Course 50404: Overview of Active Directory Rights Management Services with Windows Server 2008 R2
February 17, 2012
About this course
This two-day instructor-led course provides students with the knowledge to understand the role that Microsoft® Active Directory® Rights Management Services (AD RMS) plays in a wider infrastructure, and how it interacts with other Microsoft technologies.Audience profileAt course completionThis course is intended for experienced systems administrators who have working experience and background knowledge of Windows Server® 2008, and basic understanding of Active Directory, IIS, Microsoft® SQL Server®, and Microsoft® Exchange Server technologies. Basic knowledge of DNS, general networking, and PKI principles is also helpful.After completing this course, students will be able to:
- Understand AD RMS architecture, and the role the product plays as part of a wider infrastructure.
- Understand the AD RMS interaction model with other Microsoft technologies.
- Understand how several other Microsoft technologies use AD RMS to protect documents and email messages.
- Understand how to use AD RMS on server applications such as Microsoft® Office SharePoint® Server and Microsoft Exchange Server.
- Create, manage, and distribute rights policy templates as an AD RMS administrator.
- Understand the different trust relationships that can extend AD RMS protection beyond your infrastructure.
- Course details
Clinic OutlineModule 1: Why Rights ManagementThis module provides an overview of Microsoft Active Directory Rights Management Services (AD RMS). The overview describes how the product works, the business reasons for using AD RMS, and the technology that you use to deploy an AD RMS environment.Lessons
- A Bit of History
- Business Reasons for AD RMS
- What AD RMS Does
- AD RMS Usage Scenarios
- AD RMS Technology Overview
Module 2: AD RMS Architecture, Installation, and ProvisioningAfter completing this module, students will be able to:
- User experience protecting Microsoft Office system documents.
This module covers the basic architecture and concepts of AD RMS. Most of the concepts introduced in this module will be covered in more detail in other modules later in the course. The student will also learn the procedure for deploying AD RMS servers, as well as the permissions required for the accounts that are used in the deployment and management of AD RMS.Lessons
- Understand how RMS technology has evolved on the Windows platform
- Explain the business reasons for using AD RMS.
- Explain the features AD RMS provides.
- Identify the advantages and limitations inherent in AD RMS.
- Describe how AD RMS works with public key technology.
- Describe how AD RMS works.
- AD RMS Components Overview
- AD RMS Bootstrapping Process
- AD RMS Publishing and Licensing Process
- AD RMS Service Connection Point (SCP)
- AD RMS Topology
- AD RMS Prerequisites
- Installing and Provisioning AD RMS
- Creating an AD RMS Service Account
Module 3: Active Directory Rights Management Clients and Information Rights Management on Desktop ApplicationsAfter completing this module, students will be able to:
- Installing and provisioning AD RMS
This module begins by describing the AD RMS client software, its requirements, and how to deploy it. Next, the module identifies the rights management components on client machines and the bootstrapping process the AD RMS client performs for each user. The module then discusses how Information Rights Management (IRM) is provided in the Microsoft Office system, the XPS format, Window Mobile 6.0, and read-only access in Windows Internet Explorer. The module ends with a discussion of registry keys in AD RMS.Lessons
- Describe how AD RMS works.
- Identify the major components of AD RMS.
- Describe the types of licenses used in the AD RMS process.
- Describe the client-side software and applications required for AD RMS.
- Identify the AD RMS server hardware and software requirements.
- Install and provision an AD RMS server.
- Configure the AD RMS service connection point.
- OS Versions and AD RMS Clients
- Microsoft Office IRM
- XPS IRM
- Rights Management Add-on for Internet Explorer and Rights-managed HTML
- Office Viewers and AD RMS
- Protecting and Consuming AD RMS Protected Documents
- Creating and Consuming AD RMS Content Using Microsoft Office Outlook 2007
Module 4: Rights Policy Templates and the Super Users GroupAfter completing this module, students will be able to:
- Protecting and Consuming Content Using XPS
This module provides an introduction to rights policy templates and the concepts regarding protecting and consuming content that is protected by templates. These templates are used to standardize security policies and protect information according to the latest policy.Lessons
- Describe AD RMS client software and its requirements.
