Step 5 - Create MachineGPO

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This step explains how to create a Group Policy Object that will be applied to all of our machines in the test environment. The purpose of this GPO is to add the AD RMS URL to the local intranet sites in Internet Explorer. This allows for a more seamless experience for the users as they will not be prompted for credentials when attempting to create or consume protected content.

To create the LocalIntranetMachineGPO

  1. Log on to DC.fabrikam.com as Administrator.

  2. Open the Group Policy Management console. Click Start, point to Administrative Tools, and then click Group Policy Management.

  3. In the Group Policy Management console, expand Forest: fabrikam.com, expand Domains, right-click fabrikam.com, and select Create a GPO in this domain, and Link it here. This will bring up a New GPO dialog box.

  4. In the New GPO box, enter LocalIntranetMachineGPO under Name: and click OK. This will close the dialog box.

  5. On the left, expand fabrikam.com, right-click LocalIntranetMachineGPO and select Edit. This will bring up the Group Policy Management Editor.

  6. In the Group Policy Management Editor, under User Configuration, expand Policies, expand Windows Settings, expand Internet Explorer Maintenance and click Security.

  7. On the right, double-click Security Zones and Content Ratings. This will bring up the Security Zones and Content Ratings box.

  8. On the Security Zones and Content Ratings box, select Import the current security zones and privacy settings radio button.

  9. This will bring up an Internet Explorer Enhanced Security Configuration box. Click Continue to close this box.

  10. On the Security Zones and Content Ratings box, click the Modify Settings button. This will bring up the Internet Properties box.

  11. On the Internet Properties box, click the Security tab, select Local intranet and click the Sites button. This will bring up the Local intranet box.

  12. On the Local intranet box, enter https://rms.fabrikam.com and click Add. Click Close. This will close the second Local intranet box.

Important

This document assumes that, prior to installing AD RMS, a CNAME record called RMS was created and pointed to ADRMS.fabrikam.com.

  1. Click OK to close the Internet Properties box.

  2. Click OK to close the Security Zones and Content Ratings box.