Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
42 Cards in this Set
- Front
- Back
This cmdlet installs the AD RMS server role and, if necessary, any features required by AD RMS. Before running this cmdlet, prepare the server by setting properties on containers in the deployment provider namespace. You can also use this cmdlet to install federated identity support on an existing cluster. |
Install-ADRMS |
|
This cmdlet removes the AD RMS server role. You can also use this cmdlet to remove identity federation support from a cluster. |
Uninstall-ADRMS |
|
This cmdlet upgrades the AD RMS server role following an upgrade of the operating system to Windows Server 2008 R2. You can use the What If parameter to view the actions that would be taken by the cmdlet without changing the system. |
Update-ADRMS |
|
Exports all report definition (.rdl) files for this version of Active Directory Rights Management Services (AD RMS). |
Export-RmsReportDefinitionLanguage |
|
Exports a trusted publishing domain (TPD) in Active Directory Rights Management Services (AD RMS) to a file. |
Export-RmsTPD |
|
Exports a trusted user domain (TUD) in Active Directory Rights Management Services (AD RMS) to a file. |
Export-RmsTUD |
|
Generates a report containing information about the certificate chain of a particular user request for the Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsCertChain |
|
Generates a report containing information about a particular certificate used in a user request for the Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsCertInfo |
|
Returns all child certificates from a parent certificate used in a user request for the Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsChildCert |
|
Returns use-license information from an issuance license used in a user request for the Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsEncryptedIL |
|
Generates a report containing information about a particular user request for the Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsRequestInfo |
|
Gets service account credentials for an Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsSvcAccount |
|
Generates a system health report of the Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsSystemHealthReport |
|
Generates a user requests statistical report for the Active Directory Rights Management Services (AD RMS) cluster. |
Get-RmsUserRequestReport |
|
Imports a trusted publishing domain (TPD) from a file in Active Directory Rights Management Services (AD RMS). |
Import-RmsTPD |
|
Imports a trusted user domain (TUDs) from a file in Active Directory Rights Management Services (AD RMS) or specifies to trust Windows Live IDs. |
Import-RmsTUD |
|
Sets the service account for an Active Directory Rights Management Services (AD RMS) cluster. |
Set-RmsSvcAccount |
|
Updates the Active Directory Rights Management Services (AD RMS) cluster information. |
Update-RmsCluster |
|
is a technology that allows the assignment of pre-configured rights templates to documents and email messages. |
AD RMS ; We can apply a template to a document, so that they can open it, but are unable to copy, print, edit, or save, If our organization has deployed Exchange ; forwarded, copied, saved ,printed, or replied to |
|
Is the first thing you deploy in AD RMS, and is responsible for managing all of the AD RMS licensing and certificate traffic for the forest in which it is installed |
Root Cluster, no relation to failover clustering or NLB; and we should only have one per forest, and if we have multiple forests, then deploy multiple AD RMS root clusters. |
|
After we have deployed a root cluster we can configure _______, which distribute licenses that clients use to consume and publish content |
Licensing-only clusters |
|
What are the steps in installing AD RMS? |
#1."Specify the database that AD RMS will use to store the configuration information." -We use a Sequel Server(2008 + preferred) instance or WID, #2."Specify a Service Account"-should be a domain account and preferably a gMSA #3.Choose a Cryptographic Mode-Either Mode 2(more secure) RSA 2048 and Sha256 hashes or RSA 1024 and Sha1 hashes #4.Specify Cluster Key Storage,Password, and Cluster Address #5.Specify a "licensor certificate name" #6.Register SCP in AD |
|
this determines where the cluster key is stored, the default is to have the key stored in AD RMS, we can also use a CSP (Cryptographic Service Provider) , but we will have to perform manual key distribution when adding additional AD RMS servers. |
Cluster Key Storage |
|
What is the best practice when inputting the cluster address |
This is the website in FQDN format hosted on the ADRMS server, and it is best to configure a SSL certificate with the FQDN of the AD RMS server. *The cluster address and port can't be altered after deployment |
|
What is a SCP, and what does it do in AD RMS? |
enables domain members to locate the AD RMS cluster automatically. *User account must me a member of Ent Admins group to register a SCP. |
|
AD RMS certificates and licenses. AD RMS uses four specific types of certificates. What is the Function of #1. "SERVER LICENSOR CERTIFICATE" (SLC) |
#1. The SLC- is created when you install AD RMS role on the first server in the AD RMS cluster and is used to issue: *A. SLCs to additional servers that join the cluster *B. Rights account certificates *C. Client Licensor certificates *D. Publishing LIcenses *E. Use licenses *F. Rights Policy Templates |
|
AD RMS certificates and licenses. AD RMS uses four specific types of certificates. What is the Function of: #2. AD RMS Machine Certificates |
this certificate identifies a trusted device. The machine certificate public encrypts rights account certificate private keys, and the machine certificate private keys decrypts rights account certificates. |
|
AD RMS certificates and licenses. AD RMS uses four specific types of certificates. What is the Function of #3. Rights Account Certificate (RAC) |
this certificate identifies a user, AD RMS can only issue RACs to AD DS users whose user accounts are configured with an email address. |
|
AD RMS certificates and licenses. AD RMS uses four specific types of certificates. What is the Function of #4. Client Licensor Certificate (CLC) |
this certificate allows the publication of AD RMS protected content to computers that are not able to connect directly to the AD RMS cluster. These certificates are tied to the RAC |
|
ADRMS has two license types. What are those? |
#1. Publishing License-determines the rights that apply to AD RMS content. The license contains the content key and the URL and digital signature of the AD RMS server. #2. The end-user license allows a user to access AD RMS-protected content. An end user license is issued per document, and are cached by default but can be disabled. |
|
these enable us to apply rights policies to documents; allows an author to apply a template to an email message or a create document |
Rights Policy Templates ; it is also possible to use FSRM to automatically apply templates to documents based on the properties of those documents containing a specific text string. |
|
these settings enable us to have content expire either on a certain date or after a certain number of days. |
Content Expiration; *Additional settings allow us configure the "use license expiration"-allows us to configure how often a user must connect to the AD RMS cluster to obtain a new license to access the content |
|
Enable you to configure whether AD RMS content can be viewed using a browser add-on and whether a new license must be obtained each time content is consumed |
Extended Policy Settings |
|
What are the three local groups on an AD RMS server that you can add users to when you want to assign privileges to them with AD RMS? |
#1. AD RMS Enterprise Administrators #2. AD RMS Template Administrators #3. AD RMS Auditors |
|
Members of this group can perfrom any task within the AD RMS, including enabling the AD RMS Super Users group |
AD RMS Enterprise Administrators |
|
Users that are members of this group are able to configure and manage AD RMS templates. |
AD RMS Template Admihistrators |
|
Users that are members of this group are not able to make modifications to AD RMS server settings and templates, but they are able to view the properties of the server and template |
AD RMS Auditors |
|
this is a special group, that we can configure and enable on the AD RMS server, that have full owner rights over all "use licenses" issued by the AD RMS cluster. |
Super User groups; they are able to: #1.Recover Expired Content #2. Recover content when a template is deleted. #3. Recover content without requiring author credentials *This group must have an associated email address |
|
enable us to configure an AD RMS cluster to manage requests for CLCs for users that have been issued RACs from a different AD RMS cluster |
Trusted User Domains (TUDs) ; If an organization has two separate forest and each has its own AD RMS deployment, we configure this, so clients from one forest can issue CLCs to clients with RACs issued by another forests. |
|
allows the AD RMS cluster in one forest to issue end user licenses to content published with licenses issued by an AD RMS cluster in another forest. |
TPD (Trusted Publishing Domains) ;* We must export the TPD file and have it imported by the partner AD RMS cluster, so the partner forest is able to issue end user licenses to local AD RMS clients. |
|
enable you to deny specific entities the ability to interact with AD RMS |
Exclusion Policies #1.User #2.Application #3.Lockbox- can exclued specific client OS |
|
How do we apply AD RMS templates automatically? |
#1. Create a new file management task #2. Set the scope of the task to the folders that host the files to which we want to apply the template metadata #3. Specify the conditon: Expression based rule use to detect/recognize the files to which we want to apply the template metadata. #4. Specify RMS Encryption on the "Action" tab #5. Specify how often the task should run on the Schedule tab. |