untitled - PDF Free Download

Microsoft RMS RMS : Rights Management Service White Paper 2004 7

( Windows Server 2003Active DirectoryIISSQL Server 2000RMS ) 1.RMS Server RMS RMS Server RMS Server RMS Server 2. RMS Server RMS Server 2.1 1 2.1. 2

2.2 RM RM 1 2.2. 2.3 RMS Server Active Director (RMS (SCP)) RMS Server ( : 2 ) 3

2.3. IRM RMS Server URL HKLM Software Microsoft Office 11.0 Common DRM CorpCertificationServer CorpLicenseServer ( URLhttp://www.microsoft.com/office/ork/2003/six/ch20/ColA02.htm) 2.4 4

3. OS Windows Server 2003 Enterprise Edition OS Windows XP Professional SP1a Windows Server 2003 Active Directory 1 1 Windows 2003 Enterprise Edition Windows Network Load Balancing 2 IP 1 1 IP IP RM RM RM Office Professional Enterprise Edition 2003 IRM RMS Server RMS Server URL URL http://corprights URL http://corplicense RMS Server ( ) ( RM RM ) RM ( RM ) 5

SQL Server Active Directory () () RMS Server () Office(IRM) Office(IRM) Hive HKEY_LOCAL_MACHINE Key Software Microsoft Office 11.0 Common DRM Type Reg_sz Entry CorpCertificationServer Value http://<> /_wmcs/certification Hive HKEY_LOCAL_MACHINE Key Software Microsoft Office 11.0 Common DRM Type Reg_sz Entry CorpLicenseServer Value http://<> /_wmcs/licensing Activation RMS Hive HKEY_LOCAL_MACHINE Key Software Microsoft MSDRM ServiceLocation Activation Type Reg_sz Entry () Value http://<> /_wmcs/certification Hive HKEY_LOCAL_MACHINE Key Software Microsoft MSDRM ServiceLocation EnterprisePublishing Type Reg_sz Entry () Value http://< > /_wmcs/ Licensing PC 1 2 6

4. 4.1 RM RMS Active Directory 2 A B RM A B 4.1.1 RM PC RM (1) A PC (2) RM DOACTIVATION=0 PC (msdrmclient.exe) msdrmclient.exe /C:"setup.exe DOACTIVATION=0" (3) PC actmachine.exe /n /p /l RM %SystemRoot% System32 DRM actmachine.exe /n /p c: wrmstemp.cab /l c: wrm.log CAB CAB ( c: wrmstemp.cab) RM %ALLUSERSPROFILE% Application Data Microsoft DRM (4) CAB (5) %SystemRoot% System32 rundll32.exe advpack.dll,launchinfsection secrep.inf,install,,n 7

(1) RM DRMS_Logging_corprights_80 DRMS_Log_Master 4.1. RM (DRMS_Log_Master ) dt_requesttime s_requestpath /_wmcs/certification/activation.asmx s_requesttype ActivationProxy.Activate s_requestuseraddress PC IP s_successoffailure Success (2) PC RM actmachine Success : Machine activated successfully. (3) PC %ALLUSERSPROFILE% Application Data Microsoft DRM CERT-Machine.drm 4.1.2 RM PC RM RM PC B (1) A B PC (2) Office 2003(IRM)RM RM RM 8

4.1 (1) RM DRMS_Logging_corprights_80 DRMS_Log_Master 4.2. RM (DRMS_Log_Master ) dt_requesttime s_requestpath /_wmcs/certification/certification.asmx s_requesttype Certification.Certify s_requestuseraddress PC IP s_authenticatedid s_successoffailure Success (2) PC RM %UserProfile% Local Settings Application Data Microsoft DRM GIC--************.drm (Group ID Certify) RM CLC- -***********.drm Client Licensor Certify (: http://support.microsoft.com/default.aspx?scid=kb;en-us;832950) 9

4.1.3 PC PC B (1) A PC (2) Office 2003(IRM) B (1) PC Office 2003(IRM) Office 2003(IRM) PC %UserProfile% Local Settings Application Data Microsoft DRM CLC--************.drm 10

4.1.4 PC PC B (1) A B PC (2) Office 2003(IRM)(4.1.3 ) B (1) PC Office 2003(IRM) (2) DRMS_Logging_corplicense_80 DRMS_Log_Master 4.3. RM (DRMS_Log_Master ) dt_requesttime s_requestpath /_wmcs/licensing/license.asmx s_requesttype AcquireLicense s_requestuseraddress PC IP s_successoffailure Success 11

4.2 RMS Server PC 4.2.1 (SQL Server) OS/SQL Server 4.2.2 (SQL Server) OS/SQL Server 4.2.3 (SQL Server) RMS(Config ) Config Config RMS Server Config SQL Server Config 12

