Home > Active Directory, Microsoft, Security related > The Windows Server 2012 new File Server–part 2- Install AD RMS #Microsoft #winserv 2012 #mvpbuzz

The Windows Server 2012 new File Server–part 2- Install AD RMS #Microsoft #winserv 2012 #mvpbuzz

Part1: The Windows Server 2012 new File Server–part 1- Access Conditions #Microsoft #winserv 2012 #mvpbuzz


In Part 2 of this blog series, We will continue our exploration of the new File Server functionality, In order to complete our journey we will stop by one of my favourite but less fortunate features, Active Directory Rights Management Server.

Active Directory Rights Management Server or AD RMS has been around for several years, and for hidden and secret reasons it wasn’t adopted by a lot of customers, although I believe it is one of the most important features of Windows Server.

What is Active Directory Rights Management Services?

An AD RMS system includes a Windows Server® 2008-based server running the Active Directory Rights Management Services (AD RMS) server role that handles certificates and licensing, a database server, and the AD RMS client. The latest version of the AD RMS client is included as part of the Windows Vista® operating system. The deployment of an AD RMS system provides the following benefits to an organization:

  • Safeguard sensitive information. Applications such as word processors, e-mail clients, and line-of-business applications can be AD RMS-enabled to help safeguard sensitive information Users can define who can open, modify, print, forward, or take other actions with the information. Organizations can create custom usage policy templates such as “confidential – read only” that can be applied directly to the information.
  • Persistent protection. AD RMS augments existing perimeter-based security solutions, such as firewalls and access control lists (ACLs), for better information protection by locking the usage rights within the document itself, controlling how information is used even after it has been opened by intended recipients.
  • Flexible and customizable technology. Independent software vendors (ISVs) and developers can AD RMS-enable any application or enable other servers, such as content management systems or portal servers running on Windows or other operating systems, to work with AD RMS to help safeguard sensitive information. ISVs are enabled to integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.

More Information: http://technet.microsoft.com/en-us/library/cc771627(v=ws.10).aspx

In this blog we will install AD RMS on a new Windows Server 2012 machine, this machine will be used later in my next blog post for Data Classification and policy enforcement.

Installing Active Directory Rights Management Server in Windows Server 2012:

The AD RMS setup has been dramatically improved, in the old days it was hard, and even the improved setup experience in Windows 2008 is no match for the improved setup in Windows Server 2012, and as you can expect everything is controlled by the server manager so to install AD RMS, open the Sever manager and Select Add Roles and Features, from there select AD RMS, Once installed, the Server Manager will tell you that there is pending configuration


In the following screen, select the perform additional configuration:


and in the welcome screen click next:


In the AD RMS Cluster, and since this is the first server, we will create a new cluster:


In the Configuration Database, I will use internal Database, this is a lab environment but make sure to have the proper SQL installation in place if you are using the ADRMS setup in production:


In the Service Account, type in a designated service account, this is a normal account with special permissions (if you are installing the AD RMS on a DC”for testing”, this account must be a member of the Builtin “Administrators” group:


In the Cryptographic mode, Select mode-2 it is much more secure:


In the Key Storage, I will choose to use AD RMS to store the Key:


In the key password, supply a password to protect the key:


In the AD RMS Website, Select the Web Site that will host the AD RMS web services:


In the Cluster Address, Specify the FQDN that will be used my the clients to communicate with the AD RMS Server and the transport protocol, I will keep it simple and choose the HTTP, however you might want to use HTTPS since it is more secure:


In the Server Licensor Certificate name, specify a name for the certificate, and click next:


In the AD RMS service registration, register the AD RMS SCP unless for mysterious reasons you want to do it later:


In the installation summary, review the installation and click install:


Congrats, once finished you then you completed the AD RMS installation, you can configure templates and additional configuration.

In the next blog post, we will see how we can use the AD RMS and Data classification infrastructure to protect valuable and confidential data, on file shares.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: