Windows RMS deployment

The RMS deployment in this article has made some practical operations and strives to be simple and clear ..

I. Preparation
The RMS system is built on win2003, which consists of two parts: the server and the client. The server can only be installed on win2003 and cannot be installed on win2000 or later versions. Installing RMS requires a lot of things, including Active Directory support, email, MSMQ and database support.

Lab environment:
* A win2003 server with the file system NTFS.
* The Active Directory has been installed with the domain name ets.com.cn.
* MSMQ and IIS (ASP. NET) are installed
* MSDE 2000 (I have this alternative to SQL Server, and you can also use SQL Server SP3)
* Internet connection (this is important !!!)
After the preceding requirements are met, you can start to install RMS.

Ii. Install and set the RMS Server
1. Install MSDE, download and unpackage MSDE, and run setup.exe/I setup/sqlrun10.msi InstanceName = RMS disableagentstartup = 1 sapwd = password in the installation directory, this command is used to create an SQL service named RMS instance. See the figure below:

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18394 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

After the installation is complete, you can view the MSSQL $ RMS service object in the service.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18395 ">

Start it up.

2. Install the RMS server program
Installing the RMS server program is simple. You can simply follow the prompts as required. Standard MSI installer.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18396 ">

After installation, a connection is generated in the program group.

3. Set the root Authentication Server
Open the RMS management item in the program group and you will see the system? Started an IE and opened a local website. Strange? It's not surprising that RMS itself is set through IE.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18398 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

This is the Global Management page of RMS. The first time you enter this page, the system will prompt you to create an RMS server. You can perform RMS management and add clusters here later.
Okay. Now, select "set rms on this website" to go to the settings page.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18399 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Here, you can see that the system prompts you to create a root authentication server in red. If you have installed RMS before, it will not be displayed here.
Note: If you need to delete the RMS root authentication server, you must first Delete the SCP in the ad before deleting it. Otherwise, you cannot create a root authentication server again.
Okay. Let's take a look at what needs to be configured:
* Database: It can be local or remote, and the server name/Instance name can be written as required"
* Service account: it can be a local system (insecure, not recommended) or a legal domain user (note: the service account here cannot be the currently installed user !!)
* RMS certificate protection: You can choose to use software protection (you need to set a complex password)

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18400 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

If you want to be more secure, you can also use hardware protection (choose to create a new key pair ).

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18401 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

* Server licensor certificate: Enter the server administrator information.
* Proxy Server Settings: Because the certificate of the registered server license must be connected to the Internet, it must be set here (if there is no proxy, you do not need to set it)
OK, complete, submit.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18402 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Retrieve server license while setting

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18403 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

After the settings are complete, follow the prompts to return to the global management page.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18404 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Back to global management page

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18405 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Have you seen the change? Select "manage rms on this website" to go to the Management page.
Tip: You can also change the RMS service account or delete the website from the cluster.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18407 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

On this page, we should now be able to see some server license information and expiration time. Do not care about this first. Do you see the system prompts in red? Yes. First, you must register a service connection point. OK, go ..
Click "RMS service connection point" to go to the settings page. Follow the prompts to register. After registration, you can also cancel the connection point here (see precautions for deletion)

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18408 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Return to the global page. Now the server settings are complete.
4. The following is a description on the Management page:
1. Trust policy. You can configure trust. NET Passport. If you want DRM to work with previous MnS, you must set it. You can also export the certificate or change the trust domain information here.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18409 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

2. Permission Policy templates are simple. They are used to define enterprise permission policies. administrators can define some ready-made policy templates for enterprise users to directly call them.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18410 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

3. log record: displays the location of the current log database

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18411 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

4. External cluster URL, optional

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18412 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

5. rm certified user report. The number of users using the RMS service is displayed here (it should be used for license authorization)

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18413 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

6. Security Settings: here we have made security settings, including super user groups (groups with administrative permissions) and certificate key resetting, set the proxy and cancel the RMS configuration (you must cancel the configuration before deleting it ).

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18414 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

7. The next step is the Authentication Settings. Here is the validity period of the certificate.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18415 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

8. Exclusion Policy: The Role of exclusion measurement is to prevent unauthorized users from using the RMS service. Here, you can define excluded Password box versions, Windows versions, RM user certificates, and application items.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18416 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

OK. Here, the server configuration is almost complete. Let's take a rest and check the client configuration.
---------------
3. Install and set the RMS Client
1. Preface
The RMS client is different from the client provided in office2003.
2. Installation
The installation process is also simple. Directly install the MSI installer.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18417 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

3. Activate the computer
Go to the DRM directory on the system disk, find the actmachine command, and run actmachine.exe/N/p c:/wrmstemp. Cab to download the Password box.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18418 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Password compartment after download

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18419 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Decompress the Password box to system32, and then execute the command: % WINDIR %/system32/rundll32.exe advpack. dll, launchinfsection secrep. inf, install, n
Install the Password box,

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18420 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Note: This operation requires an Internet connection. If it is not performed on the RMS server, this operation uses the RMS server as the registration proxy to register the Password box.
4. Start the RMS application and obtain the user certificate.
Start applications that support RMS (for example, office2003), create protected content, and obtain user certificates.
You can use passport or Windows Domain Users.

The registry key used by Office 2003 is:
Hive: HKEY_LOCAL_MACHINE
Key: software, Microsoft, office, 11.0, common, and DRM
Type: REG_SZ
Value: corpcertificationserver: HTTP [s]: // <fqdnofserver>/_ wmcs/Certification
Value: corplicensingserver: HTTP [s]: // <fqdnofserver>/_ wmcs/Licensing

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18421 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Login

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18422 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

OK. You can use RMS .. I am exhausted ..
Verify logon information

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18424 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Limits management settings

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18425 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Saved RMS protected text

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18426 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Iv. troubleshooting and troubleshooting
Before it is complete, the RMS setting process is complicated, so it is prone to errors. Ms provides a check tool to check -- irmcheck. You can install rmstoolskit to obtain it.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18423 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

You can see some meaningful error prompts through this figure. This figure shows a sample of failure to download the user certificate because the URL of the authorization cluster is not included in the trust site.
Correct irmcheck information sample:

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18427 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

--------------
When restricted text is opened.

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18428 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Current permission to view

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18429 "width =" 700 "onLoad =" If (this. width> screen. width * 0.7) {This. resized = true; this. width = screen. width * 0.7; this. alt = 'click here to open new window/nctrl + mouse wheel to zoom in/out';} "border =" 0 "resized =" true ">

Partially protected text format

CTRL + mouse wheel to zoom in/out "src =" http://www.winmag.com.cn/forum/showimg.asp? Id = 18430 ">