlines the steps to set up an AD RMS service account, create security groups, and configure rights policy templates to enforce consistent access policies across an organization. Templates can be used to grant standard permissions for viewing, editing, printing, forwarding or replying to protected content.

Uploaded by

Om Pal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Step by Step How to Installing and

Configuring AD RMS in Windows


Server 2016
Introduction
Active Directory Rights Management Services (AD RMS) Data leakage is the
unauthorized transmission of information – either to people within the organization or
people outside the organization – who should not be able to access that information.
One of the major advantages of using AD RMS over other security features such as
NTFS permission is that AD RMS permission travels along with the documents.

AD RMS integrates with existing Microsoft products and OS including Windows Server,
Exchange Server, SharePoint Server, Microsoft Office Suite and Microsoft Azure.

AD RMS can protect data in transit and at rest. For example, AD RMS can protect
documents that are sent as email messages by ensuring that a message cannot be
opened even if it is accidentally addressed to the wrong recipient.

When to use AD RMS?


For example, you Finance Manager copies a spreadsheet file containing the
compensation packages of an organization’s executives from a protected folder on a file
server to the Manager’s personal USB drive. During the commute home, the Manager
leaves the USB drive on the train, where someone with no connection to the
organization finds it. Without AD RMS, whoever finds the USB drive can open the file.
With AD RMS, it is possible to ensure that the file cannot be opened by unauthorized
users.

AD RMS uses rights policy templates to enforce a consistent set of policies to protect
content. When configuring AD RMS, you need to develop strategies to ensure that
users can still access protected content from a computer that is not connected to the AD
RMS cluster.

You also need to develop strategies for excluding some users from being able to access
AD RMS – protected content, and strategies to ensure that protected content can be
recovered in the event that it has expired, the template has been deleted, or if the
author of the content is no longer available.

Rights policy templates allow you to configure standard methods of


implementing AD RMS policies across the organization.
For example, you can configure standard templates that grant view-only rights,
block the ability to edit, save, and print, or if used with Exchange Server, block
the ability to forward or reply to messages.

AD RMS templates support the following rights:


Full Control: Gives a user full control over an AD RMS – protected document.

View: Gives a user the ability to view an AD RMS – protected document.

Edit: Allows a user to modify an AD RMS – protected document.

Save: Allows a user to use the Save function with an AD RMS – protected document.

Export: (Save as). Allows a user to use the Save As function with an AD RMS –
protected document.

Print: Allows an AD RMS – the protected document to be printed.

Forward: Used with Exchange Server. Allows the recipient of an AD RMS – protected
message to forward that message.

Reply: Used with Exchange Server. Allows the recipient of an AD RMS – protected
message to reply to that message.

Reply All: Used with Exchange Server. Allows the recipient of an AD RMS–protected
message to use the Reply All function to reply to that message.

Extract: Allows the user to copy data from the file. If this right is not granted, the user
cannot copy data from the file.

Allow Macros: Allows the user to utilize macros.

View Rights: Allows the user to view assigned rights.


Edit Rights: Allows the user to modify the assigned rights.

For this Demo, as usual, I still am using my existing small Infrastructure which is
DC_Server.NewHelpTech.lk and SUB_Server01.NewHelpTech.lk.

1 – Let’s start by Creating AD RMS Service Account on Domain Server (Service


account – Microsoft recommends using a standard domain user account with additional
permissions. You can use a managed service account as the AD RMS service account).
2 – On the DC-Server server, open Active Directory User & Computers and Create New
OU call Service Accounts.
3 – Next, Create New User call ADRMSVC with the complete password.
4 – Next, Create New Group in Users container call ADRMS_SuperUsers and Create
another Group call Executives.
5 – Next, Add few users to Executives group, for this Demo I choose My Four of my
HR users to join the Executive group.

You might also like