You are on page 1of 51

ADMINISTRACIÓN DE SISTEMAS OPERATIVOS

AVANZADO

LABORATORIO N° 13

Implementación de AD RMS

CODIGO DEL CURSO: C33366

Alumno(s): Nota

Grupo: Ciclo:
Requiere No
Excelente Bueno Puntaje
Criterios de Evaluación (4pts) (3pts)
Mejora Acept.
Logrado
(2pts) (0pts)
Identifica correctamente los requerimientos
para la creación de un dominio con diferentes
sitios.
Prepara correctamente el entorno para la
instalación de AD DS complejo
Instala, configura un dominio con múltiples
sitios.
Redacta correctamente los pasos principales
de la implementación y conclusiones.
Se comunica de manera efectiva, trabaja con
orden, limpieza y puntualidad.

REDES Y COMUNICACIONES DE DATOS


PROGRAMA DE FORMACIÓN REGULAR
Administración de Sistemas Operativos Avanzado

Laboratorio 13: Implementación de AD RMS


Objetivos:
Al finalizar el laboratorio el estudiante será capaz de:
 Instalar y configurar AD RMS
 Configurar plantillas AD RMS
 Implementar directivas AD RMS
 Verificar la implementación de AD RMS

Seguridad:

 Ubicar maletines y/o mochilas en el gabinete al final de aula de Laboratorio o en los casilleros
asignados al estudiante.
 No ingresar con líquidos, ni comida al aula de Laboratorio.
 Al culminar la sesión de laboratorio apagar correctamente la computadora y la pantalla, y ordenar
las sillas utilizadas.

Equipos y Materiales:

 Una computadora con:


 Windows 7 o superior
 VMware Workstation 10+ o VMware Player 7+
 Conexión a la red del laboratorio

 Máquinas virtuales:

 DVD:
 De Windows Server 2012

Guía de Laboratorio Pág. 2


Administración de Sistemas Operativos Avanzado

Procedimiento:
Escenario

Debido a la naturaleza de alta confidencialidad en las investigaciones realizadas en A. Datum, el equipo


de seguridad desea implementar una seguridad adicional para ciertos documentos que el departamento
de investigación crea. El equipo de seguridad está consciente que cualquiera con el acceso de lectura
al documento puede modificar y distribuir los documentos en la forma que ellos deseen. El equipo d
seguridad debería de proveer un nivel extra de protección que persista con el documento aún si este
es movido dentro de la red o fuera de la red.

Como uno de los administradores, necesita planear e implementar una solución AD RMS que proveerá
el nivel de protección requerida por el equipo de seguridad. La solución AD RMS debería proporcionar
muchas opciones diferentes que pueden ser adaptados por una variedad de negocios y requerimientos
de seguridad.

Lab Setup

1. Abrir VMware Workstation y crear un “snapshot” de las máquinas virtuales: LON-DC1, LON-SVR1,
LON-CL1, TREY-DC1 y TREY-CL1.

2. Encender las máquinas virtuales e iniciar sesión con la cuenta Administrador y la contraseña
Pa$$w0rd.

Guía de Laboratorio Pág. 3


Administración de Sistemas Operativos Avanzado

EJERCICIO 1: Instalando y configurando AD RMS

Escenario

El primer paso en la implementación de AD RMS es implementar un servidor en un cluster AD RMS.


Comenzará configurando los registros DNS apropiados y la cuenta para el servicio AD RMS.
Entonces instalará y configurará el primer servidor AD RMS. También deberá habilitar el grupo de
super usuarios AD RMS.

