Programming4us
         
 
 
Applications Server

Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 4)

11/30/2010 11:29:43 AM
4. Applying IRM with Transport Rules

Once IRM integration with Exchange Server 2010 has been implemented, the action Rights Protect Message With RMS Template can be selected for a transport rule, as shown in Figure 7. The RMS template selected can be any distributed rights policy template configured on the AD RMS cluster or the Do Not Forward client-side template. IRM protection can be selected as an action for a rule on a Hub Transport server only.

Figure 7. Applying IRM protection via a transport rule


5. Configuring AD RMS for Exchange Server 2010

Before you can use the IRM functionality in Exchange Server 2010, you must configure your AD RMS infrastructure. Your AD RMS cluster must be Windows Server 2008 R2 or Windows Server 2008 SP2 with hotfix 973247, and the AD RMS Service Connection Point (SCP) must be registered in Active Directory. In addition, the AD RMS server certification pipeline must be enabled and access granted to the Active Directory Exchange Servers group; this must be configured on each server in your AD RMS cluster.

Finally, to enable IRM in Outlook Web App, IRM for Exchange Search, transport decryption, or journal report decryption, the Federated Delivery Mailbox must be granted Super Users privileges in the AD RMS cluster. The Federated Delivery Mailbox is a hidden system mailbox that is created by Exchange 2010 Setup; the Active Directory account associated by this mailbox is disabled by default.

5.1. Registering the AD RMS Service Connection Point

You register the SCP for AD RMS by following these steps:

  1. Log on to a server in the AD RMS cluster with an Active Directory account that is a member of the local AD RMS Enterprise Administrators group on the server and a member of the Enterprise Administrators group in Active Directory.

  2. Start the Active Directory Rights Management Services management console from Administrative Tools.

  3. In the Active Directory Rights Management Services management console, right-click the AD RMS cluster in the left-hand pane and select Properties. Click the SCP tab in the properties dialog box, as shown in Figure 8, and then select the Change SCP check box. Click OK to register the SCP and click Yes in the confirmation dialog box to apply the changes and exit the Properties dialog box.

Figure 8. Registering the AD RMS SCP


5.2. Configuring the AD RMS Server Certification Pipeline

Configure the server certification pipeline in AD RMS for Exchange Server 2010 integration by following these steps:

  1. Log on to a server in the AD RMS cluster with an Active Directory account with local administrative privileges.

  2. Click Start, and then click Computer to open Windows Explorer. Navigate to C:\Inetpub\wwwroot\_wmcs\Certification, right-click ServerCertification.asmx, and select Properties to open the Properties dialog box.

  3. In the ServerCertification.asmx Properties dialog box, click the Security tab and then click Advanced. Click Continue on the Permissions tab of the Advanced Security Settings For ServerCertification.asmx dialog box.

  4. In the Advanced Security Settings For ServerCertification.asmx dialog box, select the Include Inheritable Permissions From This Object's Parent check box, as shown in Figure 9, and then click OK twice to apply the change and return to the ServerCertification.asmx Properties dialog box.

    Figure 9. Setting inheritable permissions on ServerCertification.asmx

  5. Back on the Security tab of the ServerCertification.asmx Properties dialog box, select Continue to open the Permissions for ServerCertification.asmx dialog box as shown in Figure 10.

    Figure 10. Granting the Exchange Servers Group Access to ServerCertification.asmx

  6. In the Permissions for ServerCertification.asmx dialog box, click Add and then add the Exchange Server group from Active Directory, granting this group Read and Read & Execute permissions to the file. Apply the changes, and then close all dialog boxes to return to Windows Explorer.

  7. Repeat Steps 1 through 6 on all other servers in the AD RMS cluster.

Other -----------------
- Exchange Server 2010 : Multi-Mailbox Search (part 2) - Performing a Multi-Mailbox Search
- Exchange Server 2010 : Multi-Mailbox Search (part 1) - Litigation Hold
- BizTalk Server 2009 : Consuming WCF services without orchestration
- BizTalk Server 2009 : Consuming WCF services from orchestrations
- BizTalk Server 2009 : Exposing WCF services from schemas
- Active Directory Domain Services 2008: Exclude an Attribute from Directory Service Auditing
- Active Directory Domain Services 2008: Configure Auditing on Object Security Access Control Lists
- Active Directory Domain Services 2008: Disable the Detailed Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Detailed Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Disable the Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Disable the Directory Service Changes Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Directory Service Changes Auditing Subcategory
- Active Directory Domain Services 2008: Disable the Directory Service Access Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Directory Service Access Auditing Subcategory
- Active Directory Domain Services 2008: Retrieve the State of Directory Service Access Auditing Subcategories
- Exchange 2010 : Managing Exchange Recipients (part 4)
- Exchange 2010 : Managing Exchange Recipients (part 3)
- Exchange 2010 : Managing Exchange Recipients (part 2)
- Exchange 2010 : Managing Exchange Recipients (part 1)
 
 
Most View
- .NET Components : Serialization and Class Hierarchies (part 2) - Manual Base-Class Serialization
- Sharepoint 2007 : Associate a Workflow with a List or Library
- Windows Server 2008 : Controlling Access to Web Services (part 10) - Configuring .NET Trust Levels
- iPad SDK : Outputting to an External Screen
- Windows Phone 7 : Using the Touch Screen (part 6) - Initiating Object Motion
- Windows Azure: Building a Secure Backup System (part 6) - Uploading Efficiently Using Blocks
- Windows Phone 7 : Silencing Your Phone
- Developing for Windows Phone and Xbox Live : Multiplayer Games (part 5) - Searching for an Available Network Session
- SharePoint 2010 : Add a Web Part
- Sharepoint 2010 : Change or Remove a Column in a List or Document Library
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS