Understanding Active Directory

Christopher Chapman | MCT

Content PM, Microsoft Learning, PDG Planning , Microsoft
 Microsoft
Virtual
Academy
Click to edit Master
Active Directory Rights Management subtitle style

Services (AD RMS)

Module Overview

• AD RMS Overview
• Understanding AD RMS
• Managing AD RMS
Lesson 1: AD RMS Overview

• Overview of AD RMS
• How AD RMS Works
• Options for Using AD RMS
Overview of AD RMS
Active
Active Directory
Directory Rights
Rights Management
Management Services
Services (AD RMS)
(AD RMS) isis an
an information
information protection
protection
technology
technology that
that works
works with
with AD
AD RMS-enabled
RMS-enabled applications
applications to
to help
help safeguard
safeguard digital
digital
information
information from
from unauthorized
unauthorized use
use

AD RMS can be used to:

Restrict access to an organization’s intellectual property

Limit the actions users can perform on content

Limit the risk of content being exposed outside the organization

How AD RMS Works

1 RMS Server

2 3

Information Recipient
Author
Options for Using AD RMS
Action Application Features

Microsoft® Office:
• Word • Set rights (View, Change, Print)
Protect Sensitive Files
• Excel® • Set validity period
• PowerPoint®

• Help protect sensitive e-mail from being

Do-Not-Forward/Print E- Microsoft Office sent to the Internet
mail Outlook® • Help protect confidential e-mail from
being taken outside of the company

• Internet Explorer® Help safeguard intranet content by

restricting access to:
Help Safeguard Intranet • Microsoft Office
 View
Content SharePoint®  Change
Services
 Print

All RMS-enabled
Identity Federation Support Help safeguard data across AD FS trusts
applications
Lesson 2: Understanding AD RMS

• AD RMS Components
• AD RMS Certificates and Licenses
• How AD RMS Secures Content
• How AD RMS Restricts Access to Data
• Demonstration: How AD RMS Works
AD RMS Components

SQL Server Active Directory

Domain Controller

AD RMS Server

RMS Enabled Information

Application Author Recipient
AD RMS Certificates and Licenses
AD RMS Certificates and Licenses include:
Lockbox
Machine certificate
Rights account certificate
Client licensor certificate
Publishing license
Use license
Revocation list
How AD RMS Protects Content

SQL Server Active Directory Domain

Controller

3 AD RMS
Server

2 1

RMS-enabled
Application

4
Information Recipient
Author
How AD RMS Restricts Access to Data
3

SQL Server Active Directory Domain

Controller

2
AD RMS
Server
4 5
1

RMS-enabled
Application

Information Recipient
Author
Demonstration: Installing AD RMS

In this demonstration, you will see how to install AD RMS

Lesson 3: Managing AD RMS

• AD RMS Server Role Installation Overview

• Demonstration: AD RMS Management Console
• What Are Exclusion Policies?
• What Are Rights Policy Templates?
AD RMS Server Role Installation Overview
Installation Requirements:
The server must be a member of the domain

Additional Roles required:

Web Server (IIS)
Windows Process Activation Service (WPAS)
Message Queuing
Windows Internal Database

Service Account

Microsoft SQL Server

Demonstration: AD RMS Management Console

• In this demonstration, you will see the AD RMS Management

Console
What Are Exclusion Policies?
Exclusion
Exclusion policies
policies prevent
prevent users,
users, applications,
applications, lockboxes,
lockboxes, and
and operating
operating systems
systems from
from
acquiring
acquiring certificates
certificates and
and licenses
licenses from
from servers
servers inin the
the cluster
cluster

Exclusion can be enabled by:

User ID
Public Key String
Application by version
Lockbox Version
Windows Version
What Are Rights Policy Templates?
Rights
Rights policy
policy templates
templates provide
provide aa manageable,
manageable, consistent
consistent way
way for
for workers
workers to
to apply
apply
predefined
predefined policies
policies to
to information
information

Administrators can use rights policy templates

to:
Apply expiration policies for content and licenses

Set extended policies that:

Allow content to be viewed in a browser
Disable client-side caching of use licenses

Set revocation policies to enable content rights to be revoked

Templates are defined for each language to be supported

Module Review and Takeaways

• Review Questions
• Summary of AD RMS
Thanks for Watching!
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the
U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.