Las principales tareas para este ejercicio son las siguientes:


 Configurar los registros DNS y la cuenta para el servicio AD RMS.
 Instalar y configurar el rol AD RMS
 Configurar el grupo de super usuarios AD RMS

Task 1: Configure DNS and configure an AD RMS service account


1. Sign in to LON-DC1 with the Adatum\Administrator account and the password Pa$$w0rd.
2. In Server Manager, click Tools, and then click Active Directory Administrative Center.
3. Select and then right-click Adatum (local), click New, and then click Organizational Unit.
4. In the Create Organizational Unit dialog box, in the Name text box, type Service Accounts,
and then click OK.
5. Right-click the Service Accounts OU, click New, and then click User.
6. On the Create User dialog box, enter the following details, and then click OK:
 First name: ADRMSSVC
 User UPN logon: ADRMSSVC
 Password: Pa$$w0rd
 Confirm Password: Pa$$w0rd
 Password never expires: Enabled
 User cannot change password: Enabled

Guía de Laboratorio Pág. 4


Administración de Sistemas Operativos Avanzado

7. Right-click the Users container, click New, and then click Group.
8. In the Create Group dialog box, enter the following details, and then click OK:
 Group name: ADRMS_SuperUsers
 E-mail: ADRMS_SuperUsers@adatum.com

9. Right-click the Users container, click New, and then click Group.
10. In the Create Group dialog box, enter the following details, and then click OK.
 Group name: Executives
 E-mail: executives@adatum.com

11. Double-click the Managers OU.

Guía de Laboratorio Pág. 5


Administración de Sistemas Operativos Avanzado

12. Press and hold the Ctrl key, and click the following users:
 Aidan Delaney
 Bill Malone
13. In the tasks pane, click Add to group.
14. In the Select Groups dialog box, type Executives, and then click OK.

15. Close the Active Directory Administrative Center.


16. In Server Manager, click Tools, and then click DNS.
17. In the DNS Manager console, expand LON-DC1, and then expand Forward Lookup Zones.
18. Select and then right-click Adatum.com, and then click New Host (A or AAAA).
19. In the New Host dialog box, enter the following information, and then click Add Host:
 Name: adrms
 IP address: 172.16.0.21

Guía de Laboratorio Pág. 6


Administración de Sistemas Operativos Avanzado

20. Click OK, and then click Done.


21. Close the DNS Manager console.
► Task 2: Install and configure the AD RMS server role
1. Sign in to LON-SVR1 with the Adatum\Administrator account and the password Pa$$w0rd.
2. In the Server Manager, click Manage, and then click Add roles and features.
3. In the Add Roles and Features Wizard, click Next three times.
4. On the Server Roles page, click Active Directory Rights Management Services.

5. In the Add Roles and Features dialog box, click Add Features, and then click Next four times.
6. Click Install, and then click Close.

Guía de Laboratorio Pág. 7


Administración de Sistemas Operativos Avanzado

7. In Server Manager, click the AD RMS node.


8. Next to Configuration required for Active Directory Rights Management Services at LON-
SVR1, click More.
9. On the All Servers Task Details and Notifications page, click Perform Additional
Configuration.
10. In the AD RMS Configuration: LON-SVR1.Adatum.com dialog box, click Next.
11. On the AD RMS Cluster page, click Create a new AD RMS root cluster, and then click Next.
12. On the Configuration Database page, click Use Windows Internal Database on this server,
and then click Next.
13. On the Service Account page, click Specify.
14. In the Windows Security dialog box, enter the following details, click OK, and then click Next:
 Username: ADRMSSVC
 Password: Pa$$w0rd

Guía de Laboratorio Pág. 8


Administración de Sistemas Operativos Avanzado

15. On the Cryptographic Mode page, click Cryptographic Mode 2, and then click Next.
16. On the Cluster Key Storage page, click Use AD RMS centrally managed key storage, and
then click Next.
17. On the Cluster Key Password page, enter the password Pa$$w0rd twice, and then click Next.
18. On the Cluster Web Site page, verify that Default Web Site is selected, and then click Next.
19. On the Cluster Address page, provide the following information, and then click Next:
 Connection Type: Use an unencrypted connection (http://)
 Fully Qualified Domain Name: adrms.adatum.com
 Port: 80 (Note that in production, we would use an encrypted, that is, https connection)

Guía de Laboratorio Pág. 9


Administración de Sistemas Operativos Avanzado

20. On the Licensor Certificate page, type Adatum AD RMS, and then click Next.

Guía de Laboratorio Pág. 10


Administración de Sistemas Operativos Avanzado

21. On the SCP Registration page, click Register the SCP now, and then click Next.
22. Click Install, close All Servers Task Details dialog box and then click Close.

