This step-by-step walks you through the process of setting up a working Active Directory Rights Management Services (AD RMS) infrastructure in a test environment. During this process you create an Active Directory® domain, install a database server, install the AD RMS server role, configure the AD RMS cluster, and configure the AD RMS-enabled client computer.

Once complete, you can use the test lab environment to learn about AD RMS technology on Windows Server® 2008 and assess how it might be deployed in your organization.

As you complete the steps in this guide, you will:

• Prepare the AD RMS infrastructure.
  
• Install and configure AD RMS.
  
• Verify AD RMS functionality after you complete the configuration.
  

The goal of an AD RMS deployment is to be able to protect information, no matter where it goes. Once AD RMS protection is added to a digital file, the protection stays with the file. By default, only the content owner is able to remove the protection from the file. The owner grants rights to other users to perform actions on the content, such as the ability to view, copy, or print the file. For more information about the business reasons behind an AD RMS deployment, see the white paper "Windows Rights Management Services: Helping Organizations Safeguard Digital Information from Unauthorized Use" (http://go.microsoft.com/fwlink/?LinkId=64636).

Note
This guide is considered the basic AD RMS step-by-step guide. All other step-by-step guides developed for AD RMS will assume that this guide has been completed first.

What This Guide Does Not Provide

We recommend that you first use the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Windows Server features without additional deployment documentation and should be used with discretion as a stand-alone document.

Upon completion of this step-by-step guide, you will have a working AD RMS infrastructure. You can then test and verify AD RMS functionality as follows:

• Restrict permissions on a Microsoft Office Word 2007 document
  
• Have an authorized user open and work with the document.
  
• Have an unauthorized user attempt to open and work with the document.
  

The test environment described in this guide includes four computers connected to a private network and using the following operating systems, applications, and services:

Computer Name	Operating System	Applications and Services
ADRMS-SRV	Windows Server 2008	AD RMS, Internet Information Services (IIS) 7.0, World Wide Web Publishing Service, and Message Queuing
CPANDL-DC	Windows Server 2008 or Windows Server 2003 with Service Pack 2 (SP2) Note Service Pack 2 for Windows Server 2003 is not required but will be used for the purposes of this guide.	Active Directory, Domain Name System (DNS)
ADRMS-DB	Windows Server 2003 with SP2 Note Service Pack 2 for Windows Server 2003 is not required but will be used for the purposes of this guide.	Microsoft SQL Server® 2005 Standard Edition with Service Pack 2 (SP2) Note Service Pack 2 for SQL Server 2005 Standard Edition is not required but will be used for the purposes of this guide.
ADRMS-CLNT	Windows Vista®	Microsoft Office Word 2007 Enterprise Edition

Note
For more information about the system requirements for installing AD RMS, see http://go.microsoft.com/fwlink/?LinkId=84733.

The computers form a private intranet and are connected through a common hub or Layer 2 switch. This configuration can be emulated in a virtual server environment if desired. This step-by-step exercise uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the intranet. The domain controller is named CPANDL-DC for the domain named cpandl.com. The following figure shows the configuration of the test environment: