Shulou(Shulou.com)06/02 Report--

The role of RMS:

RMS:RightsManagement Services- rights management service, which can provide a domain-based encryption operation (such as Word, Excel, Outlook, etc.) for Office-related applications. RMS clients need certificates and licenses to protect the contents of files, and the RMS server is the server responsible for issuing certificates and licenses. End users can build one or more RMS servers according to their own needs in order to improve security, that is, failover and load balancing. If there are multiple RMS, the first RMS server built is the root cluster server. RMS uses a symmetric secret key for encryption.

Build the environment:

The RMS system must be built in a domain environment. The RMS system supports Windows Server 2000, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for ServicePack 3 (SP3). And all users and groups that RMS obtains licenses and publishes must configure an e-mail address in AD (Active Directory).

Database:

RMS system needs to use database server and storage, this database is used to store RMS configuration information and policies and other information. The database supports the Microsoft SQL Server database, or the database built into RMS. If you use a database built into RMS, you can only build one RMS server, and if you want to build a RMS cluster, you still need to use a Microsoft SQL Server database.

Applicable environment:

Finance department (various statements), business department (documents, mail), etc., but not limited to these places, you can use it as long as you want to use it. In addition, for user terminals, it is better to have an operating system above Windows 7. If it is the previous Windows XP, Windows 2000 or Windows Server 2003, you can only go to Microsoft to download the compatible version of the RMS client. Application support: Office 2003 or above (including 2003). Although it is officially said to support Office 2003 to 2010, it is found that the compatibility (stability) of this part of Office support is slightly worse than 2013.

Note:

According to the official information of Microsoft, RMS encryption is irreversible, that is, once the password is lost, the encrypted file can no longer be decrypted, so please keep the password and backup the protected data, and ask the administrator to ensure the availability and stability of the RMS server. However, it does not rule out the possibility that there will be tools or other means to successfully decrypt it.

Click the role "add role", follow the figure below to add Active Directory RightsManagement Services, and then click "add required role Services"

If there is only one (newly installed) RMS server in the domain, select New AD RMS Cluster, and if one RMS server already exists, select join existing AD RMS Cluster below

This interface can configure the database location used by the AD RMS cluster, generally choose the default "use Windows internal database (U) on this server", if you want to build a cluster, you can specify to a dedicated database server, but the database server needs to be built separately and uses SQL Server.

It should be noted in this interface that it is best to use a domain account that does not need to change the password, which will directly affect the normal operation of the AD RMS cluster once the password is changed. If you have assigned a domain account that does not need to change your password for a long time, you must log in to the AD RMS server to install and deploy the RMS using other accounts with corresponding domain administrator privileges when installing the RMS cluster, because it is not allowed to use the account of the current login system as the network ID of the RMS.

This password provides authentication for other RMS servers that want to join the AD RMS cluster

It is recommended to restart the RMS server after installation

Signature of the sword casting team:

[director] Twelve Spring and Autumn period, 3483099@qq.com

[Master] Godao is not green, han169@126.com

[developed by Java] Rain egret, 3436911940q.com; Siqi Junhui, qiangzhang1227@163.com; Little Prince, 545106057Jingq.com; Mountain Patrol, 840260821@qq.com

[VS development] Bean point, 2268800211@qq.com

[system test] asked the earth mirror, 847071279 dust and freedom, 695187655@qq.com

[big data] Desert Oasis, caozhipan@126.com; Zhangsan Province, 570417591@qq.com

[network] Night Lone Star, 11297761@qq.com

[system operation] Sanshi, 261453882 ordinary qq.com; ordinary freak, 591169003@qq.com

[disaster recovery backup] autumn rain, 18568921@qq.com

[security] secrecy, you know.

Original author: autumn Rain

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.