Configure Active Directory Rights Management Service (AD RMS) in Windows Server 2022
Donate Us : paypal.me/MicrosoftLab
Configure Active Directory Rights Management Service AD RMS in Windows Server 2022
1. Prepare
DC1 : Domain Controller Yi.vn | DC2 : Exchange Server
DC23 : Domain Member install AD RMS server | DC24 : Domain Memberinstall Certificate Server
WIN101, WIN102 : Clients | Turn off Firewall local at all
2. Step by step : Configure Active Directory Rights Management Service AD RMS on DC23
DC1 : Create a new user named rmsservices service account
DC24 : Install Certificate service and create a template named SSL for Web Server
DC23 : Install and Configure Active Directory Rights Management Service AD RMS
Start - mmc - File - Add/Remove Snap-in... - Certificates - Add- Computer account - Right-click Personal - All Tasks - Request New Certificate... maybe need restart server
Select SSL - Click "More information is required to enroll ..." - Subject tab - Subject name : Type : Common name, Value : DC23 - Add
Alternative name : Type : DNS, Value : DC23.Yi.vn - Add - Enroll
Server Manager - Manage - Add Roles and Features - Next to "Server Roles" : Select "Active Directory Rights Management Services" - Add Features - Next to Install
Click Notifications - Perform additional configuration - Configuration Database : Choose "Use Windows Internal Database on this server" - Service Account : Yi\rmsservices
Cluster Key Password : Enter password - Cluster Address : Choose "Use SSL-encrypted connection https://", Fully-Qualified Domain Name : https://DC23.Yi.vn
Server Certificate : Choose "Choose an existing certificate for SSL encryption recommended" - Next to Install - Restart server
Server Manager - Tools - Internet Information Services IIS Manager - DC23 - Sites - Default Web Site - Bindings... - https - Edit... - SSL certificate : Choose DC23
Default Web Site - _wmcs, certification, licensing - Authentication - Anonymous Authentication : Enable
Default Web Site - _wmcs - Right-click certification - Switch to content view - Right-click ServerCertification.asmx - Edit Permission... - Security tab - Edit...
Add... - DC2, exchange servers, rmsservices
Right-click ServiceLocator.asmx - Switch to Features View - Authentication - Right-click "Anonymous Authencation" : Disable
Create and share a folder named Policy with network shared \\DC23\Policy
Server Manager - Tools - Active Directory Rights Management Services - DC23.Yi.vn Local - Enable : Users, Applications, Super Users
Rights Policy Tempaltes :
Create distributed rights policy template :
1. Add Template Identifica... - Add - Name : Prevent Print, Description : Prevent Print - Add
2. Add User Rights - Users ans rights - Add... [email protected], [email protected] - Rights : Tick all eliminate Full Control and Print
4. Specify Extended Policy - Select "Enable users to view protected content using a browser add-on" ---- Finish
Change distributed rights policy templates file location - Select "Enable export" - Specify templates file location UNC : \\DC23\Policy
DC2 : Create mail group and set AD RMSconfigure
Start - Exchange Management shell, Type :
New-DistributionGroup -Name "RMSSuper" -OrganizationalUnit "Yi.vn/users" -SAMAccountName "RMSSuper" -Type "Distribution" # Create a mail group named RMSSuper
Add-DistributionGroupMember RMSsuper -Member FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 # Add account Federat... to RMSSuper
DC23 : Active Directory Rights Management Services - DC23.Yi.vn Local - Security Policies - Super Users - Change super user group - Super user group : [email protected]
DC2 : Restart and set IRM
Start - Exchange Management shell, Type :
Get-IRMConfiguration # Show IRMConfiguration
Set-IRMConfiguration -InternalLicensingEnabled $true # Set InternalLicensingEnabled to True
Test-IRMConfiguration -Sender [email protected] # Test send email
WIN101, WIN102 : Set Internet Explorer
Start - Internet Explorer - Tools - Internet options - Security tab - Trusted sites - Sites - Add this website to the zone : https://DC23.Yi.vn - Add
Security level for this zone : All - down to Low
WIN101 : Sign in Email using HiepIT account, test send normanl and using AD RMS to VietIT
WIN102 : Sign in Email using VietIT account, check email recived using AD RMS can not Print === OK
-----------------------------------------------------------******************** / microsoftlab ********************--------------------------------------------------------
Смотрите видео Configure Active Directory Rights Management Service (AD RMS) in Windows Server 2022 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь microsoft lab 21 Январь 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 4,153 раз и оно понравилось 10 людям.