Overview

Introduction

The Implement AD Rights Management Services module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

  • Prepare System Requirements for AD Rights Management Services
  • Configure AD Rights Management Services
  • Set up AD RMS Templates
  • Create an Exclusion and Trust Policy
  • Test AD RMS Client Functionality

Exam Objectives

The following exam objectives are covered in this lab:

  • Install a licensor certificate AD RMS server
  • Install AD RMD Service Connection Point (SCP)
  • Manage AD RMS templates
  • Configure Exclusion Policies

Exercise 1 - Prepare System Requirements for AD Rights Management Services

Confidential corporate data is at possible risk when it is passed between users in an organization and sent to external contacts over the Internet. To deal with these challenges, companies can implement data security tools that will allow them to enforce access control and ensure that only authorized users or business partners can access classified information.

Windows Server 2016 as in the earlier versions of Windows includes Active Directory Rights Management Service or AD RMS. AD RMS is an information rights management service that encrypt information and enforce granular access control to digital files created by a company. AD RMS can be configured to decide how it will release information to a requesting corporate user or to external affiliates which has business relationship with an organization.

Exercise 2 - Configure AD Rights Management Services

The objective of AD RMS is to protect information regardless of where it is saved either in the corporate network or in the cloud. AD RMS depends on the Active Directory Domain Services (AD DS) to authenticate the users, groups that consume the services of this access solution technology.

Like most Windows features, configuring AD RMS is a straightforward process assuming the prerequisites have been successfully complied with. In this exercise, you will supply the necessary information such as set up the AD RMS cluster and enable the AD RMS service.

Exercise 3 - Set up AD RMS Templates

The objective of an AD RMS deployment is to protect proprietary information regardless of its location either on premise or in the cloud. When AD RMS protection is applied to a file created in Microsoft Office, the protection stays with the file wherever it goes. The creator of the file is the only one who can remove the protection from the files, change the permissions on the file as to who can view, write, edit, print or export the file.

AD RMS use templates wizard to streamline the process of assigning controls to protected content. The AD RMS templates form part of the configuration database that was configured in an earlier task of this module. Typically, the created templates are published in a shared folder for accessibility to client computers that will be consuming content from AD RMS server

Exercise 4 - Create an Exclusion and Trust Policy

AD RMS implement exclusion policies to block certain entities like applications or users to acquire certificate and licenses. For instance, when an application is excluded such as an earlier version of Microsoft Office, it will not be functional and will be not issued licenses to create protected content.

However, items included in the exception list can be modified at any given time due to system requirements. You can delete an entity from the exclusion list and licensing requests will not consider that entity such an application or user as excluded.

In this exercise you will create and exclusion and trust policy for AD RMS.

Exercise 5 - Test AD RMS Client Functionality

After setting up the prerequisites of AD RMS and configuring the templates including the exclusion lists, you will now test if a user can create protected content using AD RMS.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.