大家好,好久没写文章了,今天接着项目的机会顺便给大家分享一下Windows Server 2012的RMS和Exchange Server 2013的整合配置,主要实现企业内部邮件的安全与禁止转发打印之类的。这对于企业来讲也是非常不错的功能。具体怎么配置呢?跟我看看配置的过程以及最下面的实现效果吧:
我是安装在DC02上的,DC02之前的IIS没有安装也没有配置其他什么服务,而我的证书办法机构在DC01上。
首先安装角色
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273528Fmrp.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273530Kqc8.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273946ETcm.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273952NZQz.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_13732739565dqA.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273961CUfe.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273965QqOD.png"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273968Nh5i.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273973FSWG.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273976rp64.jpg"></a>
创建一个普通的域帐户用于RMS服务帐户,此帐户需要加入RMS服务器本地administrators组
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273980ExzB.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_13732739904nBO.png"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273995GaiR.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373273998cxTv.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274002vwuF.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274007USpE.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274014EzWD.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274017gX2V.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274020afZw.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274024SjMJ.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274027DLzm.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_13732740297bey.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274031wpjj.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274033idDK.jpg"></a>
必须重启服务器
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274037SBTJ.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274043n9Uh.png"></a>
将下图的文件的安装选项卡里添加如下图所示的组,默认都是读取和读取和执行的权限。
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274048tkIO.png"></a>
切换到Exchange服务器的控制台,创建RMS的通讯组。
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274051mvQg.jpg"></a>
选择用户所在的OU里
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_13732740547Fsk.png"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274057P7Xw.jpg"></a>
将RMSuser组里添加如下图所示成员
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274063FrmR.jpg"></a>
启用超级用户
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274065oBaA.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274067Doc8.jpg"></a>
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274069dGLm.png"></a>
再切换到Exchange服务器的exchange powershell,开启此功能
Set-IRMConfiguration -InternalLicensingEnabled $true
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274071Tka5.jpg"></a>
Get-IRMConfiguration
检查是否开启了
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274074ZKz7.jpg"></a>
测试张三用户
测试张三用户全部通过。
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274077R9q9.jpg"></a>
测试一下,登陆到张俊森的邮箱,新建一封邮件并设置权限为不转发
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274080g4TN.jpg"></a>
设置了不转发就会出现下面的提示信息:
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274081AH0T.jpg"></a>
再登陆到张三的邮箱,可以看到此邮件会提示不能转发,完全控制权在张俊森那。
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274083d9Js.jpg"></a>
并且不可以打印此邮件。
<a href="http://rdsrv.blog.51cto.com/attachment/201307/8/2996778_1373274084UJN9.jpg"></a>
新的Windows Server 2012 R2也会在不久的将来发布正式版,到时我会继续给大家续写R2的远程桌面服务系列,敬请大家关注!谢谢!
本文转自 ZJUNSEN 51CTO博客,原文链接:http://blog.51cto.com/rdsrv/1243363,如需转载请自行联系原作者
![“云管边端”协同的边缘计算安全防护解决方案0 引 言1 5G 及边缘计算2 边缘计算面临的风险3 “云管边端”安全防护技术4 “云管边端”安全防护实践5 结 语[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)