Note: The installation may take several minutes.


23. In the Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
24. In the Internet Information Services (IIS) Manager, expand LON-
SVR1(ADATUM\Administrator)\Sites\Default Web Site, and then click _wmcs.
25. Under /_wmcs Home, In the details pane, in the IIS section, double-click Authentication, click
Anonymous Authentication, and in the Actions pane, click Enable.
26. In the Connections pane, expand _wmcs, and then click licensing.
27. Under /_wmcs/licensing Home, in the details pane, in the IIS section, double-click
Authentication, click Anonymous Authentication, and then in the Actions pane, click Enable.
28. Click to the Start screen, click Administrator, and then click Sign Out.

Note: You must sign out before you can manage AD RMS.

► Task 3: Configure the AD RMS Super Users group


1. Sign in to LON-SVR1 with the Adatum\Administrator account and the password Pa$$w0rd.
2. In Server Manager, click Tools, and then click Active Directory Rights Management Services.
3. In the Active Directory Rights Management Services console, expand the lon-svr1(Local) node,
and then click Security Policies.
4. In the Security Policies area, under Super Users, click Change super user settings.

Guía de Laboratorio Pág. 11


Administración de Sistemas Operativos Avanzado

5. In the Actions pane, click Enable Super Users.

6. In the Super Users area, click Change super user group.


7. In the Super Users dialog box, in the Super user group text box, type
ADRMS_Superusers@adatum.com, and then click OK.

Guía de Laboratorio Pág. 12


Administración de Sistemas Operativos Avanzado

Entregable 1. Capture la pantalla que muestre que el grupo Super User ha sido habilitado.

Guía de Laboratorio Pág. 13


Administración de Sistemas Operativos Avanzado

EJERCICIO 2: Configurando plantillas AD RMS

Escenario

Después de implementar el servidor AD RMS, debe configurar las plantillas de directivas de derechos
y las directivas de exclusión para la organización.

Las principales tareas para este ejercicio son las siguientes:


 Configurar una plantilla de directivas de derechos
 Configurar la distribución de plantillas
 Configurar un directiva de exclusión

► Task 1: Configure a new rights policy template


1. Ensure that you are signed in to LON-SVR1.
2. In the Active Directory Rights Management Services console, click the lon-svr1 (local)\Rights
Policy Templates node.
3. In the Actions pane, click Create Distributed Rights Policy Template.
4. In the Create Distributed Rights Policy Template Wizard, on the Add Template Identification
information page, click Add.
5. On the Add New Template Identification Information page, enter the following information, and
then click Add:
 Language: English (United States)
 Name: ReadOnly
 Description: Read only access. No copy or print

6. Click Next.
7. On the Add User Rights page, click Add.
8. On the Add User or Group page, type executives@adatum.com, and then click OK.

Guía de Laboratorio Pág. 14


Administración de Sistemas Operativos Avanzado

9. When executives@adatum.com is selected, under Rights, click View. Verify that Grant owner
(author) full control right with no expiration is selected, and then click Next.
10. On the Specify Expiration Policy page, choose the following settings, and then click Next:
 Content Expiration: Expires after the following duration (days): 7
 Use license expiration: Expires after the following duration (days): 7

11. On the Specify Extended Policy page, click Require a new use license every time content is
consumed (disable client-side caching), click Next, and then click Finish.

Entregable 2. Capture la pantalla que muestre la plantilla creada.

Guía de Laboratorio Pág. 15


Administración de Sistemas Operativos Avanzado

► Task 2: Configure the rights policy template distribution


1. On LON-SVR1, on the taskbar, click the Windows PowerShell icon.
2. At the Windows PowerShell® prompt, type the following command, and then press Enter:
New-Item c:\rmstemplates -ItemType Directory
3. At the Windows PowerShell prompt, type the following command, and then press Enter:
New-SmbShare -Name RMSTEMPLATES -Path c:\rmstemplates -FullAccess
ADATUM\ADRMSSVC
4. At the Windows PowerShell prompt, type the following command, and then press Enter:
New-Item c:\docshare -ItemType Directory
5. At the Windows PowerShell prompt, type the following command, and then press Enter:
New-SmbShare -Name docshare -Path c:\docshare -FullAccess Everyone

Guía de Laboratorio Pág. 16


Administración de Sistemas Operativos Avanzado

6. To exit Windows PowerShell, type exit.


7. Switch to the Active Directory Rights Management Services console.

Guía de Laboratorio Pág. 17


Administración de Sistemas Operativos Avanzado

8. Click the Rights Policy Templates node, and in the Distributed Rights Policy Templates area,
click Change distributed rights policy templates file location.
9. In the Rights Policy Templates dialog box click Enable export.
10. In the Specify Templates File Location (UNC) text box, type \\LON-SVR1\RMSTEMPLATES,
and then click OK.

11. On the taskbar, click the File Explorer icon.


12. Navigate to the C:\rmstemplates folder, and verify that ReadOnly.xml displays.
13. Close the File Explorer window.

Guía de Laboratorio Pág. 18


Administración de Sistemas Operativos Avanzado

► Task 3: Configure an exclusion policy


1. Switch to the Active Directory Rights Management Services console.
2. Click the Exclusion Policies node, and then click Manage application exclusion list
3. In the Actions pane, click Enable Application Exclusion.
4. In the Actions pane, click Exclude Application.
5. In the Exclude Application dialog box, enter the following information, and then click Finish:
 Application File name: Powerpnt.exe
 Minimum version: 14.0.0.0
 Maximum version: 16.0.0.0

Guía de Laboratorio Pág. 19


Administración de Sistemas Operativos Avanzado

Entregable 3. Capture la pantalla que las exclusiones creadas.

Results: After completing this exercise, you should have configured AD RMS templates.

Guía de Laboratorio Pág. 20


Administración de Sistemas Operativos Avanzado

EJERCICIO 3: Implementación de las directivas de confianza de AD RMS

Escenario

Como parte de la implementación AD RMS, usted necesita asegurarse que la funcionalidad AD RMS
está extendida a la implementación de AD RMS de Trey Research. Configurará las directivas de
confianza requeridas y entonces validar que el contenido compartido entre ambas empresas está
protegido.

Las principales tareas para este ejercicio son las siguientes:


 Exportar la directiva de confianza para usuarios del dominio
 Exportar la directiva de confianza para dominios publicados
 Importar la directiva de usuarios del dominio desde otro dominio
 Importar la directiva de dominios publicados desde otro dominio

► Task 1: Export the Trusted User Domains policy


1. On LON-SVR1, on the taskbar, click the Windows PowerShell icon.
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
New-Item c:\export -ItemType Directory
3. At the Windows PowerShell prompt, type the following command, and then press Enter:
New-SmbShare -Name Export -Path c:\export -FullAccess Everyone

4. Close the Windows PowerShell window.


5. In the Active Directory Rights Management Services console, expand the Trust Policies node,
and then click the Trusted User Domains node.
6. In the Actions pane, click Export Trusted User Domains.
7. In the Export Trusted User Domains As dialog box, navigate to \\LON-SVR1\export, set the file
name to ADATUM-TUD.bin, and then click Save.

