Adrms deployment series (5)-configure and use the adrms permission template for encryption

After installing adrms, we can use it directly. However, to make it easier for others, we can define some templates in adrms for others to use, the so-called template is a set of permissions. For example, you can set documents encrypted using this template. Common employees in the technical department can view the information, but cannot change the information. The technical department leaders can fully control the information, this type of permissions can be implemented by yourself, but it is very troublesome. If you operate frequently, the efficiency will be very low. In this way, we can directly set a template for users to use, permission templates are actually XML files. We need to define a shared folder to allow clients to access these permission templates.

1. Create a shared folder and grant the read-only permission.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B4/wKiom1P0AW-Cp230AAFazovcAjk728.jpg "style =" float: none; "Title =" image 001.png" alt = "wKiom1P0AW-Cp230AAFazovcAjk728.jpg"/>

2. Open the adrms console, find the Permission Policy template, and change the location of the distributed Permission Policy template file.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B6/wKioL1P0Aoez02NeAAU2nTCECDE598.jpg "style =" float: none; "Title =" image 002.png" alt = "wkiol1p0aoez02neaau2ntcecde598.jpg"/>

3. Select enable export and select the shared folder you just created.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B4/wKiom1P0AW_jD6SqAAFqLoazlPg987.jpg "style =" float: none; "Title =" image 003.png" alt = "wkiom1p0aw_jd6sqaafqloazlpg987.jpg"/>

4. Create a distributed Permission Policy template

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B6/wKioL1P0AojjOLTHAAVBr5CQO4A416.jpg "style =" float: none; "Title =" image 004.png" alt = "wkiol1p0aojjolthaavbr5cqo4a416.jpg"/>

5. Add template ID

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B4/wKiom1P0AXCjucbbAAGSc_NvFec420.jpg "style =" float: none; "Title =" image 005.png" alt = "wkiom1p0axcjucbbaagsc_nvfec4w.jpg"/>

6. The name of the template ID, that is, the name of the template that will be viewed in the customer ticket. Therefore, be sure to write the name clearly.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B6/wKioL1P0AoiRSi1UAAD6ileJlk4556.jpg "style =" float: none; "Title =" image 006.png" alt = "wkiol1p0aoirsi1uaad6ilejlk4556.jpg"/>

7. After the creation is complete, next step

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B4/wKiom1P0AXDQ19QzAAGz3xnC5kk057.jpg "style =" float: none; "Title =" image 007.png" alt = "wkiom1p0axdq19qzaagz3xnc5kkk057.jpg"/>

8. Add users and Set permissions

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B6/wKioL1P0AoijHNRFAAHfwAaPipg580.jpg "style =" float: none; "Title =" image 008.png" alt = "wkiol1p0aoijhnrfaahfwaapipg580.jpg"/>

9. Here, add [email protected], which is the IT department group and is read-only for the IT department.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B5/wKiom1P0BOzAERCyAAH_yyCNlH4161.jpg "style =" float: none; "Title =" image 009.png" alt = "wkiom1p0bozaercyaah_yycnlh4161.jpg"/>

10. Add [email protected] To give him full control of permissions.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B7/wKioL1P0BgeCrlChAAHG6h2-2pc430.jpg "style =" float: none; "Title =" image 010.png" alt = "wKioL1P0BgeCrlChAAHG6h2-2pc430.jpg"/>

11. Set the document expiration time so that it will not be protected by RMS after expiration.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B5/wKiom1P0BPDhLLwNAAHcEkjUHwo356.jpg "style =" float: none; "Title =" image 011.png" alt = "wkiom1p0bpdhllwnaahcekjuhwo356.jpg"/>

12. Skipped here

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B7/wKioL1P0BgjS3Z7DAAG8Su5B5vk278.jpg "style =" float: none; "Title =" image 012.png" alt = "wkiol1p0bgjs3z7daag8su5b5vk278.jpg"/>

13. Click Finish.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B5/wKiom1P0BPDSSTrgAAGiIlc8J4o398.jpg "style =" float: none; "Title =" image 013.png" alt = "wkiom1p0bpdsstrgaagiilc8j4o398.jpg"/>

14. You can also see the created template in the console.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B7/wKioL1P0BgmRxB0XAAXdgusueNo354.jpg "style =" float: none; "Title =" image 014.png" alt = "wkiol1p0bgmrxb0xaaxdgusueno354.jpg"/>

15. To enable the client to see the template, you also need to set the Office group policy. The Office group policy has been set many times before. For details, refer to this page.

