1. 在Windows Server 2003中需要安装RMS Client, 而Windows Server 2008中已经包含了RMS client, 不需要安装.
2. 尽管用户可以将IRM-protected的文档上传到SharePoint中, 但是保护能力是内嵌在文档之内的, 不是在存储媒体中. 所以, 如果你与SharePoint集成使用IRM-Protected的文档, 在SharePoint服务器中将会有一些功能受损失. 因为受保护的文档不能被做标记(tagged), 也不能被制作索引. 因为文档的内容是被加密过的, 所以对于SharePoint的服务来说, 内容是不可访问的. 这种情况在AD RMS与SharePoint Server 2007的集成中不会出现, 因为Office SharePoint Server 2007 中的Office Protector component 允许在用户从SharePoint下载文档时, 自动地对文档应用针对用户的IRM policy.
3. 在MOSS中, IRM保护对于存储在文档库中的文档和作为列表项的附件存储的文件都是可用的. 当一个用户试图从文档库下载文件时, MOSS先检查这个用户是否对文档有权限, 然后颁布一个允许使用某种权限访问文件的use license. MOSS然后传给用户一个加了密的, 权限管理了的文件格式.
4. 开启了IRM的SharePoint 文档库, 可以包括如下的保护选项
5. 如下类型的文件可以收到sharepoint默认的保护.
6. 当IRM在文档库中被开启, 那么权限管理会被应用到文档库中的所有文件上. 当IRM在列表中开启, 那么所有列表项的附件会被rms保护起来, 而列表项本身不会被保护.
7. MOSS使用文档库的access control list(ACL)来确定用户下载文件时应用到文档上的权限. 也就是说, 如果一个用户有权限访问文档库, 当MOSS把文件传给用户的时候, 它将这个用户对文档库中所有文件的访问权限附着到这个文档中.
8. MOSS与AD RMS保护集成的典型流.
9. 注意:
If the user used IRM or another means to encrypt the document before uploading it to the database, the encryption is not removed when the document is stored in the database. Consequently, the document cannot be searched or indexed while in the database. Unless there is a need for additional protection beyond what is provided by Office SharePoint Server with AD RMS protection, documents should not be IRM protected or otherwise encrypted before being uploaded to the SharePoint document library or list.
10. 把SharePoint服务器加到AD RMS的certification pipeline的步骤
Log on to the AD RMS server (ADRMS-SRV) as a local administrator.
Click Start, and then click Computer.
Navigate to C:\Inetpub\wwwroot\_wmcs\Certification.
Right-click ServerCertification.asmx, click Properties, and then click the Security tab.
Click Advanced, click Edit, select the Include inheritable permissions from this object's parent check box, and then click OK two times.
Click Edit, and then click Add.
Click Object Types, select the Computers check box, and then click OK.
Type the name of the SharePoint server (CPANDL\SPS-SRV$), and then click OK twice.
Click Add, type the name of the AD RMS server service group (ADRMS-SRV\AD RMS Service Group), and then click OK twice.
Click OK to close the ServerCertification.asmx Properties sheet. By default the Read & Execute and the Read permissions are configured for the computer account object and all other accounts inherited from the parent folder.
Click Start, right-click Command Prompt, click Run as administrator, and then click Continue. Type iisreset, and then press ENTER.
11. 分析MOSS与AD RMS集成中问题的一般步骤.
参考资料:
Event Review: RMS in Windows Server 2008 (Session ITPROADD-401)
http://technet.microsoft.com/en-us/bb899740.aspx
AD RMS Client Requirements
http://technet.microsoft.com/en-us/library/dd772753%28WS.10%29.aspx
AD RMS Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc753531%28WS.10%29.aspx
Deploying Windows Rights Management Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide
Deploying Active Directory Rights Management Services at Microsoft
http://technet.microsoft.com/en-us/library/ee156482.aspx
Integrating AD RMS and SharePoint Server 2007(经典实用)
http://technet.microsoft.com/en-us/library/ee259515%28WS.10%29.aspx