Guía de Laboratorio Pág. 21


Administración de Sistemas Operativos Avanzado

8. Sign in to TREY-DC1 with the TREYRESEARCH\Administrator account and the password


Pa$$w0rd.
9. In the Server Manager, click Tools, and then click Active Directory Rights Management
Services.
10. In the Active Directory Rights Management Services console, expand trey-dc1(local), expand
the Trust Policies node, and then click the Trusted User Domains node.
11. In the Actions pane, click Export Trusted User Domains.
12. In the Export Trusted User Domains As dialog box, navigate to \\LON-SVR1\export, set the file
name to TREYRESEARCH-TUD.bin, and then click Save.

Guía de Laboratorio Pág. 22


Administración de Sistemas Operativos Avanzado

13. On TREY-DC1, on the taskbar, click the Windows PowerShell icon.


14. At the Windows PowerShell command prompt, type the following command, and then press
Enter:
Add-DnsServerConditionalForwarderZone -MasterServers 172.16.0.10 -Name
adatum.com
15. Close the Windows PowerShell window.

Guía de Laboratorio Pág. 23


Administración de Sistemas Operativos Avanzado

► Task 2: Export the Trusted Publishing Domains policy


1. Switch to LON-SVR1.
2. In the Active Directory Rights Management Services console, under the Trust Policies node,
click the Trusted Publishing Domains node.
3. In the Actions pane, click Export Trusted Publishing Domains.
4. In the Export Trusted Publishing Domain dialog box, click Save As.
5. In the Export Trusted Publishing Domain File As dialog box, navigate to \\LON-SVR1\export,
set the file name to ADATUM-TPD.xml, and then click Save.

6. In the Export Trusted Publishing Domain dialog box, enter the password Pa$$w0rd twice, and
then click Finish.

Guía de Laboratorio Pág. 24


Administración de Sistemas Operativos Avanzado

7. Switch to TREY-DC1.

Guía de Laboratorio Pág. 25


Administración de Sistemas Operativos Avanzado

8. In the Active Directory Rights Management Services console, under the Trust Policies node,
click the Trusted Publishing Domains node.
9. In the Actions pane, click Export Trusted Publishing Domains.
10. In the Export Trusted Publishing Domain dialog box, click Save As.
11. In the Export Trusted Publishing Domain File As dialog box, navigate to \\LON-SVR1\export,
set the file name to TREYRESEARCH-TPD.xml, and then click Save.

12. In the Export Trusted Publishing Domain dialog box, enter the password Pa$$w0rd twice, and
then click Finish.

Guía de Laboratorio Pág. 26


Administración de Sistemas Operativos Avanzado

► Task 3: Import the Trusted User Domain policy from the partner domain
1. Switch to LON-SVR1.
2. In the Active Directory Rights Management Services console, under the Trust Policies node,
click the Trusted User Domains node.
3. In the Actions pane, click Import Trusted User Domain.
4. In the Import Trusted User Domain dialog box, enter the following details, and then click Finish:
 Trusted user domain file: \\LON-SVR1\Export\TREYRESEARCH-TUD.bin
 Display Name: Trey Research

Guía de Laboratorio Pág. 27


Administración de Sistemas Operativos Avanzado

5. Switch to TREY-DC1.
6. In the Active Directory Rights Management Services console, under the Trust Policies node,
click the Trusted User Domains node.
7. In the Actions pane, click Import Trusted User Domain.
8. In the Import Trusted User Domain dialog box, enter the following details, and then click Finish:
 Trusted user domain file: \\LON-SVR1\Export\ADATUM-TUD.bin
 Display Name: Adatum

Guía de Laboratorio Pág. 28


Administración de Sistemas Operativos Avanzado

Entregable 4. Capture la pantalla que muestre la directiva importada.

