AD RMS Deployment with Microsoft Office SharePoint Server 2007 Step-by-Step Guide

Applies To: Windows Server 2008, Windows Server 2008 R2

About this Guide

This step-by-step guide walks you through the process of deploying Active Directory Rights Management Services (AD RMS) and Microsoft Office SharePoint Server 2007 together in a test environment. Specifically, this guide shows you how to add an Office SharePoint Server 2007 to an existing AD RMS environment.

Important

Windows SharePoint Services 3.0 does not have the Microsoft® Office protector files that are required to automatically rights-protect a document when it is uploaded. You must use Office SharePoint Server 2007 to do this.

This guide assumes that you previously completed the Active Directory Rights Management Services Step-by-Step Guide, and that you have already deployed the following components:

  • One Active Directory domain controller

  • An AD RMS server

  • An AD RMS database server

  • An AD RMS-enabled client

In this guide, you will create a test deployment that includes an Office SharePoint Server 2007 server.

Important

You must install AD RMS and Office SharePoint Server 2007 on separate servers. AD RMS and Office SharePoint Server 2007 cannot be installed on the same server because they require the ability to control the same Web server resources.

Office SharePoint Server 2007 provides an easy way to collaborate on documents by posting them to an Office SharePoint Server 2007 site so that they can be accessed over the corporate network. The goal of integrating an Office SharePoint Server 2007 deployment with an AD RMS infrastructure is to be able to protect documents that are downloaded from the Office SharePoint Server 2007 server by users of any given organization.

Note

Integrating Office SharePoint Server 2007 with AD RMS does not protect the documents while they are on the server. When a document is uploaded to an Office SharePoint Server 2007 site, the server removes all protection until a download request is received by the Office SharePoint Server 2007 server. At this time, the Office SharePoint Server 2007 server applies the appropriate restrictions to the document before it is downloaded to the client computer.

What This Guide Does Not Provide

This guide does not provide the following:

  • An overview of AD RMS. For more information about the advantages that AD RMS can bring to your organization, see https://go.microsoft.com/fwlink/?LinkId=84726.

  • Guidance for setting up and configuring AD RMS in a production environment.

  • Guidance for integrating Office SharePoint Server 2007 with AD RMS in a production environment.

  • Complete technical reference for AD RMS.

  • Complete information about Office SharePoint Server 2007. For more information, see https://go.microsoft.com/fwlink/?LinkId=74460.

Deploying AD RMS in a Test Environment

We recommend that you use the steps provided in the "Windows Server Active Directory Rights Management Services Step-by-Step Guide" before completing the steps in this guide. Step-by-step guides are not necessarily meant to be used to deploy Microsoft products without additional documentation and should be used with discretion as a stand-alone document.

Upon completion of this step-by-step guide, you will have a working AD RMS infrastructure integrated with Office SharePoint Server 2007. You can then test AD RMS and Office SharePoint Server 2007 functionality as follows:

  • Create a Microsoft Office Word 2007 document in the CPANDL domain.

  • Upload this document to the Office SharePoint Server 2007 document library.

  • Have an authorized user in the CPANDL domain open and work with the document.

The test environment described in this guide includes five computers connected to a private network and using a clean installation of the following operating systems, applications, and services:

Computer Name Operating System Applications and Services

CPANDL-DC

Windows Server® 2003 with Service Pack 1 (SP1)

Active Directory, Domain Name System (DNS)

ADRMS-SRV

Windows Server® 2008

AD RMS, Internet Information Services (IIS) 7.0, and Message Queuing

ADRMS-DB

Windows Server 2003 with SP1

Microsoft SQL Server™ 2005 with Service Pack 2 (SP2)

SPS-SRV

Windows Server 2003 R2 Standard Edition.

Office SharePoint Server 2007

ADRMS-CLNT

Windows Vista®

Microsoft Office Word 2007 Enterprise Edition

Note

Before installing and configuring the components in this guide, you should verify that your hardware meets the minimum requirements for AD RMS (https://go.microsoft.com/fwlink/?LinkId=84733).

The computers form a private intranet and are connected through a common hub or Layer 2 switch. This configuration can be emulated in a virtual server environment if desired. This step-by-step exercise uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the intranet. The domain controller is named CPANDL-DC for the domain named cpandl.com. The following figure shows the configuration of the test environment: