Configure Active Directory Rights Management Service (AD RMS) in Windows Server 2022
Donate Us : paypal.me/MicrosoftLab
Configure Active Directory Rights Management Service AD RMS in Windows Server 2022
1. Prepare
DC1 : Domain Controller Yi.vn | DC2 : Exchange Server
DC23 : Domain Member install AD RMS server | DC24 : Domain Memberinstall Certificate Server
WIN101, WIN102 : Clients | Turn off Firewall local at all
2. Step by step : Configure Active Directory Rights Management Service AD RMS on DC23
DC1 : Create a new user named rmsservices service account
DC24 : Install Certificate service and create a template named SSL for Web Server
DC23 : Install and Configure Active Directory Rights Management Service AD RMS
Start - mmc - File - Add/Remove Snap-in... - Certificates - Add- Computer account - Right-click Personal - All Tasks - Request New Certificate... maybe need restart server
Select SSL - Click "More information is required to enroll ..." - Subject tab - Subject name : Type : Common name, Value : DC23 - Add
Alternative name : Type : DNS, Value : DC23.Yi.vn - Add - Enroll
Server Manager - Manage - Add Roles and Features - Next to "Server Roles" : Select "Active Directory Rights Management Services" - Add Features - Next to Install
Click Notifications - Perform additional configuration - Configuration Database : Choose "Use Windows Internal Database on this server" - Service Account : Yi\rmsservices
Cluster Key Password : Enter password - Cluster Address : Choose "Use SSL-encrypted connection https://", Fully-Qualified Domain Name : https://DC23.Yi.vn
Server Certificate : Choose "Choose an existing certificate for SSL encryption recommended" - Next to Install - Restart server
Server Manager - Tools - Internet Information Services IIS Manager - DC23 - Sites - Default Web Site - Bindings... - https - Edit... - SSL certificate : Choose DC23
Default Web Site - _wmcs, certification, licensing - Authentication - Anonymous Authentication : Enable
Default Web Site - _wmcs - Right-click certification - Switch to content view - Right-click ServerCertification.asmx - Edit Permission... - Security tab - Edit...
Add... - DC2, exchange servers, rmsservices
Right-click ServiceLocator.asmx - Switch to Features View - Authentication - Right-click "Anonymous Authencation" : Disable
Create and share a folder named Policy with network shared \\DC23\Policy
Server Manager - Tools - Active Directory Rights Management Services - DC23.Yi.vn Local - Enable : Users, Applications, Super Users
Rights Policy Tempaltes :
Create distributed rights policy template :
1. Add Template Identifica... - Add - Name : Prevent Print, Description : Prevent Print - Add
2. Add User Rights - Users ans rights - Add... [email protected], [email protected] - Rights : Tick all eliminate Full Control and Print
4. Specify Extended Policy - Select "Enable users to view protected content using a browser add-on" ---- Finish
Change distributed rights policy templates file location - Select "Enable export" - Specify templates file location UNC : \\DC23\Policy
DC2 : Create mail group and set AD RMSconfigure
Start - Exchange Management shell, Type :
New-DistributionGroup -Name "RMSSuper" -OrganizationalUnit "Yi.vn/users" -SAMAccountName "RMSSuper" -Type "Distribution" # Create a mail group named RMSSuper
Add-DistributionGroupMember RMSsuper -Member FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 # Add account Federat... to RMSSuper
DC23 : Active Directory Rights Management Services - DC23.Yi.vn Local - Security Policies - Super Users - Change super user group - Super user group : [email protected]
DC2 : Restart and set IRM
Start - Exchange Management shell, Type :
Get-IRMConfiguration # Show IRMConfiguration
Set-IRMConfiguration -InternalLicensingEnabled $true # Set InternalLicensingEnabled to True
Test-IRMConfiguration -Sender [email protected] # Test send email
WIN101, WIN102 : Set Internet Explorer
Start - Internet Explorer - Tools - Internet options - Security tab - Trusted sites - Sites - Add this website to the zone : https://DC23.Yi.vn - Add
Security level for this zone : All - down to Low
WIN101 : Sign in Email using HiepIT account, test send normanl and using AD RMS to VietIT
WIN102 : Sign in Email using VietIT account, check email recived using AD RMS can not Print === OK
-----------------------------------------------------------******************** / microsoftlab ********************--------------------------------------------------------
Watch video Configure Active Directory Rights Management Service (AD RMS) in Windows Server 2022 online without registration, duration hours minute second in high quality. This video was added by user microsoft lab 21 January 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 4,153 once and liked it 10 people.