http://itnews.com.vn/news/3/7069/cau-hinhdich-vu-active-directory-rightmanagement.htm
Cu hnh dch v Active Directory Right ManagementActive Directory
Rights Management Services (AD RMS) l mt nh dng v dch v ng dng c
thit k bo v thng tin bng cch rn e ngi dng v chia s thng tin vi nhng
ngi tri php. AD RMS bo v thng tin khi n c kt ni v khi n khng c kt
ni vi mng cng ty. Mt chnh sch s dng c rng buc vi cc mc bo v khng c
vn m n i cc quyn c thc thi m bo rng ch nhng ngi nhn y quyn c th
truy cp vo ni dung chnh sch. C th gii hn ngi dng nh xem, sao chp,
chuyn tip v in n. Bn c th trin khai AD RMS trong mt my ch c lp hoc
mt nhm. iu ny cho php bn linh hot bt u vi mt cu hnh c bn v quy m x
l mt khi lng ln hn ca vic s dng hoc thc hin d phng khi cn thit. Trc
khi bn ci t AD RMS trn Windows Server 2008, bn s cn phi ci t NET
Framework 3.0. Do vy, bn khng th ci t AD RMS trn mt my tnh ci t
Windows 2008 Server Core. ci t AD RMS bn thc hin cc bc sau: 1. M
Server manager, chn Role sau click Add Roles.
2.
Trong Add roles Wizard, trang Before you begin, click Next.
3. trang Server Roles bn la chn Active Directory Rights
management Services v click Next.
4. trang Active Directory Rights management services cung cp cho
bn mt m t ngn gn v vai tr cng vi mt s lu quan trng v lin kt n thng
tin v vai din ny. Nu y l ln u tin bn thit lp vai tr AD RMS bn nn c
nhng ghi chp ny. Nhn Next tip tc.
5. trang Role Services bn s c nhc yu cu ci t hai thnh phn sau:
a. Active Directory Rights Management Server: Thnh phn my ch chnh,
yu cu cho my ch u tin ca bn. b. Identity Federation Support: cho
php AD RMS lm vic vi AD FS cho php ngi s dng t cc t chc khc tham
gia vo dch v AD RMS. Bn cu hnh mc nh v click Next.
6. trang AD RMS cluster bn la chn Create a New AD RMS cluster v
click Next.
7. Ti trang Configuration Database, la chn Use Windows Internal
Database on this server v click Next.
8. Trn trang Services Account, la chn ti khon ca domain vi quyn
ti thiu v click Next.
9. trang Cluster Key Storage, la chn Use AD RMS Centrally
Managed Key Storage v click Next.
Trang Cluster Key Storage 10. trang Cluster Key Password, bn
cung cp mt khu ca Cluster v click Next. 11. Tip theo Cluster Web
Site, bn la chn Website s l host ca AD RMS v click Next. 12. Ti
trang Licensor Certificate Name cung cp tn ca chng ch v click Next.
13. trang SCP Registration, bn cu hnh mc nh v click Next.
14.
cu hnh mc nh ca Web Server (IIS) v click Next.
15. Tip theo trang Configuration, bn xem li cc phn chn v click
Next. 16. Cui cng l trang Results cho php bn xem li kt qu, thnh cng
hay li ca qu trnh ci t. Click Close.
Mt khi bn ci t AD RMS, bn c th nhanh chng v d dng kim tra kt ni
n AD RMS bng cch s dng my tnh bn chy Windows Vista Office 2007
Professional Edition. Nh chng ti hng dn bi Kim tra dch v AD
RMS.http://www.youcourse.net/microsoft-lab/windows-server/active-directoy-rights-managementservices-ad-rms.html
Active Directoy Rights Management Services (AD RMS)Written by
Bin Nhox Pro
font size In E-mail Be the first to comment!
Windows Server 2008 tch hp sn dch v Active Directoy Rights
Management Services (AD RMS). AD RMS c chc nng phn quyn trn ti
nguyn (document, e-mail.) - Cc loi d liu h tr quyn ca AD RMS gm: MS
Word, MS Excel, MS Power Point, MS Outlook phin bn 2003 v 2007. II.
Chun b
- Mt my Windows Server 2008 nng cp Domain Controller - Ci t
Microsoft Office 2007 - To ln lt cc users trong bng sau:
User name
Password
RMSAdmin
P@ssword
U1
P@ssword
U2
P@ssword
-
Cho user RMSAdmin lm thnh vin ca group Domain Admins
M Properties Administrator, in thm thng tin E-mail l
[email protected]
M Properties user U1, in thm thng tin E-mail l
[email protected]
M Properties user U2, in thm thng tin E-mail l
[email protected]
III. Thc hin 1. Ci t RMS
M Server Manager t Administrative Tools, chut phi Roles, chn Add
Roles
-
Trong ca s Before You Begin, chn Next
Ca s Select Server Roles, nh du chn vo Active Directory Rights
Management Services
-
Trong hp thoi Add Roles Wizard chn Add Required Features
-
Ca s Select Server Roles, chn Next
-
Ca s Active Directory Rights Management Services , chn Next
Ca s Select Role Services, kim tra c nh du chn Active Directory
Rights Management Server, chn Next
-
Ca s Create or Join an AD RMS Cluster, chn Next
-
Ca s Select Configuration Database, chn Next
-
Ca s Specify Service Account, chn Specify
Ca s Add Roles Wizard, nhp user RMSAdmin password P@ssword, chn
OK
-
Ca s Specify Service Account, chn Next
- Ca s Configure AD RMS Cluster Key Storage, chn Use AD RMS
centrally managed key storage, chn Next
Ca s Specify AD RMS Cluster Key Password, nhp P@ssword vo
Password v Confirm Password, chn Next
Ca s Select AD RMS Cluster Web Site, chn Default Web Site, chn
Next
Ca s Specify Cluster Address, chn Use an SSL-encrypted
connection (https://), nhp tn server PC01.MSOpenLab.com vo
Fully-Qualified Domain Name, chn Validate, chn Next
Ca s Choose a Server Authentication Certificate for SSL
Encryption , chn Create a self-signed certificate for SSL
encryption , chn Next
-
Ca s Name the Server Licensor Certificate, chn Next
Ca s Register AD RMS Service Connection Point , chn Register the
AD RMS service connection point now, chn Next
-
Ca s Web Server (IIS), chn Next
-
Ca s Select Role Servics, chn Next
-
Ca s Confirm Installation Selections, chn Install
-
Sau khi ci t thnh cng, ca s Installation Results, chn Close
Lu : Sau khi ci t thnh cng phi restart my. 2. Cu hnh RMS M
Active Directory Rights Management Services t Administrative Tools
Trong hp thoi Seciurity Alert, chn View Certificate
-
Ca s Certificate, chn Install Certificate
-
Ca s Welcome to the Certificate Import Wizard, chn Next
Ca s Certificate Store, chn Place all certificate in the
following store, trong Certificate store, tr ng dn n Trusted Root
Certification Authorities, chn Next
-
Ca s Completing the Certificate Import Wizard, chn Finish
- Trong hp thoi Security Warning, chn Yes
-
Hp thoi Certificate Import Wizard, chn OK
Trong ca s Active Directory Rights Management Services, bung RMS
server (vd: PC01.msopenlab.com), kim tra cu hnh RMS thnh cng
3. -
Phn quyn trn ti nguyn M Windows Exprorer, to file
C:\Data\tailieu.doc c ni dung ty .
M file tailieu.doc, click vo biu tng , chn Prepare, chn Retrict
Permission, chn Restricted Access, trong ca s chng thc nhp User
name MSOpenLab\Administrator password P@ssword Ca s Permission, add
U1 vo Read, U2 vo Change, chn OK
4.