4.2.4 (SQL Server) RMS(Directory Services ) Directory Services Directory Services RMS Server Directory Services SQL Server Directory Services 4.2.5 (SQL Server) RMS(Logging ) Logging Logging RMS Server RMS Server MSMQ Logging SQL Server Logging 4.2.6 (SQL Server) RMS(Config ) Config Config RMS Server Config SQL Server Config 4.2.7 (SQL Server) RMS(Directory Services ) Directory Services Directory Services RMS Server Directory Services SQL Server Directory Services 13

4.2.8 (SQL Server) RMS(Logging ) Loggin Logging RMS Server RMS Server MSMQ Logging SQL Server Logging 4.2.9 () 1 OS / RMS 1 4.2.10 () OS / RMS 4.2.11 () 1 OS / RMS 1 14

4.2.12 () OS / RMS 4.3 (4.1 ) 4.1.1 RM 4.1.2 RM 4.1.3 4.1.4 ()()( ) 15

5. 5.1 RM RM 5.1.1 RM RM DRMS_Logging_corprights_80 DRMS_Log_Master 5.1. RM (DRMS_Log_Master ) dt_requesttime s_requestpath /_wmcs/certification/activation.asmx s_requesttype ActivationProxy.Activate s_requestuseraddress PC IP s_successoffailure Success 5.2. RM (DRMS_Log_Detail ) UserHostName BatchedRequestIndex 0 IssuedXrMLDocumentI HidXml RM DRMS_Config_corprights_80 UD_Machine 5.2. UD_Machine i_machineid b_pubkeyhash dt_createdate ID RM i_machineid PC OS HWID i_machineid 16

RM % ALLUSERSPROFILE% Application Data Microsoft DRM CERT-Machine.drm 5.1.2 RM RM DRMS_Logging_corprights_80 DRMS_Log_Master 5.3. RM (DRMS_Log_Master ) dt_requesttime s_requestpath /_wmcs/certification/certification.asmx s_requesttype Certification.Certify s_requestuseraddress PC IP s_authenticatedid s_successoffailure Success 5.4. RM (DRMS_Log_Detail ) User@abc.co.jp IssuedXrMLDocumentIsuuerChain ReceivedXrMLDocumentIsuuserChain SID S-1-********** Persistent True 17

ActiveDirecotry RM DRMS_Config_corprights_80 UD_WindowsAuthIdentities,UD_Users 5.2 UD_WindowsAuthIdentities i_userid s_sid ID SID 5.3. UD_Users i_userid b_keydata i_key_datalength b_publickey i_encryptiondbid s_certiicate dt_expiration dt_temporaryexpiration f_modified i_quota i_waitdays dt_lastconsumption dt_createdate ID i_userid Active Directory ID ID OS RAC RM RM ID ID RMS DRMS_Config_corprights_80 UD_UserMachine 5.4. UD_UserMachie i_machineid ID i_userid ID dt_createdate 18

Office 2003IRM RM RM %UserProfile% Local Settings Application Data Microsoft DRM () GIC-User@abc.co.jp -{58c940eb;k650e;k4f50;ka222;kd828601c3cbf}-{0c073db3;ka9bd;k4cd7;kba19;k2aa394d052a8}.drm () CLC- User@abc.co.jp -{6a7a2274;k0150;k4305;k9525;k44f76dfad094}-{e1756b03;k0f7f;k4790;k98a6;kc64fce696257}.drm 19

5.1.3 IRM (RMS ) 5.1.4 IRM 5.2. DRMS_Logging_corplicense_80 DRMS_Log_Master 5.5. (DRMS_Log_Master ) dt_requesttime s_requestpath s_requesttype s_requestuseraddress s_successoffailure /_wmcs/licensing/license.asmx AcquireLicense PC IP Success 5.6. RM (DRMS_Log_Detail ) User@abc.co.jp IssuedXrMLDocumentIsuuerChain ReceivedXrMLDocumentIsuuserChain SID S-1-********** Persistent True 20

5.2 RM RM 5.2.1 RM RM 5.2.2 RM RM 5.2.3 5.2.4 21

5.3 RM RM 5.3.1 1) 2) 5.3.2 1) 2) RMS(Config 5.3.3 RMS(Directory Service 5.3.4 RMS(Logging 5.3.5 () 5.3.6 () 1) 2) 1) RM RM 2) HKCU Software Policies Microsoft Office 11.0 Common DRM requireconnection 22

5.3.1 RMS RMS ( 7 RMS ) Activation ( 8.RM ) ( 12) RM Error: Machine activation failed. Callback returned error code 0x8004cf47 Error: Machine activation failed. Callback returned error code 0x8004cf44 RM ( 9.Office 2003IRM RM ) RM ( 9.Office 2003IRM RM ) ( 10. Office 2003IRM ) ( 11. Office 2003IRM ) RMS 23

5.3.2 RMS(Config ) Config RMS 5.3.1() 5.3.3 RMS(Directory Services ) Directory Services Directory Services Active Directory Active Directory Directory Services Directory Services Directory Services LDAP RMS Server Directory Services Directory Services Directory Services 24

5.3.4 RMS(Logging ) Logging MSMQ MSMQ (:MSMQ http://www.microsoft.com/japan/msdn/msmq/general/resourcemgmtmsmq.asp) RMS ( 13.) - ( MSMQ ) Logging ( 12) Logging RMS Server MSMQ RMS 25

5.3.5 () 1 5.3.6 () RMS 5.3.1() 26

5.4 RM RM 5.4.1 1) 1) 5.4.2 2) 3) 5.4.3 RMS(Config 5.4.4 RMS(Directory Service 5.4.5 RMS(Logging 1) 1) 5.4.6 RMS(Config 2) 3) 5.4.7 RMS(Directory Service 5.4.8 RMS(Logging 5.4.9 () 5.4.10 () 1) 1) 5.4.11 () 5.4.12 () 2) 3) 1) RM RM 2) 3) HKCU Software Policies Microsoft Office 11.0 Common DRM requireconnection 27

5.4.1 RM RM RMS RMS ( 7 RMS ) Activation ( 8.RM ) ( 12) RM Error: Machine activation failed. Callback returned error code 0x8004cf47 Error: Machine activation failed. Callback returned error code 0x8004cf44 RM ( 9.Office 2003IRM RM ) RM ( 9.Office 2003IRM RM ) RM RM RMS 28

5.4.2 RMS RMS ( 7 RMS ) ( 12) ( 10. Office 2003IRM ) ( 11. Office 2003IRM ) RM RM RM RM RMS 29

5.4.3 RMS(Config ) RM RM RMS 5.4.1() 5.4.4 RMS(Directory Services ) Directory Services 5.3.3( RMS(Directory Services ) ) 5.4.5 RMS(Logging ) 5.3.4 ( RMS(Logging ) )) 5.4.6 RMS(Config ) 5.4.2 () )) 5.4.7 RMS(Directory Services ) Directory Services 5.3.3( RMS(Directory Services ) ) 30

5.4.8 RMS(Logging ) 5.3.4 ( RMS(Logging ) )) 5.4.9 () 1 5.4.10 () RM RM RMS 5.4.1() 5.4.11 () 1 5.4.12 () 5.4.2 () )) 31

6. 7. RMS 8.RM 32

9.Office 2003IRM RM 10. Office 2003IRM 11. Office 2003IRM 33

12 13. 34

4.1 4.1.1 RM 4.1.2 RM 4.1.3 4.1.4 4.2 4.2.1 4.2.2 4.2.3 RMS(Config 4.2.4 RMS(Directory Service 4.2.5 RMS(Logging 4.2.6 RMS(Config 4.2.7 RMS(Directory Services 4.2.8 RMS(Logging 4.2.9 () 4.2.10 () 4.2.11 () 35

4.2.12 () 36

"abc.local" abc.co.jp No OS IP Windows Server 2003 Enterprise - ABCDC01 172.16.0.1 Windows Server 2003 Enterprise Exchange 2003 Enterprise ABCEX01 172.16.0.2 IP 172.16.0.30 (1) Windows Server 2003 Enterprise Windows RightManagerment 1.0 ABCRC11 172.16.0.3/172.16.0.31 (2) Windows Server 2003 Enterprise Windows RightManagerment 1.0 ABCRC12 172.16.0.4/172.16.0.32 Windows Server 2003 Enterprise SQL Server 2000 Enterprise ABCDB11 172.16.0.6 IP 192.168.0.130 (1) Windows Server 2003 Enterprise Windows RightManagerment 1.0 ABCRL21 192.168.0.113/192.168.0.131 (2) Windows Server 2003 Enterprise Windows RightManagerment 1.0 ABCRL22 192.168.0.114/192.168.0.132 Windows Server 2003 Enterprise SQL Server 2000 Enterprise ABCDB21 172.16.0.7 37

Router Cisco 1600 172.16.0.254/192.168.0.111 RM (1) Windows XP Professional SP1a Office Professional 2003 ABCCL01 DHCP ".local" xyz.co.jp) Windows Server 2003 Enterprise XYZSV01 10.0.0.1 RM Windows XP Professional SP1a Office Professional 2003 XYZCL01 DHCP Router BLR-TX4 10.0.0.254/192.168.0.110 DNS DNS Windows Server 2003 Enterprise DNS LOCALDNS 192.168.0.112 38

2 39