Guía de Laboratorio Pág. 29


Administración de Sistemas Operativos Avanzado

► Task 4: Import the Trusted Publishing Domains policy from the partner domain
1. Switch to LON-SVR1.
2. In the Active Directory Rights Management Services console, under the Trust policies node,
click the Trusted Publishing Domains node.
3. In the Actions pane, click Import Trusted Publishing Domain.
4. In the Import Trusted Publishing Domain dialog box, enter the following information, and then
click Finish:
 Trusted publishing domain file: \\LON-SVR1\export\TREYRESEARCH-TPD.xml
 Password: Pa$$w0rd
 Display Name: Trey Research

Guía de Laboratorio Pág. 30


Administración de Sistemas Operativos Avanzado

5. Switch to TREY-DC1.
6. In the Active Directory Rights Management Services console, under the Trust policies node,
click the Trusted Publishing Domains node.
7. In the Actions pane, click Import Trusted Publishing Domain.
8. In the Import Trusted Publishing Domain dialog box, provide the following information, and
then click Finish:
 Trusted publishing domain file: \\LON-SVR1\export\adatum-tpd.xml
 Password: Pa$$w0rd
 Display Name: Adatum

Guía de Laboratorio Pág. 31


Administración de Sistemas Operativos Avanzado

Entregable 5. Capture la pantalla que muestre la directiva importada.

Guía de Laboratorio Pág. 32


Administración de Sistemas Operativos Avanzado

Guía de Laboratorio Pág. 33


Administración de Sistemas Operativos Avanzado

Results: After completing this exercise, you should have implemented the AD RMS trust policies.

Guía de Laboratorio Pág. 34


Administración de Sistemas Operativos Avanzado

EJERCICIO 4: Verificando AD RMS en un cliente

Escenario

Como paso final en la implementación, debe validar que la configuración está trabajando
correctamente.

Las principales tareas para este ejercicio son las siguientes:


 Crear un documento con los derechos protegidos
 Verificar el acceso interno a un contenido protegido
 Abrir el documento protegido como un usuario no autorizado
 Abrir y editar un documento protegido como un usuario no autorizado en Trey Research

Task 1: Create a rights-protected document


1. Sign on to LON-CL1 as Adatum\administrator with a password of Pa$$w0rd.
2. On the Start screen, select the Desktop tile.
3. Click the File Explorer icon.
4. In File Explorer, right-click This PC, and then click Properties.
5. In the System window, in the console tree, click Remote settings.
6. Select the Select Users button.
7. Click the Add button.
8. In the Select Users and Groups, pop-up, in the Enter the object names to select text box, type
Aidan; Bill; Carol, and then click OK three times.

9. On the taskbar, click the Windows start icon.


10. On the Start screen, click Administrator, and then click Sign out.
11. Sign in to LON-CL1 as Adatum\Aidan using the password Pa$$w0rd.
12. On the Start screen, click the Desktop tile.
13. On the taskbar, click the Internet Explorer icon. Close any warnings about add-ons.
14. In Windows® Internet Explorer®, in the Address bar, type http://adrms.adatum.com, and then
click the arrow immediately to the right of the uniform resource locator (URL) text box.

Guía de Laboratorio Pág. 35


Administración de Sistemas Operativos Avanzado

15. Click the Gear icon in the far upper right of Internet Explorer.
16. Select Internet Options.
17. Select the Security tab.
18. In the Select a zone to view or change security settings, click the Local intranet icon, and then
click the Sites button.
19. Click the Advanced button.
20. Click the Add button, click Close, and then click OK twice.

Guía de Laboratorio Pág. 36


Administración de Sistemas Operativos Avanzado

21. Close Internet Explorer.


22. Return to the Start screen.
23. On the Start screen, type Word. In the Results area, click Word 2013.
24. In the First things first dialog box, select the Ask me later radio button, and then click Accept.
In the Office dialog box, click the X in the far upper right.
25. In the Word Recent window, click the Blank document icon. In the Microsoft® Word document,
type the following text:

Guía de Laboratorio Pág. 37


Administración de Sistemas Operativos Avanzado

This document is for executives only, it should not be modified.


26. Click File, click Protect Document, click Restrict Access, and then click Connect to Digital
Rights Management Servers and get templates.

27. A Microsoft Word dialog box informing you it is connecting to the server will display.
28. After the dialog box closes, click Protect Document and Restrict Access, and then click
Restricted Access.
29. In the Permission dialog box, enable Restrict Permission to this document.
30. In the Read text box, type bill@adatum.com, and then click OK.

31. Click Save.


32. In the Save As dialog box, click the Browse icon.
33. In the File name text box, type \\lon-svr1\docshare\ExecutivesOnly.docx, and then click Save.

Guía de Laboratorio Pág. 38


Administración de Sistemas Operativos Avanzado

34. Close Word.


35. Click to the Start screen, click the Aidan Delaney icon, and then click Sign out.
► Task 2: Verify internal access to protected content
1. Sign in to LON-CL1 as Adatum\Bill using the password Pa$$w0rd.
2. On the Start screen, click the Desktop tile.
3. On the taskbar, click the Internet Explorer icon. Close any warnings about add-ons.
4. In the URL text box, type http://adrms.adatum.com, click the arrow immediately to the right of
the URL text box.

Guía de Laboratorio Pág. 39


Administración de Sistemas Operativos Avanzado

5. Click the Gear icon in the far upper right of Internet Explorer.
6. Select Internet Options.
7. Select the Security tab.
8. In the Select a zone to view or change security settings, click the Local intranet icon, and then
click the Sites button.
9. Click the Advanced button.
10. Click the Add button, click Close, and then click OK twice.

Guía de Laboratorio Pág. 40


Administración de Sistemas Operativos Avanzado

11. Close Internet Explorer.


12. On the taskbar, click the File Explorer icon.
13. In the File Explorer window, navigate to \\lon-svr1\docshare.
14. In the docshare folder, double-click the ExecutivesOnly document.

Guía de Laboratorio Pág. 41


Administración de Sistemas Operativos Avanzado

15. In the First things first dialog box, select the Ask me later radio button, and then click Accept.
• In the Office dialog box, click the letter X in the far upper right.

16. When the document opens, verify that you are unable to modify or save the document.
17. Select a line of text in the document.
18. Right-click the text, and verify that you cannot make changes.
19. Click View Permission on the yellow bar, review the permissions, and then click OK.
20. Close Word.
21. Click to the Start screen, click the Bill Malone icon, and then click Sign out.

Entregable 6. Capture la pantalla que muestre los permisos sobre el documento protegido.

Guía de Laboratorio Pág. 42


Administración de Sistemas Operativos Avanzado

► Task 3: Open the rights-protected document as an unauthorized user


1. Sign in to LON-CL1 as Adatum\Carol using the password Pa$$w0rd.
2. On the Start screen, click the Desktop tile.
3. Open Internet Explorer. Close any warnings about add-ons.
4. In the URL text box, type http://adrms.adatum.com, and then click the arrow immediately to the
right of the URL text box.

Guía de Laboratorio Pág. 43


Administración de Sistemas Operativos Avanzado

5. Click the Gear icon in the far upper right of Internet Explorer.
6. Select Internet Options.
7. Select the Security tab.
8. In the Select a zone to view or change security settings, click the Local intranet icon, and then
click the Sites button.
9. Click the Advanced button.
10. Click the Add button, click Close, and then click OK twice.
11. Close Internet Explorer.
12. On the taskbar, click the File Explorer icon.
13. In the File Explorer window, navigate to \\lon-svr1\docshare.
14. In the docshare folder, double-click the Executives Only document.

15. Verify that Carol is unable to open the document. You will receive a message with option to
Change User or request access.

Guía de Laboratorio Pág. 44


Administración de Sistemas Operativos Avanzado

16. Click No.


17. Select Ask me later, click Accept, and then select the X in the far upper right of the Microsoft
Office window.
18. Close Word.
19. Click to the Start screen, click the Carol Troup icon, and then click Sign out.

Entregable 7. Capture la pantalla que muestre el mensaje al acceder al documento protegido.