Http://mxyit.blog.51cto.com/4308871/1413689

First download the office management template

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B5/wKiom1P0BPHxIQUgAASk4_8fvlM686.jpg "style =" float: none; "Title =" image 015.png" alt = "wkiom1p0bphxiqugaask4_8fvlm686.jpg"/>

16. Copy the template file to the policydefinitions directory below. Note that this directory should not exist by default and need to be created manually.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B5/wKiom1P0BPHhunx8AAMhVvKCtyM580.jpg "style =" float: none; "Title =" image 016.png" alt = "wkiom1p0bphhunx8aamhvvkctym580.jpg"/>

17. Copy the management template

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B5/wKiom1P0Bx2Q_jsxAASoHFNvEoI460.jpg "style =" float: none; "Title =" image 017.png" alt = "wkiom1p0bx2q_jsxaasohfnveoi460.jpg"/>

18. after you open the Group Policy, you will find that all the original Windows components have disappeared. This is because after you create the policydefinitions folder, the Group Policy will read the Group Policy from the central storage, that is, the policydefinitions folder, instead of reading local group policies

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B7/wKioL1P0CDbSTm-hAAMpWA5OnGk554.jpg "style =" float: none; "Title =" image 018.png" alt = "wKioL1P0CDbSTm-hAAMpWA5OnGk554.jpg"/>

19. Therefore, we need to copy the template file to central storage in the Local Group Policy template. The following is the path of the Local Group Policy template.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B5/wKiom1P0Bx7RSgnxAAYQQbmJMEE470.jpg "style =" float: none; "Title =" image 019.png" alt = "wkiom1p0bx7rsgnxaayqqbmjmee470.jpg"/>

20. Copy the template file to central storage

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B7/wKioL1P0CDaSY7r_AAYl-Oq15vM234.jpg "style =" float: none; "Title =" image 020.png" alt = "wKioL1P0CDaSY7r_AAYl-Oq15vM234.jpg"/>

21. Now I open the Group Policy and you will see all the options.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B5/wKiom1P0Bx7AKTb_AAL4EsLSU5o018.jpg "style =" float: none; "Title =" image 021.png" alt = "wkiom1p0bx7aktb_aal4eslsu5o018.jpg"/>

22. Find the URL where the document template is located in the restricted permission management page.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B7/wKioL1P0CDewO2yuAAc7L619JVc294.jpg "style =" float: none; "Title =" image 022.png" alt = "wkiol1p0cdewo2yuaac7l619jvc294.jpg"/>

23. Path of the configuration management template

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B6/wKiom1P0Bx_RCYpLAAM83DSmsGQ666.jpg "style =" float: none; "Title =" image 023.png" alt = "wkiom1p0bx_rcyplaam83dsmsgq666.jpg"/>

24. Refresh the Group Policy on the client

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B7/wKioL1P0CDmDqBcvAAfcRthhEH8397.jpg "style =" float: none; "Title =" image 024.png" alt = "wkiol1p0cdmdqbcvaafcrthheh8397.jpg"/>

25. Open the office software

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B7/wKioL1P0Cm7hAGLVAALDPQ5cjeE308.jpg "style =" float: none; "Title =" image 025.png" alt = "wkiol1p0cm7haglvaaldpq5cjee308.jpg"/>

26. Find the restricted access in the protection document and you can see it, that is, the previously defined template.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/46/B7/wKioL1P0Cm-gW3MdAAMuz0j8IIQ688.jpg "style =" float: none; "Title =" image 026.png" alt = "wKioL1P0Cm-gW3MdAAMuz0j8IIQ688.jpg"/>

27. Use this template for encryption

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B6/wKiom1P0CVeRj2-7AAKlj7mXKvo620.jpg "style =" float: none; "Title =" image 027.png" alt = "wKiom1P0CVeRj2-7AAKlj7mXKvo620.jpg"/>

28. The document can be viewed by other people in the IT department and cannot be edited.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/46/B7/wKioL1P0Cm-ABaU6AAGDPKwHo6U260.jpg "style =" float: none; "Title =" image 028.png" alt = "wKioL1P0Cm-ABaU6AAGDPKwHo6U260.jpg"/>

29. The document editing is gray

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/46/B6/wKiom1P0CVeDRBkjAAHU2uVhW-c640.jpg "style =" float: none; "Title =" image 029.png" alt = "wKiom1P0CVeDRBkjAAHU2uVhW-c640.jpg"/>

When a document is copied to another location, you need to connect the document to the adrms server. If the connection fails, the document cannot be opened. Therefore, you do not need to worry about security issues even if the document is taken away.

When using adrms on the client, you may encounter many problems. We will explain them one by one.

This article is from the "Just make it happen" blog, please be sure to keep this source http://mxyit.blog.51cto.com/4308871/1542376