Kim tra quyn
-
Log on user U1 password P@ssword
M Windows Explorer, vo C:\Data m tailieu.doc, ca s chng thc nhp
user U1 password P@ssword, chn OK
-
Hp thoi Security Alert, chn Yes
-
Hp thoi Microsoft Office chn OK
Ca s Microsoft Word, ti thanh Restricted Access chn View
Permission
-
Kim tra quyn ca U1 trn tailieu.doc
Tng t nh cc bc trn, logon user U2 password P@ssword, vo C:\Data
m file tailieu.doc Trong hp thoi chng thc, nhp user U2 password
P@ssword
Ca s Microsoft Word, ti thanh Restricted Access chn View
Permission
-
Kim tra quyn ca U2 trn tailieu.doc
Theo msopenlab
ACTIVE DIRECTORY RIGHTS MANAGEMENT SERVICES (AD RMS) Sau khi hon
thnh xong bi lab ny, bn s lm c: - Cho user xem c ti liu nhng khng
cho copy - Cho user xem c ti liu nhng khng cho in - Cho user xem ni
dung email nhng khng cho copy, in hoc forward mailBi vit c cung cp
bi MCT TRN THY HONG I. Gii thiu: - Windows Server 2008 tch hp sn
dch v Active Directoy Right Management Services (AD RMS). AD RMS c
chc nng phn quyn trn ti nguyn (document, e-mail.) - Cc loi d liu h
tr quyn ca AD RMS gm: MS Word, MS Excel, MS Power Point, MS Outlook
phin bn 2003 v 2007. - Mc ch bi lab l hng dn ci t v cu hnh AD RMS.
Bi lab gm cc bc: 1. Ci t RMS 2. Cu hnh RMS 3. Phn quyn trn ti nguyn
4. Kim tra quyn II. Chun b: - Mt my Windows Server 2008 nng cp
Domain Controller (trong bi lab s dng MS Virtual PC) - M Microsoft
Virtual PC, khi ng my o WIN2K3_DC, log on
[email protected] password P@ssword - To ln lt cc users
trong bng sau: RMSAdmin/P@ssword U1/P@ssword U2/P@ssword - Cho user
RMSAdmin lm thnh vin ca group Domain Admins - M Properties user
Administrator, in thm thng tin E-mail l [email protected]
- M Properties user U1, in thm thng tin E-mail l [email protected]
- M Properties user U2, in thm thng tin E-mail l [email protected]
III. Thc hin: 1. Ci t RMS - M Server Manager t Administrative
Tools, chut phi Roles, chn Add Roles Hnh nh ny c thay i kch thc.
Click vo y xem hnh nh gc vi kch thc l 877x518 v dung lng l 53KB
- Trong ca s Before You Begin, chn Next Hnh nh ny c thay i kch
thc. Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l
33KB
- Ca s Select Server Roles, nh du chn vo Active Directory Rights
Management Services Hnh nh ny c thay i kch thc. Click vo y xem hnh
nh gc vi kch thc l 780x587 v dung lng l 32KB
- Trong hp thoi Add Roles Wizard chn Add Required Features Hnh
nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc l
625x356 v dung lng l 30KB
- Ca s Select Server Roles, chn Next Hnh nh ny c thay i kch thc.
Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l 41KB
- Ca s Active Directory Rights Management Services, chn Next Hnh
nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc l
780x587 v dung lng l 53KB
- Ca s Select Role Services, kim tra c nh du chn Active
Directory Rights Management Server, chn Next Hnh nh ny c thay i kch
thc. Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l
38KB
- Ca s Create or Join an AD RMS Cluster, chn Next Hnh nh ny c
thay i kch thc. Click vo y xem hnh nh gc vi kch thc l 780x587 v
dung lng l 45KB
- Ca s Select Configuration Database, chn Next Hnh nh ny c thay
i kch thc. Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng
l 40KB
- Ca s Specify Service Account, chn Specify Hnh nh ny c thay i
kch thc. Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l
37KB
- Ca s Add Roles Wizard, nhp user RMSAdmin password P@ssword,
chn OK
- Ca s Specify Service Account, chn Next Hnh nh ny c thay i kch
thc. Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l
38KB
- Ca s Configure AD RMS Cluster Key Storage, chn Use AD RMS
centrally managed key storage, chn Next Hnh nh ny c thay i kch thc.
Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l 47KB
- Ca s Specify AD RMS Cluster Key Password, nhp P@ssword vo
Password v Confirm Password, chn Next Hnh nh ny c thay i kch thc.
Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l 40KB
- Ca s Select AD RMS Cluster Web Site, chn Default Web Site, chn
Next Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch
thc l 780x587 v dung lng l 34KB
- Ca s Specify Cluster Address, chn Use an SSL-encrypted
connection (https://), chn Next Hnh nh ny c thay i kch thc. Click
vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l 52KB
- Ca s Choose a Server Authentication Certificate for SSL
Encryption, chn Create a self-signed certificate for SSL
encryption, chn Next
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc
l 780x587 v dung lng l 60KB
- Ca s Name the Server Licensor Certificate, nhp tn my Server
(vd: PCxx)vo Name, chn Next Hnh nh ny c thay i kch thc. Click vo y
xem hnh nh gc vi kch thc l 780x587 v dung lng l 33KB
- Ca s Register AD RMS Service Connection Point, chn Register
the AD RMS service connection point now, chn Next
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc
l 780x587 v dung lng l 45KB
- Ca s Web Server (IIS), chn Next Hnh nh ny c thay i kch thc.
Click vo y xem hnh nh gc vi kch thc l 780x587 v dung lng l 54KB
- Ca s Select Role Servics, chn Next Hnh nh ny c thay i kch thc.
Click vo y xem hnh
nh gc vi kch thc l 780x587 v dung lng l 48KB
- Ca s Confirm Installation Selections, chn Install
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc
l 780x587 v dung lng l 54KB
- Sau khi ci t thnh cng, ca s Installation Results, chn
Close
Lu : Sau khi ci t thnh cng phi restart my. 2. Cu hnh RMS - M
Active Directory Rights Management Services t Administrative Tools
- Trong hp thoi Seciurity Alert, chn View Certificate
- Ca s Certificate, chn Install Certificate
- Ca s Welcome to the Certificate Import Wizard, chn Next Hnh nh
ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc l 503x453
v dung lng l 22KB
- Ca s Certificate Store, chn Place all certificate in the
following store, trong Certificate store, tr ng dn n Trusted Root
Certification Authorities, chn Next Hnh nh ny c thay i kch thc.
Click vo y xem hnh nh gc vi kch thc l 503x453 v dung lng l 22KB
- Ca s Completing the Certificate Import Wizard, chn Finish Hnh
nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc l
503x453 v dung lng l 19KB
- Trong hp thoi Security Warning, chn Yes
- Hp thoi Certificate Import Wizard, chn OK
- Trong ca s Active Directory Rights Management Services, bung
RMS server (vd: PC01.msopenlab.com), kim tra cu hnh RMS thnh cng.
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc l
815x463 v dung lng l 51KB
3. Phn quyn trn ti nguyn - M Windows Exprorer, to file
C:\Data\tailieu.doc c ni dung ty .
- M file tailieu.doc, click vo biu tng , chn Prepare, chn
Retrict Permission, chn Restricted Access - Ca s Permission, add U1
vo Read, U2 vo Change, chn OK
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc
l 740x561 v dung lng l 40KB
4. Kim tra quyn - Log on user U1 password P@ssword - M Windows
Explorer, vo C:\Data m tailieu.doc, ca s chng thc nhp user U1
password P@ssword, chn OK
- Hp thoi Security Alert, chn Yes
- Hp thoi Microsoft Office chn OK
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc
l 560x176 v dung lng l 12KB
- Ca s Microsoft Word, ti thanh Restricted Access chn View
Permission
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc
l 761x561 v dung lng l 38KB
- Kim tra quyn ca U1 trn tailieu.doc
- Tng t nh cc bc trn, logon user U2 password P@ssword, vo
C:\Data m file tailieu.doc - Trong hp thoi chng thc, nhp user U2
password P@ssword
- Ca s Microsoft Word, ti thanh Restricted Access chn View
Permission
Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc
l 790x553 v dung lng l 44KB
- Kim tra quyn ca U2 trn tailieu.doc
Active Directoy Rights Management Services (AD RMS)Vit bi Trn
Thy Hong Ch nht, 13 Thng 4 2008 00:00
Windows Server 2008 tch hp sn dch v Active Directoy Rights
Management Services (AD RMS). AD RMS c chc nng phn quyn trn ti
nguyn (document, e-mail.) - Cc loi d liu h tr quyn ca AD RMS gm: MS
Word, MS Excel, MS Power Point, MS Outlook phin bn 2003 v 2007.
II.
