(i) IIS permissions settings
Next we need to manually configure the appropriate IIS permissions for the RMS component. RMS relies on the IIS service, so to configure the permissions associated with IIS, some components of RMS can function correctly.
The RMS service-side application requests the RMS service through the server certification component of IIS and needs to set the appropriate permissions on the object.
We open the IIS console and navigate to the following location.
650) this.width=650; "title=" 80271767df7e4299950eb54ad20a60be "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" 80271767df7e4299950eb54ad20a60be "src=" http://s3.51cto.com/ Wyfs02/m02/7f/11/wkiom1cr0jvxwyhjaae0q-gluc4937.jpg "height=" 416 "/>
Right-click Certification and select Browse.
650) this.width=650; "title=" Cd400fae74f249c18d179172c64653ec "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" cd400fae74f249c18d179172c64653ec "src=" http://s3.51cto.com/ Wyfs02/m00/7f/11/wkiom1cr0kgy84saaafkbck5fjk076.jpg "height=" 484 "/>
Then select the ServerCertification.asmx file and right-click on "Properties".
650) this.width=650; "title=" b8277f3eac8047d4bf916f4bfbea3470 "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" b8277f3eac8047d4bf916f4bfbea3470 "src=" http://s3.51cto.com/ Wyfs02/m01/7f/11/wkiom1cr0kly9yccaad1gn1x_bu386.jpg "height=" 432 "/>
Switch to the Security tab and you can see that the default file has only system permissions.
650) this.width=650; "title=" db2490af321c44c3a9f4894422ab6488 "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" db2490af321c44c3a9f4894422ab6488 "src=" http://s3.51cto.com/ Wyfs02/m00/7f/11/wkiom1cr0kstudhiaadgk1rrpym949.jpg "height=" 362 "/>
We need to add the appropriate permissions for this file to the Exchange Server group, the Adrms Service group.
First, add the domain group to which Exchange Server reads and executes, and reads permissions for the file.
650) this.width=650; "title=" ae9b278aaf044601a8e3ffa55b3fb732 "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" ae9b278aaf044601a8e3ffa55b3fb732 "src=" http://s3.51cto.com/ Wyfs02/m00/7f/0e/wkiol1cr0v-aghd2aacof8ihebu666.jpg "height=" 484 "/>
The local Adrms service group is then added to the read and execute, read permissions for the file.
650) this.width=650; "title=" 38c4022d9a714bff93b9a64029bf4a2c "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" 38c4022d9a714bff93b9a64029bf4a2c "src=" http://s3.51cto.com/ Wyfs02/m01/7f/0e/wkiol1cr0whbem1baac3wcksok8951.jpg "height=" 472 "/>
(ii) Creating the RMS Super Administrative group
Adrms allows you to use a stand-alone Exchange mailbox user or mail distribution group to become a Super Administrator (super User). For ease of maintenance, it is recommended that you use distribution groups as Superuser.
The Super users group is disabled by default and needs to be enabled manually.
First, log in to the central administration of Exchange 2016 and create a distribution group.
650) this.width=650; "title=" 42e2a9eafc2144bc95514f44209d8aaf "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" 42E2A9EAFC2144BC95514F44209D8AAF "src=" http://s3.51cto.com/ Wyfs02/m00/7f/11/wkiom1cr0kiiwfuzaacdjsxlvo0071.jpg "height=" 439 "/>
Then open the ad Users and computers, navigate to the distribution group, we add the RMS Superuser to the group, because I am currently testing with administrator, the user is in the group by default.
650) this.width=650; "title=" 29d2e3215c8e44a4928a15d371234bf8 "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" 29d2e3215c8e44a4928a15d371234bf8 "src=" http://s3.51cto.com/ Wyfs02/m02/7f/11/wkiom1cr0kmdi-y0aab-s-wkera022.jpg "height=" 274 "/>
(iii) Enable Superuser (group) on the RMS server
Open the Adrms console and navigate to the Super User node.
650) this.width=650; "title=" 85bb846f06b34d3ebfae8b63a38053ce "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" 85bb846f06b34d3ebfae8b63a38053ce "src=" http://s3.51cto.com/ Wyfs02/m02/7f/0e/wkiol1cr0wwt8vjhaadonujrjeo175.jpg "height=" 372 "/>
Select Enable Super User in the upper-right corner, after enabling.
650) this.width=650; "title=" 00de4e90cdc1427a89536963976e03f9 "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" 00de4e90cdc1427a89536963976e03f9 "src=" http://s3.51cto.com/ Wyfs02/m02/7f/11/wkiom1cr0kytzhz9aadb4lx0ek0787.jpg "height=" 342 "/>
Then we click on "Change Super user group".
Browse to select the Rmsadmins distribution group that we created earlier.
650) this.width=650; "title=" 139f3c85e02046ad932944e84095fbd1 "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" 139f3c85e02046ad932944e84095fbd1 "src=" http://s3.51cto.com/ Wyfs02/m02/7f/0e/wkiol1cr0wiqrj-haadydd7kbnw929.jpg "height=" 445 "/>
An RMS power User or group that has unrestricted access to the protected data and that members of that group can decrypt the work.
When enabled,.
650) this.width=650; "title=" a5ec1d44684f44b2bb8ed3fd80898804 "style=" border-top:0px;border-right:0px; border-bottom:0px;border-left:0px; "border=" 0 "alt=" a5ec1d44684f44b2bb8ed3fd80898804 "src=" http://s3.51cto.com/ Wyfs02/m00/7f/0e/wkiol1cr0wrstp9raads7dff23c656.jpg "height=" 370 "/>
This article from "Zeng Hung Xin Technical column" blog, declined to reprint!
Exchange 2016 integrates Adrms series-4: Configuring RMS Role 2
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