- Deploy the Windows RMS client software in legacy clients.
- Identify the AD RMS components that are installed on client machines.
- Explain how IRM works in Microsoft Office products.
- Describe how the XPS format uses IRM, and how XPS can be used in conjunction with Microsoft Office applications.
- Explain how the Rights Management add-on for Internet Explorer enables users to view restricted files.
- Introduction to Rights Policy Templates
- Creating Rights Policy Templates
- Protecting Content Using Templates
- Consuming Content Protected by Templates
- The Super Users Group
- Creating and Using a Rights Policy Template
- Modifying Existing Templates
- Distribute a Rights Policy Template
Module 5: Information Rights Management on Server ApplicationsAfter completing this module, students will be able to:
- Create AD RMS-protected content using Excel 2007
- Enabling and Testing the Super Users Group
This module shows how AD RMS integrates with server-side applications, that use AD RMS to automatically protect and license content. This module covers the following server products:- Microsoft Office SharePoint Server (MOSS) 2007- Microsoft Exchange Server 2010- AD RMS Bulk Protection Tool + FCILessons
- Describe the features offered in rights policy templates.
- Identify template distribution features in AD RMS.
- Describe the processes for protecting and consuming content protected by rights policy templates.
- Define rights policy templates.
- Assign users and groups to rights policy templates.
- Specify expiration policies in rights policy templates.
- Explain how to retire and back up rights policy templates.
- Microsoft Office SharePoint Server 2007 IRM
- Email Protection in Exchange Server 2007
- New AD RMS Features in Exchange Server 2010
- AD RMS Bulk Protection Tool and File Classification Infrastructure
- Enabling MOSS IRM
- Configuring MOSS IRM on Document Libraries
- Consuming Content using MOSS IRM
- Using OWA without Microsoft Exchange IRM integration
- Configuring Exchange Server 2010 and AD RMS integration
- Implementing and validating Microsoft Exchange Server 2010 and AD RMS integration
- Use Bulk Protection Tool to decrypt protected content
- Use Bulk Protection Tool to Protect content using AD RMS Templates
Module 6: Managing TrustAfter completing this module, students will be able to:
- Set up environment for FCI and AD RMS bulk protection
- Create classification property and rules
- Create file management task to restrict access to low and high business impact information
- Verifying FCI and AD RMS bulk protection functionality
This module discusses the trust architecture in AD RMS, how trusted user domains operate, and the types of trusts that are available—including Active Directory Federation Services (FS).Lessons
- MOSS IRM
- Describe how MOSS works with AD RMS to protect documents stored in MOSS document libraries.
- Identify MOSS functionality.
- Describe MOSS’s logical and physical architecture.
- Describe how IRM works with MOSS to provide information protection.
- Exchange Server 2010
- Explain the new features provided in Exchange 2010 around AD RMS.
- AD RMS Bulk Protection Tool + FCI
- Describe how AD RMS Bulk Protection Tool can be used.
- Describe how FCI can be used.
- Introduction to AD RMS Trust Policies
- Trusted User Domains
- Trusted Publishing Domains
- AD RMS and Active Directory Federation Services
- Windows Live ID Trust
- Export and import the TUD certificate
- Verifying AD RMS Functionality
- Reset Existing AD RMS Trust
After completing this module, students will be able to:
- Configure AD RMS Support for AD FS
- Adding SPN Entries
- Configure AD RMS Applications for Federation
- Configure the AD FS Client
- Verify AD RMS and AD FS Functionality
- Describe the core trust architecture in AD RMS.
- Describe Trusted User Domains and how they work.
- Explain when Trusted Publishing Domains are used and how they work.
- Describe the Active Directory Federation Service and how it works with AD RMS.
- Describe Windows Live ID and how it works.
Before attending this course, students must have:
- Working experience and background knowledge of Windows Server® 2008.
- Basic understanding of Active Directory, IIS, Microsoft® SQL Server®, and Microsoft® Exchange Server technologies.
- Basic knowledge of DNS, general networking, and PKI principles is also suggested.
Looking for training resources, events and advice from peers? Join the Microsoft Training and Certification Community.
Preparing for an exam now? Find your Microsoft Certification Study Group.
Talk to us on these social networks: