Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

RMS Configuration Requirements for Security Sheriff

« Go Back

Information

 
Article Number000003484
Article

Prepare AD Active Directory Rights Management Services Installation

1.Create an AD RMS Service Account: DOMAIN\AdRmsSrvc
a.set an email address (AdRmsSrvc@domain.com)
b.No additional permissions required
2.Create an AD RMS Administrators group in AD (domain\AD RMS Enterprise Administrators)
a.Add your account to that group
3.Ensure that the account that will install AD RMS  has an email address set to it
4.Install a Certificate for the RMS server in IIS to be able to use SSL communication
for the domain name that is to be used I.e myrmsserver.domain.local
The procedure is out of scope for this document

Configure Active Directory Rights Management Service

Installing Active Directory Rights Management Service

1.Install windows 2012 R2
2.Add the server to the domain
3.Install all windows updates
4.Add the role Active Directory Rights Management Servicers.
This can be done with the PowerShell command:
Install-WindowsFeature ADRMS-Server
Install-WindowsFeature RSAT-ADRMS

Configure Active Directory Rights Management service

1.Start the post-deployment wizard from Server Manager notification popup
User-added image
2.Follow the Active Directory Rights Management Services configuration wizard
User-added image
3.Choose Create a new AD RMS root Cluster
User-added image
4.Choose your SQL Server instance
User-added image


5.Specify your AD RMS Service account (domain\ADRMSSRVC)
User-added image
6.Choose Cryptographic mode 2
User-added image
7.Choose Use AD RMS Centrally managed key storage
User-added image
8.Type in a Cluster Key Password for RMS
User-added image
9.Choose what IIS Web site to use for RMS
User-added image
10.Type in the DNS name for the RMS Server
User-added image
  1. If you want to use a self-signed certificate for test platforms choose Create a self-signed certificate for SSL encryption. (For test installations)
    If you have a certificate already installed on the RMS server choose Choose an existing Certificate for SSL Encryption  (for production installations)

    For Test installations
    User-added image
    For Production servers
    User-added image
12.Name the AD RMS Licensor Certificate Self signed Certificate
 User-added image
13.Register the SCP in AD
User-added image
14.Review the install configuration
User-added image
15.Wait for the configuration to complete
User-added image
16.Installation of AD RMS now completed before you can use the Management tool you have to logout and login to the server again
User-added image

 

Assign RMS server permissions

1.Add the Domin\AD RMS Enterprise Administrators to the Local Group AD RMS Enterprise Administrators on the RMS Server (to ease administration of RMS Admins)
2.Restart the RMS Server to make sure all configurations are updated

Install the Self-signed certificate on the RMS server

This section is only needed if self-signed certificate was selected.

1.Open Active Directory Rights Management Services tool.
2.Choose View Certificate
User-added image
3.Click on install Certificate
User-added image
4.Choose Local Machine
User-added image
5.Choose Trusted Root Certificate Authorities
User-added image
6.Review and click finish
User-added image

Export the Self-signed Certificate

This is only needed in case a self-signed Certificate is used
1.Open IIS manager->Select the server->Server Certificates
User-added image
2.Select Export
User-added image
3.Click OK export the certificate

Import the Self-signed Certificate

Import the exported self-signed certificate it into The Trusted Root Certification Authorities on all computers that are to communicate with the RMS Server (server & clients).
This is only needed in case a Self-signed Certificate is used.

1.Copy the exported certificate from the RMS server
2.Right Click on the Exported Certificate and choose install PFX
User-added image
3.Select Local Machine
User-added image
4.Click on next
User-added image
5.Type in the Password and mark it as exportable
User-added image
6.Select Trusted Root Certification Authorities
User-added image
7.Review and finish
User-added image
8.Import Completed
User-added image
Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255