Home > Others

Exchange 2016 integrated Adrms series-1: Prerequisite Preparation

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to prevent unauthorized use of digital information, whether online and offline, or inside or outside the firewall. AD RMS is for organizations that need to protect sensitive information and proprietary information, such as financial statements, product descriptions, customer data, and confidential e-mail messages. AD RMS enhances your organization's security policies by providing protection for information through permanent usage policies (also known as usage rights and conditions), and persistent usage policies remain with the information regardless of where the information is moved. AD RMS permanently protects data in any binary format, so the use of permissions remains with the information, not the permissions residing only on the organization's network. This also enables the use of permissions to be enforced when the information is authorized by the receiving party (both online and offline, or inside and outside the firewall). AD RMS can establish the following necessary elements to help protect information through permanent use policies:

    • a trusted entity. organizations can specify entities, including individuals, user groups, computers, and applications that are trusted participants in an AD RMS system. By establishing a trusted entity, AD RMS can help protect information by granting access to only the appropriate trusted participants.

    • use permissions and conditions. organizations and individuals can specify usage rights and conditions that define how a particular trusted entity can use rights-protected content. Permissions are used to read, copy, print, save, forward, and edit. Permissions can be used to attach conditions, such as when these permissions expire. Organizations can block applications and entities from accessing rights-protected content.

    • encryption. encryption is the process of locking data by using an electronic key. AD RMS encrypts information so that access is based on a condition that successfully validates a trusted entity. Once the information is locked, only trusted entities that have been granted permission under the specified criteria (if any) can unlock or decrypt the information in an AD RMS-enabled application or browser. The application then enforces the defined usage rights and conditions.

For details, refer to:

Https://technet.microsoft.com/zh-cn/library/cc772403.aspx

This series of articles discusses how to protect Exchange 2016 mail communications with Adrms.

(i) Preparing the operating system

The system we use to deploy RMS is the Windows Server R2 operating system. Added to the demo.com test domain.

650) this.width=650; "title=" 2748e6105b2f4db2beca46e41efbe2f5 "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "2748e6105b2f4db2beca46e41efbe2f5" src= "http://s3.51cto.com/wyfs02/M02/7E/D8/wKioL1cK_ Zdhctopaadx5czjk-c131.jpg "height=" 484 "/>

(ii) Certificate Server preparation

Here I use the private CA in the intranet, which is collocated on the DC server in the test environment, and the production environment recommends that the CAS and DCS be deployed separately.

650) this.width=650; "title=" 80e3a06aba454f9590d14a242027b12d "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "80e3a06aba454f9590d14a242027b12d" src= "http://s3.51cto.com/wyfs02/M00/7E/DA/wKiom1cK_ N7bnmjyaaclzvmey_m704.jpg "height=" 235 "/>

Request a dedicated computer certificate for the RMS server.

Log on to the RMS server and use the MMC to load the certificate console for the request.

650) this.width=650; "title=" c672993c976d454486593e88c06b107c "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "c672993c976d454486593e88c06b107c" src= "http://s3.51cto.com/wyfs02/M02/7E/D8/wKioL1cK_ Zkquzalaab8um5ihmw906.jpg "height=" 195 "/>

Select Request a certificate.

650) this.width=650; "title=" A0DA4D7B435945EBBEE18CFD296DF0BD "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "A0DA4D7B435945EBBEE18CFD296DF0BD" src= "http://s3.51cto.com/wyfs02/M00/7E/D8/wKioL1cK_ Zogkrmtaaehwkdjaaq781.jpg "height=" 388 "/>

650) this.width=650; "title=" 0d0a84cc5f464d2cad4963fa0b693b18 "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "0d0a84cc5f464d2cad4963fa0b693b18" src= "http://s3.51cto.com/wyfs02/M01/7E/DB/wKiom1cK_OHAWjdcAACf _viyhl4315.jpg "height=" 465 "/>

650) this.width=650; "title=" 3b0e1ad51914449aa0a948604f8d8ef2 "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "3b0e1ad51914449aa0a948604f8d8ef2" src= "http://s3.51cto.com/wyfs02/M01/7E/D8/wKioL1cK_ Zszckbnaack1md5psq366.jpg "height=" 470 "/>

Upon completion,.

650) this.width=650; "title=" 9be5782ebf3742f8ae84978ba57a2d78 "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "9be5782ebf3742f8ae84978ba57a2d78" src= "http://s3.51cto.com/wyfs02/M02/7E/D8/wKioL1cK_ Zwgxtbfaac4mpzs-bw348.jpg "height=" 669 "/>

(iii) RMS service account preparation

Production environment It is recommended that you create a separate service account for RMS. If the RMS and DC are deployed separately, simply add the service account to the local Administrators group of the RMS server, and the permissions are domain user.

Also set the password never expires, the account will never expire.

650) this.width=650; "title=" 201E14E75F344D26BCDE50D6AD5E2FAF "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "201E14E75F344D26BCDE50D6AD5E2FAF" src= "http://s3.51cto.com/wyfs02/M02/7E/DB/wKiom1cK_ Ooi9v5saabvnn7ynhm592.jpg "height=" 345 "/>

650) this.width=650; "title=" 24465b3e8b8f46cd883807cefdda34c2 "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "24465b3e8b8f46cd883807cefdda34c2" src= "http://s3.51cto.com/wyfs02/M00/7E/D8/wKioL1cK_ Zbttrjdaabyiudhvy8655.jpg "height=" 344 "/>

Join the local Administrators group to the RMS server.

650) this.width=650; "title=" 4E6A35A7CA2343DBBE0595F8F8AF58FC "style=" border-top:0px;border-right:0px; background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; " Border= "0" alt= "4E6A35A7CA2343DBBE0595F8F8AF58FC" src= "http://s3.51cto.com/wyfs02/M01/7E/DB/wKiom1cK_ Otsmd4paab2iinh9_a291.jpg "height=" 324 "/>

This article from "Zeng Hung Xin Technical column" blog, declined to reprint!

Exchange 2016 integrated Adrms series-1: Prerequisite Preparation

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
pop3 connector exchange 2016 buy exchange server 2016 core connections integrated 1 exchange 2016 mailbox size best practice cisco 880 series integrated ethernet security router integrated chinese level 1 part 1 pdf sci fi series 2016

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More