Chun b
- Mt my Windows Server 2008 nng cp Domain Controller - Ci t
Microsoft Office 2007 - To ln lt cc users trong bng sau:
User name RMSAdmin U1 U2
Password P@ssword P@ssword P@ssword
-
Cho user RMSAdmin lm thnh vin ca group Domain Admins M
Properties Administrator, in thm thng tin E-mail l
[email protected]
-
M Properties user U1, in thm thng tin E-mail l
[email protected]
-
M Properties user U2, in thm thng tin E-mail l
[email protected]
III. Thc hin 1. Ci t RMS M Server Manager t Administrative
Tools, chut phi Roles, chn Add Roles
-
Trong ca s Before You Begin, chn Next
-
Ca s Select Server Roles, nh du chn vo Active Directory Rights
Management Services
-
Trong hp thoi Add Roles Wizard chn Add Required Features
-
Ca s Select Server Roles, chn Next
-
Ca s Active Directory Rights Management Services, chn Next
-
Ca s Select Role Services, kim tra c nh du chn Active Directory
Rights Management Se
-
Ca s Create or Join an AD RMS Cluster, chn Next
-
Ca s Select Configuration Database, chn Next
-
Ca s Specify Service Account, chn Specify
-
Ca s Add Roles Wizard, nhp user RMSAdmin password P@ssword, chn
OK
-
Ca s Specify Service Account, chn Next
- Ca s Configure AD RMS Cluster Key Storage, chn Use AD RMS
centrally managed key storag
-
Ca s Specify AD RMS Cluster Key Password, nhp P@ssword vo
Password v Confirm P
-
Ca s Select AD RMS Cluster Web Site, chn Default Web Site, chn
Next
Ca s Specify Cluster Address, chn Use an SSL-encrypted
connection (https://), nhp tn ser vo Fully-Qualified Domain Name,
chn Validate, chn Next
Ca s Choose a Server Authentication Certificate for SSL
Encryption, chn Create a self-sign encryption, chn Next
-
Ca s Name the Server Licensor Certificate, chn Next
-
Ca s Register AD RMS Service Connection Point, chn Register the
AD RMS service conne
-
Ca s Web Server (IIS), chn Next
-
Ca s Select Role Servics, chn Next
-
Ca s Confirm Installation Selections, chn Install
-
Sau khi ci t thnh cng, ca s Installation Results, chn Close
Lu : Sau khi ci t thnh cng phi restart my.
2. -
Cu hnh RMS M Active Directory Rights Management Services t
Administrative Tools Trong hp thoi Seciurity Alert, chn View
Certificate
-
Ca s Certificate, chn Install Certificate
-
Ca s Welcome to the Certificate Import Wizard, chn Next
Ca s Certificate Store, chn Place all certificate in the
following store, trong Certificate sto Trusted Root Certification
Authorities, chn Next
-
Ca s Completing the Certificate Import Wizard, chn Finish
- Trong hp thoi Security Warning, chn Yes
-
Hp thoi Certificate Import Wizard, chn OK
Trong ca s Active Directory Rights Management Services, bung RMS
server (vd: PC01.msope RMS thnh cng.
3. -
Phn quyn trn ti nguyn M Windows Exprorer, to file
C:\Data\tailieu.doc c ni dung ty .
M file tailieu.doc, click vo biu tng , chn Prepare, chn Retrict
Permission, chn Res chng thc nhp User name MSOpenLab\Administrator
password P@ssword Ca s Permission, add U1 vo Read, U2 vo Change,
chn OK
4.
Kim tra quyn
-
Log on user U1 password P@ssword
M Windows Explorer, vo C:\Data m tailieu.doc, ca s chng thc nhp
user U1 password P@
-
Hp thoi Security Alert, chn Yes
-
Hp thoi Microsoft Office chn OK
-
Ca s Microsoft Word, ti thanh Restricted Access chn View
Permission
-
Kim tra quyn ca U1 trn tailieu.doc
-
Tng t nh cc bc trn, logon user U2 password P@ssword, vo C:\Data
m file tailieu.doc
-
Trong hp thoi chng thc, nhp user U2 password P@ssword
-
Ca s Microsoft Word, ti thanh Restricted Access chn View
Permission
-
Kim tra quyn ca U2 trn tailieu.doc