05 active directory rights management services
-
Upload
gonzalo-santiago -
Category
Education
-
view
267 -
download
3
Transcript of 05 active directory rights management services
![Page 1: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/1.jpg)
Christopher Chapman | MCTContent PM, Microsoft Learning, PDG Planning , Microsoft
Understanding Active Directory
![Page 2: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/2.jpg)
Click to edit Master subtitle style
Microsoft Virtual Academy
Active Directory Rights Management Services (AD RMS)
![Page 3: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/3.jpg)
Module Overview
• AD RMS Overview
• Understanding AD RMS
• Managing AD RMS
![Page 4: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/4.jpg)
Lesson 1: AD RMS Overview
• Overview of AD RMS
• How AD RMS Works
• Options for Using AD RMS
![Page 5: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/5.jpg)
Overview of AD RMS
AD RMS can be used to: Restrict access to an organization’s intellectual property
Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use
Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use
Limit the actions users can perform on content
Limit the risk of content being exposed outside the organization
![Page 6: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/6.jpg)
How AD RMS Works
RMS Server
Information Author
Recipient
11
22 33
55
44
![Page 7: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/7.jpg)
Options for Using AD RMS
Action Application Features
Protect Sensitive Files
Microsoft® Office:• Word• Excel® • PowerPoint®
• Set rights (View, Change, Print)• Set validity period
Do-Not-Forward/Print E-mail
Microsoft Office Outlook®
• Help protect sensitive e-mail from being sent to the Internet
• Help protect confidential e-mail from being taken outside of the company
Help Safeguard Intranet Content
• Internet Explorer®
• Microsoft Office SharePoint® Services
Help safeguard intranet content by restricting access to:
View Change Print
Identity Federation Support
All RMS-enabled applications
Help safeguard data across AD FS trusts
![Page 8: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/8.jpg)
Lesson 2: Understanding AD RMS
• AD RMS Components
• AD RMS Certificates and Licenses
• How AD RMS Secures Content
• How AD RMS Restricts Access to Data
• Demonstration: How AD RMS Works
![Page 9: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/9.jpg)
AD RMS Components
AD RMS Server
Recipient
Active Directory Domain Controller
SQL Server
Information Author
RMS Enabled Application
![Page 10: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/10.jpg)
AD RMS Certificates and Licenses
AD RMS Certificates and Licenses include: Lockbox
Machine certificate
Rights account certificate
Client licensor certificate
Publishing license
Use license
Revocation list
![Page 11: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/11.jpg)
How AD RMS Protects Content
AD RMS Server
Information Author
Recipient
SQL Server
RMS-enabled Application
Active Directory Domain Controller
33
11
44
22
![Page 12: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/12.jpg)
How AD RMS Restricts Access to Data
AD RMS Server
Information Author
Recipient
SQL Server
33
1155
22
44
Active Directory Domain Controller
RMS-enabled Application
![Page 13: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/13.jpg)
Demonstration: Installing AD RMS
In this demonstration, you will see how to install AD RMS
![Page 14: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/14.jpg)
Lesson 3: Managing AD RMS
• AD RMS Server Role Installation Overview
• Demonstration: AD RMS Management Console
• What Are Exclusion Policies?
• What Are Rights Policy Templates?
![Page 15: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/15.jpg)
AD RMS Server Role Installation Overview
Installation Requirements:
Additional Roles required:Web Server (IIS)
Windows Process Activation Service (WPAS)
Message Queuing
Windows Internal Database
Service Account
Microsoft SQL Server
The server must be a member of the domain
![Page 16: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/16.jpg)
Demonstration: AD RMS Management Console• In this demonstration, you will see the AD RMS
Management Console
![Page 17: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/17.jpg)
What Are Exclusion Policies?
Exclusion can be enabled by: User ID
Public Key String
Application by version
Lockbox Version
Windows Version
Exclusion policies prevent users, applications, lockboxes, and operating systems from acquiring certificates and licenses from servers in the cluster
Exclusion policies prevent users, applications, lockboxes, and operating systems from acquiring certificates and licenses from servers in the cluster
![Page 18: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/18.jpg)
What Are Rights Policy Templates?
Administrators can use rights policy templates to:
Templates are defined for each language to be supported
Rights policy templates provide a manageable, consistent way for workers to apply predefined policies to informationRights policy templates provide a manageable, consistent way for workers to apply predefined policies to information
Apply expiration policies for content and licenses
Set extended policies that:Allow content to be viewed in a browser
Disable client-side caching of use licenses
Set revocation policies to enable content rights to be revoked
![Page 19: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/19.jpg)
Module Review and Takeaways
• Review Questions
• Summary of AD RMS
![Page 20: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/20.jpg)
Thanks for Watching!
![Page 21: 05 active directory rights management services](https://reader034.fdocuments.net/reader034/viewer/2022052506/556bfa57d8b42a6d768b48af/html5/thumbnails/21.jpg)
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.