active directory rights management services
TRANSCRIPT
![Page 1: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/1.jpg)
ACTIVE DIRECTORY RIGHTS MANAGEMENT SERVICES (AD RMS)
Sau khi hoàn thành xong bài lab này, bạn sẽ làm được:- Cho user xem được tài liệu nhưng không cho copy- Cho user xem được tài liệu nhưng không cho in- Cho user xem nội dung email nhưng không cho copy, in hoặc forward mail
Bài viết được cung cấp bởi MCT TRẦN THỦY HOÀNG
I. Giới thiệu:- Windows Server 2008 tích hợp sẵn dịch vụ Active Directoy Right Management Services (AD RMS). AD RMS có chức năng phân quyền trên tài nguyên (document, e-mail….)- Các loại dữ liệu hỗ trợ quyền của AD RMS gồm: MS Word, MS Excel, MS Power Point, MS Outlook phiên bản 2003 và 2007.- Mục đích bài lab là hướng dẫn cài đặt và cấu hình AD RMS. Bài lab gồm các bước:1. Cài đặt RMS2. Cấu hình RMS3. Phân quyền trên tài nguyên4. Kiểm tra quyền
II. Chuẩn bị: - Một máy Windows Server 2008 đã nâng cấp Domain Controller (trong bài lab sử dụng MS Virtual PC)- Mở Microsoft Virtual PC, khởi động máy ảo WIN2K3_DC, log on [email protected] password P@ssword- Tạo lần lượt các users trong bảng sau:RMSAdmin/P@ssword U1/P@ssword U2/P@ssword
- Cho user RMSAdmin làm thành viên của group Domain Admins- Mở Properties user Administrator, điền thêm thông tin E-mail là [email protected]
![Page 4: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/4.jpg)
III. Thực hiện:1. Cài đặt RMS- Mở Server Manager từ Administrative Tools, chuột phải Roles, chọn Add Roles
![Page 5: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/5.jpg)
- Trong cửa sổ Before You Begin, chọn Next
![Page 6: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/6.jpg)
- Cửa sổ Select Server Roles, đánh dấu chọn vào ô Active Directory Rights Management Services
![Page 7: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/7.jpg)
- Trong hộp thoại Add Roles Wizard chọn Add Required Features
![Page 8: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/8.jpg)
- Cửa sổ Select Server Roles, chọn Next
![Page 9: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/9.jpg)
- Cửa sổ Active Directory Rights Management Services, chọn Next
![Page 10: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/10.jpg)
- Cửa sổ Select Role Services, kiểm tra có đánh dấu chọn Active Directory Rights Management Server, chọn Next
![Page 11: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/11.jpg)
- Cửa sổ Create or Join an AD RMS Cluster, chọn Next
![Page 12: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/12.jpg)
- Cửa sổ Select Configuration Database, chọn Next
![Page 13: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/13.jpg)
- Cửa sổ Specify Service Account, chọn Specify…
![Page 14: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/14.jpg)
- Cửa sổ Add Roles Wizard, nhập user RMSAdmin password P@ssword, chọn OK
![Page 15: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/15.jpg)
- Cửa sổ Specify Service Account, chọn Next
- Cửa sổ Configure AD RMS Cluster Key Storage, chọn Use AD RMS centrally managed key storage, chọn Next
![Page 16: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/16.jpg)
- Cửa sổ Specify AD RMS Cluster Key Password, nhập P@ssword vào ô Password và Confirm Password, chọn Next
![Page 17: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/17.jpg)
- Cửa sổ Select AD RMS Cluster Web Site, chọn Default Web Site, chọn Next
![Page 18: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/18.jpg)
- Cửa sổ Specify Cluster Address, chọn Use an SSL-encrypted connection (https://), chọn Next
![Page 19: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/19.jpg)
- Cửa sổ Choose a Server Authentication Certificate for SSL Encryption, chọn Create a self-signed certificate for SSL encryption, chọn Next
![Page 20: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/20.jpg)
- Cửa sổ Name the Server Licensor Certificate, nhập tên máy Server (vd: PCxx)vào ô Name, chọn Next
![Page 21: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/21.jpg)
- Cửa sổ Register AD RMS Service Connection Point, chọn Register the AD RMS service connection point now, chọn Next
![Page 22: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/22.jpg)
- Cửa sổ Web Server (IIS), chọn Next
![Page 23: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/23.jpg)
- Cửa sổ Select Role Servics, chọn Next
![Page 24: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/24.jpg)
- Cửa sổ Confirm Installation Selections, chọn Install
![Page 25: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/25.jpg)
- Sau khi cài đặt thành công, cửa sổ Installation Results, chọn Close
Lưu ý: Sau khi cài đặt thành công phải restart máy.
2. Cấu hình RMS- Mở Active Directory Rights Management Services từ Administrative Tools- Trong hộp thoại Seciurity Alert, chọn View Certificate
![Page 26: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/26.jpg)
- Cửa sổ Certificate, chọn Install Certificate
![Page 27: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/27.jpg)
- Cửa sổ Welcome to the Certificate Import Wizard, chọn Next
![Page 28: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/28.jpg)
- Cửa sổ Certificate Store, chọn Place all certificate in the following store, trong ô Certificate store, trỏ đường dẫn đến Trusted Root Certification Authorities, chọn Next
![Page 29: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/29.jpg)
- Cửa sổ Completing the Certificate Import Wizard, chọn Finish
![Page 30: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/30.jpg)
- Trong hộp thoại Security Warning, chọn Yes
![Page 31: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/31.jpg)
- Hộp thoại Certificate Import Wizard, chọn OK
- Trong cửa sổ Active Directory Rights Management Services, bung RMS server (vd: PC01.msopenlab.com), kiểm tra cấu hình RMS thành công.
3. Phân quyền trên tài nguyên- Mở Windows Exprorer, tạo file C:\Data\tailieu.doc có nội dung tùy ý.
![Page 32: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/32.jpg)
- Mở file tailieu.doc, click vào biểu tượng , chọn Prepare, chọn Retrict Permission, chọn Restricted Access- Cửa sổ Permission, add U1 vào ô Read, U2 vào ô Change, chọn OK
![Page 33: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/33.jpg)
4. Kiểm tra quyền- Log on user U1 password P@ssword- Mở Windows Explorer, vào C:\Data mở tailieu.doc, cửa sổ chứng thực nhập user U1 password P@ssword, chọn OK
![Page 34: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/34.jpg)
- Hộp thoại Security Alert, chọn Yes
- Hộp thoại Microsoft Office chọn OK
![Page 35: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/35.jpg)
- Cửa sổ Microsoft Word, tại thanh Restricted Access chọn View Permission…
- Kiểm tra quyền của U1 trên tailieu.doc
![Page 36: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/36.jpg)
- Tương tự như các bước trên, logon user U2 password P@ssword, vào C:\Data mở file tailieu.doc- Trong hộp thoại chứng thực, nhập user U2 password P@ssword
- Cửa sổ Microsoft Word, tại thanh Restricted Access chọn View Permission…
![Page 37: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/37.jpg)
- Kiểm tra quyền của U2 trên tailieu.doc
![Page 38: Active directory rights management services](https://reader033.vdocuments.mx/reader033/viewer/2022042907/5878a5161a28ab42588b6523/html5/thumbnails/38.jpg)