The Scenario
Applies To: Windows Server 2008, Windows Server 2008 R2
Scenario description
Fabrikam, a fictitious company, has a number of file servers that store the company’s documents. These documents may be general documentation or may have a high business impact (HBI). For example, any document that contains Intellectual Property is deemed, by Fabrikam, to have a high business impact. Fabrikam wants to ensure that all their documentation has a minimum amount of protection and that their HBI documentation is restricted to only full time employees.
In order to accomplish this, Fabrikam is exploring using the AD RMS Bulk Protection Tool in conjunction with File Classification Infrastructure (FCI) available in Windows Server 2008 R2. Using FCI, Fabrikam will classify all of the documents on their file server based on the content and then use the AD RMS Bulk Protection Tool to apply the appropriate rights policy. Fabrikam has set up a test environment to evaluate these functions.
The testing environment
The scenario outlined in this document has been developed and tested on two stand-alone computers running the 64-bit editions of the Windows Server® 2008 R2 operating system and Hyper-V. The servers have two 3.0 gigahertz (GHz) dual core processors and 8 gigabytes (GB) of RAM each. Using Hyper-V, the following seven virtual machines were created on the hosts.
Table 1 Virtual Machines and Roles
Computer Name | Forest | Operating System | Memory | Applications and Services | IP Address |
---|---|---|---|---|---|
DC |
fabrikam.com |
Windows Server 2008 x64 SP2 |
512 |
Active Directory, DNS, Certification Authority |
192.168.100.100 |
EX |
fabrikam.net |
Windows Server 2008 x64 SP2 |
2048 |
Exchange 2007, IIS 7.0. |
192.168.100.101 |
ADRMS |
fabrikam.com |
Windows Server® 2008 R2 x64 |
1024 |
AD RMS, SQL Server 2008 SP1, IIS 7.0 |
192.168.100.102 |
FCI |
fabrikam.com |
Windows Server® 2008 R2 x64 |
1024 |
File Classification Infrastructure |
192.168.100.103 |
CLT1 |
fabrikam.com |
Windows 7 Enterprise x86 |
1024 |
Microsoft Office Word 2007 Enterprise Edition SP2 |
192.168.100.104 |
CLT2 |
fabrikam.com |
Windows 7 Enterprise x86 |
1024 |
192.168.100.105 |
Hyper-V is not a requirement to complete the steps outlined later. These steps can be implemented on physical computers as long as they reflect the same roles as the preceding table.
Required Groups
The following table summarizes the universal groups used in this step-by-step guide.
Table 2 Group Summary
Group Name | Group Scope | Group Type |
---|---|---|
All Staff |
Universal |
Security |
All FTE |
Universal |
Security |
All Contractors |
Universal |
Security |
Required accounts
The following table summarizes the accounts that are used in this step-by-step guide.
Table 3 Required Accounts
Account | Display name | Forest | Group Membership | Password | Description |
---|---|---|---|---|---|
bsimon |
Britta Simon |
fabrikam.com |
All FTE |
Pass1word$ |
User account. |
ljacobson |
Lola Jacobson |
fabrikam.net |
All Contractors |
Pass1word$ |
User account. |