Database instance Installation certificate
Encode Code 128 Code Set A In Visual Studio .NET
Using Barcode drawer for ASP.NET Control to generate, create USS Code 128 image in ASP.NET applications.www.OnBarcode.com
Make Barcode In .NET
Using Barcode creator for ASP.NET Control to generate, create barcode image in ASP.NET applications.www.OnBarcode.com
Cluster key protection DNS configuration
Encode USS Code 128 In C#.NET
Using Barcode encoder for .NET Control to generate, create Code-128 image in VS .NET applications.www.OnBarcode.com
Code 128 Code Set C Creation In .NET Framework
Using Barcode generator for VS .NET Control to generate, create Code 128C image in .NET framework applications.www.OnBarcode.com
Server licensor certificate name AD RMS enabled client Smart card usage
Code-128 Generation In Visual Basic .NET
Using Barcode drawer for VS .NET Control to generate, create Code 128B image in .NET applications.www.OnBarcode.com
Make 1D In .NET
Using Barcode generation for ASP.NET Control to generate, create Linear Barcode image in ASP.NET applications.www.OnBarcode.com
Generate Bar Code In .NET Framework
Using Barcode drawer for ASP.NET Control to generate, create barcode image in ASP.NET applications.www.OnBarcode.com
Printing Bar Code In Visual Studio .NET
Using Barcode creation for ASP.NET Control to generate, create bar code image in ASP.NET applications.www.OnBarcode.com
Making Code 3/9 In .NET
Using Barcode generation for ASP.NET Control to generate, create ANSI/AIM Code 39 image in ASP.NET applications.www.OnBarcode.com
ECC200 Creator In .NET Framework
Using Barcode creation for ASP.NET Control to generate, create ECC200 image in ASP.NET applications.www.OnBarcode.com
Pay attention to the installation prerequisites in Table 16-1 as well as the considerations in Table 16-2. They are complex and, because of this, will certainly appear on the exam.
QR-Code Printer In .NET
Using Barcode maker for ASP.NET Control to generate, create Quick Response Code image in ASP.NET applications.www.OnBarcode.com
Leitcode Generation In Visual Studio .NET
Using Barcode generation for ASP.NET Control to generate, create Leitcode image in ASP.NET applications.www.OnBarcode.com
Denso QR Bar Code Scanner In None
Using Barcode decoder for Software Control to read, scan read, scan image in Software applications.www.OnBarcode.com
USS Code 128 Printer In VB.NET
Using Barcode generation for Visual Studio .NET Control to generate, create USS Code 128 image in .NET applications.www.OnBarcode.com
AD RMS client for Windows XP
Barcode Decoder In .NET
Using Barcode decoder for .NET framework Control to read, scan read, scan image in .NET applications.www.OnBarcode.com
PDF417 Printer In None
Using Barcode printer for Software Control to generate, create PDF-417 2d barcode image in Software applications.www.OnBarcode.com
To obtain the AD RMS client for Windows XP, go to http://www.microsoft.com/downloads/details.aspx FamilyId=02DA5107-2919-414B-A5A3-3102C7447838&displaylang=en.
PDF-417 2d Barcode Encoder In None
Using Barcode generator for Font Control to generate, create PDF417 image in Font applications.www.OnBarcode.com
ANSI/AIM Code 39 Generation In VS .NET
Using Barcode printer for VS .NET Control to generate, create Code 3 of 9 image in .NET framework applications.www.OnBarcode.com
As you can see from Table 16-1, installing AD RMS in a production environment is not a trivial matter.
Printing QR In Java
Using Barcode generation for BIRT Control to generate, create QR image in BIRT applications.www.OnBarcode.com
Code 128B Generator In None
Using Barcode generator for Online Control to generate, create Code-128 image in Online applications.www.OnBarcode.com
Lesson 1: Understanding and Installing Active Directory Rights Management Services
Hardware and software considerations for AD RMS
For more information, see Pre-installation Information for Active Directory Rights Management Services at http://go.microsoft.com/fwlink/ LinkId=84733.
Understanding AD RMS Certificates
Because it encrypts and signs data, AD RMS, like AD CS, relies on certificates and assigns these certificates to the various users in the AD RMS infrastructure. It also uses licenses that are in an Extensible Rights Markup Language (XrML) format. Because these licenses are embedded in the content users create, they are also a form of certificate. Like AD CS, the AD RMS hierarchy forms a chain of trust that validates the certificate or license when it is used. Table 16-3 outlines the various certificates you require in an AD RMS infrastructure.
Table 16-3 AD RMS Certificates
Server licensor certificate The SLC is a self-signed certificate generated during the AD RMS setup (SLC) of the first server in a root cluster. Other members of the root cluster will share this SLC. If you create a licensing-only cluster, it will generate its own SLC and share it with members of its cluster. The default duration for an SLC is 250 years. Rights account certificate RACs are issued to trusted users who have an e-mail-enabled account (RAC) in AD DS. RACs are generated when the user first tries to open rightsprotected content. Standard RACs identify users in relation to their computers and have a duration of 365 days. Temporary RACs do not tie the user to a specific computer and are valid for only 15 minutes. The RAC contains the public key of the user as well as his or her private key. The private key is encrypted with the computer s private key. (See Machine certificate, listed later in this table.) Client licensor certificate After the user has a RAC and launches an AD RMS enabled application, (CLC) the application automatically sends a request for a CLC to the AD RMS cluster. The client computer must be connected for this process to work, but after the CLC is obtained, the user can apply AD RMS policies even offline. Because the CLC is tied to the client s RAC, it is automatically invalidated if the RAC is revoked. The CLC includes the client licensor public key, the client licensor private key that is encrypted by the user s public key, and the AD RMS cluster s public key. The CLC private key is used to encrypt content.
Active Directory Rights Management Services
Table 16-3 AD RMS Certificates
Certificate Machine certificate
Content The first time an AD RMS enabled application is used, a machine certificate is created. The AD RMS client in Windows automatically manages this process with the AD RMS cluster. This certificate creates a lockbox on the computer to correlate the machine certificate with the user s profile. The machine certificate contains the public key for the activated computer. The private key is contained within the lockbox on the computer. The publishing license is created when the user saves content in a rights-protected mode. This license lists which users can use the content and under which conditions as well as the rights each user has to the content. This license includes the symmetric content key for decrypting content as well as the public key of the cluster. The use license is assigned to a user who opens rights-protected content. It is tied to the user s RAC and lists the access rights the user has to the content. If the RAC is not available, the user cannot work with rights-protected content. It contains the symmetric key for decrypting content. This key is encrypted with the public key of the user.