Programming4us
         
 
 
Applications Server

Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 4)

11/30/2010 11:29:43 AM
4. Applying IRM with Transport Rules

Once IRM integration with Exchange Server 2010 has been implemented, the action Rights Protect Message With RMS Template can be selected for a transport rule, as shown in Figure 7. The RMS template selected can be any distributed rights policy template configured on the AD RMS cluster or the Do Not Forward client-side template. IRM protection can be selected as an action for a rule on a Hub Transport server only.

Figure 7. Applying IRM protection via a transport rule


5. Configuring AD RMS for Exchange Server 2010

Before you can use the IRM functionality in Exchange Server 2010, you must configure your AD RMS infrastructure. Your AD RMS cluster must be Windows Server 2008 R2 or Windows Server 2008 SP2 with hotfix 973247, and the AD RMS Service Connection Point (SCP) must be registered in Active Directory. In addition, the AD RMS server certification pipeline must be enabled and access granted to the Active Directory Exchange Servers group; this must be configured on each server in your AD RMS cluster.

Finally, to enable IRM in Outlook Web App, IRM for Exchange Search, transport decryption, or journal report decryption, the Federated Delivery Mailbox must be granted Super Users privileges in the AD RMS cluster. The Federated Delivery Mailbox is a hidden system mailbox that is created by Exchange 2010 Setup; the Active Directory account associated by this mailbox is disabled by default.

5.1. Registering the AD RMS Service Connection Point

You register the SCP for AD RMS by following these steps:

  1. Log on to a server in the AD RMS cluster with an Active Directory account that is a member of the local AD RMS Enterprise Administrators group on the server and a member of the Enterprise Administrators group in Active Directory.

  2. Start the Active Directory Rights Management Services management console from Administrative Tools.

  3. In the Active Directory Rights Management Services management console, right-click the AD RMS cluster in the left-hand pane and select Properties. Click the SCP tab in the properties dialog box, as shown in Figure 8, and then select the Change SCP check box. Click OK to register the SCP and click Yes in the confirmation dialog box to apply the changes and exit the Properties dialog box.

Figure 8. Registering the AD RMS SCP


5.2. Configuring the AD RMS Server Certification Pipeline

Configure the server certification pipeline in AD RMS for Exchange Server 2010 integration by following these steps:

  1. Log on to a server in the AD RMS cluster with an Active Directory account with local administrative privileges.

  2. Click Start, and then click Computer to open Windows Explorer. Navigate to C:\Inetpub\wwwroot\_wmcs\Certification, right-click ServerCertification.asmx, and select Properties to open the Properties dialog box.

  3. In the ServerCertification.asmx Properties dialog box, click the Security tab and then click Advanced. Click Continue on the Permissions tab of the Advanced Security Settings For ServerCertification.asmx dialog box.

  4. In the Advanced Security Settings For ServerCertification.asmx dialog box, select the Include Inheritable Permissions From This Object's Parent check box, as shown in Figure 9, and then click OK twice to apply the change and return to the ServerCertification.asmx Properties dialog box.

    Figure 9. Setting inheritable permissions on ServerCertification.asmx

  5. Back on the Security tab of the ServerCertification.asmx Properties dialog box, select Continue to open the Permissions for ServerCertification.asmx dialog box as shown in Figure 10.

    Figure 10. Granting the Exchange Servers Group Access to ServerCertification.asmx

  6. In the Permissions for ServerCertification.asmx dialog box, click Add and then add the Exchange Server group from Active Directory, granting this group Read and Read & Execute permissions to the file. Apply the changes, and then close all dialog boxes to return to Windows Explorer.

  7. Repeat Steps 1 through 6 on all other servers in the AD RMS cluster.

Other -----------------
- Exchange Server 2010 : Multi-Mailbox Search (part 2) - Performing a Multi-Mailbox Search
- Exchange Server 2010 : Multi-Mailbox Search (part 1) - Litigation Hold
- BizTalk Server 2009 : Consuming WCF services without orchestration
- BizTalk Server 2009 : Consuming WCF services from orchestrations
- BizTalk Server 2009 : Exposing WCF services from schemas
- Active Directory Domain Services 2008: Exclude an Attribute from Directory Service Auditing
- Active Directory Domain Services 2008: Configure Auditing on Object Security Access Control Lists
- Active Directory Domain Services 2008: Disable the Detailed Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Detailed Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Disable the Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Disable the Directory Service Changes Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Directory Service Changes Auditing Subcategory
- Active Directory Domain Services 2008: Disable the Directory Service Access Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Directory Service Access Auditing Subcategory
- Active Directory Domain Services 2008: Retrieve the State of Directory Service Access Auditing Subcategories
- Exchange 2010 : Managing Exchange Recipients (part 4)
- Exchange 2010 : Managing Exchange Recipients (part 3)
- Exchange 2010 : Managing Exchange Recipients (part 2)
- Exchange 2010 : Managing Exchange Recipients (part 1)
 
 
Most View
- Installing Windows Server 2012 and Server Core : Managing and Configuring a Server Core Installation
- Securing Windows 7 : Thwarting Snoops and Crackers (part 1) - First, Some Basic Precautions
- SharePoint 2010 : Managing Security - See What Permissions Are Set (part 1)
- Windows7: Managing Network Connections (part 4) - Finding a Connection’s MAC Address
- SQL Server 2008 R2 : Database Pages (part 2) - Row-Overflow Pages, LOB Data Pages
- Visual Studio Team System 2008 : Web test editor (part 3) - Toolbar properties
- SharePoint 2010 : Virtual Machine Setup and SharePoint Configuration (part 2) - Set Up Your Own VMs on Windows 2008 R2
- Exchange Server 2010 : Designing Upgrade and Coexistence Strategies
- SQL server 2008 : Managing Security - Permissions
- Developing Applications for Windows Phone 7 : What is XAML?
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS