How to install Active Directory Rights Management Services

One of the best features of Active Directory in Windows server 2008 is a security tool called Active Directory Rights Management Services (AD RMS). AD RMS allows organizations to secure content such as word documents, excel spread sheets, email’s and even can be integrated in SharePoint. A user would need to be authenticated before they could access the data from any of those content sources. I know this topic has been covered before but I wanted to post the steps from my deployment of AD RMS.

A Windows Server 2008 domain is required before you begin.

On the server you will deploy AD RMS on:

  • Open Server manager
  • Expand Roles
  • Right click and select Add New Roles
  • Click Next
  • Select AD Rights management Services and click next

clip_image001

The following roles will need to be added as well.

  • Click Add Required Role Services.

clip_image002

  • Click Next

You can explore more about AD RMS on the next window by clicking any of the links. When done click next.

clip_image003

Here you have an option to add Identify Federation Support. You can add this now if you will use it or come back in and add it later.

  • Click next when ready.

clip_image004

Now create the new AD RMS Cluster. If you already had AD RMS you would be adding to an existing cluster.

  • Click next to continue.

clip_image005

Now you need to select where to store the AD RMS databases. This can be on an internal windows database or a SQL instance. I typically put mine on a SQL instance. This gives me better control over performance and better ability to backup.

NOTE: you have to click Validate before you are able to click next.

clip_image006

Now you need to specify a domain account that will be AD RMS.

clip_image007

I created a dedicated account for this and use it for RMS only.

  • Select how you want to store the cluster key and click next.

clip_image008

  • Specify a cluster key password and click next.

NOTE: Document this password somewhere.

clip_image009

Now you need to select an IIS website to host your RMS.

  • Select the default site and click next.

clip_image010

Now you need to chose to use SSL or non SSL.

NOTE: The purpose of RMS is security so the best option here is to select SSL. I don’t know why you wouldn’t want that here.

Put in your RMS’s URL. Don’t forget to add the DNS for this if it is not the same as your computer name.

  • Click Validate after inputting the URL.
  • Click next to continue.

clip_image011

You have multiple options here.; you can create a self signed certificate, choose the certificate later or import the certificate now. If one is already loaded on the server It will show up in this window as one to be selected.

  • Select a certificate to use and click next.

clip_image012

  • This will default to the servers name. I change this to RMS. Click next to continue.

clip_image013

  • Register the AD RMS Connection Point in Active Directory. Click next to continue.

clip_image014

  • You will then see a screen with an intro to IIS. Click the links to learn more or click next to move on.

clip_image015

  • On the next screen add any more IIS components that you may need and click next.

NOTE: The required components for AD RMS will automatically be selected for you.

You will then see the confirmation screen. These are all the settings you just went through. I would recommend clicking that link and saving this information.

clip_image016

  • Click Install to finish the deployment.

That is it. The install is pretty straight forward and you should be able to start using RMS protection. There is more to configuring additional functionality and managing RMS. Here are some good resources to get started on this.

http://technet.microsoft.com/en-us/library/cc771627.aspx

(AD RMS Installation Best Practices – http://blogs.msdn.com/b/rms/archive/2010/03/19/ad-rms-installation-best-practices.aspx)

http://technet.microsoft.com/en-us/library/cc771789.aspx

Leave a Comment