Active Directory Right Management Services: Installation and Configuration

Prerequisites for AD RMS

The deployment of AD RMS requires several prerequisites at the infrastructure level.

The most important point is the training of users in the use of this service. As we will see following this tutorial, RMS rights are applied by the creator of the document, which makes the user autonomous, unlike a traditional sharing where NTFS security is provided by the IT department.

Prerequisites for deploying AD RMS:

  • An Active Directory environment.
  • For the AD RMS cluster one or more servers that are members of the Active Directory domain, preferably dedicated to this role.
  • In the case of a multiple AD RMS deployment, provide a minimum SQL Server 2008 database. If only one server, it is possible to use the Windows internal database (WID).
  • The server (s) for AD RMS must be a member of the domain.
  • Active Directory users and groups must have an email address in their attribute so that they can be used with AD RMS.
  • Provide a DNS name for the AD RMS cluster:
    • A recording
    • An SSL certificate (Enterprise Certification Authority).
  • Users must with a compatible client to be able to apply and read protected files.
    • Office Pro or Adobe Pro to apply RMS rights.
    • Office or Acrobat Reader to open the file (s).


How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!



Related Posts


Active Directory: trust relationship between two forests / domains
Presentation The trust relationship between two Active Directory drill bits / domains is a trusted link that allows authenticated users to access resources in another domain. An approval relationship may be: Unidirectional: access to resources is onl

DNSSEC: Sign a DNS Zone with Windows Server
Presentation DNSSEC (Domain Name System Security Extensions) is an extension of the DNS protocol that adds security to the DNS protocol by signing the records by a public / private key system. This extension allows the client to verify that the respo

Network share: enable enumeration based on access EBA
Introduction The access-based enumeration allows to display in a network share, only folders and files whose use has at least a right of reading. Other documents and folders will be hidden. Enabling this feature will increase the CPU resource consump