► Task 4: Open and edit the rights-protected document as an authorized user at Trey Research
1. Sign in to LON-CL1 as Adatum\Aidan using the password Pa$$w0rd.
2. On the Start screen, type Word. In the Results area, click Word 2013.
3. In Word, click Blank document.
4. In the Word document, type the following text:
This document is for Trey Research only, it should not be modified.

5. Click File, click Protect Document, click Restrict Access, and then click Connect to Digital
Rights Management Servers and get templates.
6. In the Permission dialog box, enable Restrict Permission to this document.
7. In the Read text box, type april@treyresearch.net, click OK, click Save, and then click Browse.

Guía de Laboratorio Pág. 45


Administración de Sistemas Operativos Avanzado

8. In the Save As dialog box, save the document to the \\lon-svr1\docshare location as
TreyResearch-Confidential.docx. Close Word.

Guía de Laboratorio Pág. 46


Administración de Sistemas Operativos Avanzado

9. Click to the Start screen, click the Aidan Delaney icon, and then click Sign Out.
10. Sign on to Trey-CL1 as TREYRESEARCH\administrator with a password of Pa$$w0rd.
11. On the Start screen, select the Desktop tile.
12. On the taskbar, click the File Explorer icon
13. In File Explorer, right-click This PC, and then select Properties
14. In the System window, in the console tree, select Remote settings.
15. Select the Select Users button.
16. Click the Add button.
17. In the Select Users and Groups, pop-up, in the Enter the object names to select text box, type
April, and then click OK three times.

18. On the taskbar, click the Windows start icon.


19. On the Start screen, click Administrator, and then click Sign out.
20. Sign in to TREY-CL1 as TREYRESEARCH\APRILwith the password Pa$$w0rd.
21. On the Start screen, select the Desktop tile.
22. On the taskbar, click the Internet Explorer icon. Close any warnings about add-ons.
23. In the URL text box, type http://adrms.treyresearch.net, and then click the arrow immediately to
the right of the URL text box.

Guía de Laboratorio Pág. 47


Administración de Sistemas Operativos Avanzado

24. Click the Gear icon in the far upper right of Internet Explorer.
25. Select Internet Options.
26. Select the Security tab.
27. In the Select a zone to view or change security settings, click the Local intranet icon, and then
click the Sites button.
28. Click the Advanced button.
29. Click the Add button, click Close, and then click OK twice.
30. Close Internet Explorer.
31. On the taskbar, click the File Explorer icon.
32. In the File Explorer window, navigate to \\lon-svr1\docshare.
33. In the Windows Security dialog box, enter the following credentials, and then click OK:
 Username: Adatum\Administrator
 Password: Pa$$w0rd

Guía de Laboratorio Pág. 48


Administración de Sistemas Operativos Avanzado

34. Copy the file TreyResearch-Confidential.docx to the desktop.

35. Open the file TreyResearch-Confidential.docx.


36. In the Active Directory Rights Management Services pop-up, click OK.

Guía de Laboratorio Pág. 49


Administración de Sistemas Operativos Avanzado

37. If the First things first page opens, click the Use recommend settings radio button and then
click Accept.
38. When the document opens, verify that you are unable to modify or save the document.
39. Select a line of text in the document and verify that you cannot make any changes.
40. Right-click the text, and verify that you cannot make changes.
41. Click View Permission, review the permissions, and then click OK.

Entregable 8. Capture la pantalla que muestre el mensaje al acceder al documento protegido.

Results: After completing this exercise, you should have verified that the AD RMS deployment is
successful

Guía de Laboratorio Pág. 50


Administración de Sistemas Operativos Avanzado

► Task 5: To Prepare for the Next Module

1. Volver el estado de las máquinas virtuales al “snapshot” creado antes de iniciar el laboratorio.

Conclusiones:
Indicar las conclusiones que llegó después de los temas tratados de manera práctica en este
laboratorio.

Guía de Laboratorio Pág. 51

You might also like