Export (0) Print
Expand All

Use Windows Live ID to Establish RACs for Users

Updated: March 22, 2011

Applies To: Windows Server 2008

Microsoft provides an account certification service that uses Windows Live ID to establish the rights account certificate (RAC) for the user. If you want users with RACs from that service to be able to obtain use licenses from your Active Directory Rights Management Services (AD RMS) cluster, you need to set up a trusted user domain that accepts user credentials from the account certification service of Microsoft.

To use this feature you must configure Internet Information Services (IIS) to allow anonymous access to the AD RMS licensing service. This step is essential because the licensing service is configured to use Windows Integrated authentication by default. If anonymous access is not set, users with Windows Live ID-based RACs will not be able to acquire licenses.

If necessary, after they are configured, you can exclude users of this service based on their e-mail addresses.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enable anonymous access to the AD RMS licensing service

  1. Log on to a server in the AD RMS cluster.

  2. Open the Internet Information Services (IIS) Manager console and expand the server that is hosting AD RMS.

  3. In the console tree, expand Sites and then expand the Web site on which you have configured AD RMS. By default this is the Default Web site.

  4. In the console tree, expand the _wmcs virtual directory, right-click the licensing virtual directory, and then click Switch to Content View.

  5. In the results pane, right-click license.asmx, and then click Switch to Features View

  6. In the results pane, double-click Authentication to open the Authentication page.

  7. Click Anonymous Authentication and then, under Tasks, click Enabled.

  8. Repeat steps 1-7 for each server in the AD RMS cluster.

Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.

To trust Windows Live ID-based rights account certificates

  1. Log on to a server in the AD RMS cluster.

  2. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

  3. In the console tree, expand Trust Policies, and then click Trusted User Domains.

  4. In the Actions pane, click Trust Windows Live ID. The Windows Live ID certificate appears in the Trusted user domain list in the results pane.

Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.

To specify Windows Live ID sites and services to trust

  1. Log on to a server in the AD RMS cluster.

  2. Open the AD RMS snap-in and expand the AD RMS cluster.

  3. In the console tree, expand Trust Policies, and then click Trusted User Domains.

  4. Select the Windows Live ID certificate in the results pane, and then in the Actions pane, click Properties.

  5. Click the Excluded Windows Live IDs tab.

  6. Type the e-mail domain to be excluded.

  7. Click Add to add the specified object to the exclusion list.

  8. Repeat steps 5–7 for all e-mail domains that should be excluded.

  9. Click OK to apply the exclusion list to the cluster.

Additional references

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft