Creating and Deploying Active Directory Rights Management Services Rights Policy Templates Step-by-Step Guide

About this Guide

This step-by-step guide walks you through the process of creating and deploying Active Directory Rights Management Services (AD RMS) policy templates in a test environment. During this process you create a rights policy template, deploy this template to a client computer running Windows Vista® and Microsoft® Office Word 2007, and verify that the client computer can rights-protect a document by using the newly-created rights policy template.

Once complete, you can use the test lab environment to assess how AD RMS rights policy templates can be created with Windows Server® 2008 and deployed within your organization.

As you complete the steps in this guide, you will:

• Create an AD RMS rights policy template.

• Deploy the rights policy template.

• Verify AD RMS functionality after you complete the configuration.

The goal of an AD RMS deployment is to be able to protect information, no matter where it is moved. Once AD RMS protection is added to a digital file, the protection stays with the file. By default, only the content owner is able to remove the protection from the file. The owner can grant rights to other users to perform actions on the content, such as the ability to view, copy, or print the file.

What This Guide Does Not Provide

This guide does not provide the following:

• This guide assumes that AD RMS is already configured for a test environment. For more information about configuring AD RMS, see Windows Server Active Directory Rights Management Services Step-by-Step Guide.

• Complete technical reference for AD RMS or deploying AD RMS templates within your organization. In a large organization, Systems Management Server (SMS) or Group Policy can provide a way to deploy AD RMS rights policy templates to several workstations at a time.

Deploying AD RMS in a Test Environment

We recommend that you first use the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Microsoft products without accompanying documentation and should be used with discretion as a stand-alone document. Before you start the steps in this guide, you will need to use the steps provided in Windows Server Active Directory Rights Management Services Step-by-Step Guide also in a lab environment. That guide prepares the basic infrastructure for an AD RMS deployment, with an AD RMS cluster, AD RMS Logging database, and domain controller. This step-by-step guide builds on the previous guide, so it is important to complete it before starting this one. On completion of this step-by-step guide, you will have a working AD RMS rights policy template. You can then test and verify AD RMS rights policy template functionality through the simple task of restricting permissions on a Microsoft Office Word 2007 document with the rights policy template created in this guide.

The test environment described in this guide includes three computers connected to a private network and using the following operating systems, applications, and services:

Computer Name	Operating System	Applications and Services
ADRMS-SRV	Windows Server 2008	AD RMS, Internet Information Services (IIS) 7.0, World Wide Web Publishing Service, Message Queuing (also known as MSMQ), and Windows Internal Database
CPANDL-DC	Windows Server 2003 with Service Pack 1 (SP1)	Active Directory®, Domain Name System (DNS)
ADRMS-DB	Windows Server 2003 with SP1	Microsoft SQL Server™ 2005 Standard Edition
ADRMS-CLNT	Windows Vista	Microsoft Office Word 2007 Enterprise Edition

The computers form a private intranet and are connected through a common hub or Layer 2 switch. This configuration can be emulated in a virtual server environment if desired. This step-by-step exercise uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the intranet. The domain controller is named CPANDL-DC for the domain named cpandl.com.

The following figure shows the configuration of the test environment:

Read more »

Document Policy from Windows

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, and is the confidential and proprietary information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the recipient and Microsoft. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2008 Microsoft Corporation. All rights reserved.

Active Directory, Microsoft, MS-DOS, Vista, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

Read more »

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Microsoft Corporation

Published: January 2008

Author: Brian Lich

Editor: Carolyn Eller

Abstract

This step-by-step guide provides instructions for setting up a test environment for creating and deploying Active Directory Rights Management Services (AD RMS) rights policy templates on the Windows Server® 2008 operating system.

Read more »

Sanket and Swapnil Barot

Read more »

Viruses

A virus is a program that gets on your hard drive and deletes programs. One will also lock up files. Some will delete your passwords. Every virus does something different. Some viruses have weird names such as groovier, Jack the Ripper and tequila. The way the viruses are made is through programming computer programs such as COBOL, basic, c, and, Java. You should be careful when you download something from the Internet because it may have a virus. Opening E-mail can also transfer viruses. You should have an antivirus program on your computer. One example of a network antivirus program is LANDesk. Two of the more popular personal programs are McAfee and Norton. One bad virus is Sunday-1 On Sundays; the virus displays the following message:

"Today is Sunday! Why do you work so hard?

All work and no play make you a dull boy!

Come on! Let's go out and have some fun!"

The virus increases infected files by 1636 bytes.

Another example of a virus is Friday The 13^th On Friday the 13th, Jerusalem loads into memory for 30 minutes, after which it deletes any file the user attempts to execute. On other days, Jerusalem slows down the computer system 30 minutes after each infection. It also wipes out an area of the screen, usually called the "black window," or "black box." A bug in the virus can cause .EXE files to be infected repeatedly until they become too large to execute.

So take care of your computer and always have a virus protection program. Always be careful when you open a floppy disk because it might have a virus. When you download anything from the internet always scan

- JMD Computer

Read more »

Back up your computer

It’s an essential task for any computer user, but it’s also pretty intimidating for most. Here’s a simple guide to backing up the data on your computer There are many reasons why you should back up your computer—possibilities of hard disk corruption or crash due to malicious programs or technical faults, accidents such as fires or thefts, and so on. However, for most users, a ‘backup’ is either inessential or too technical. It needn’t be either of these; here are guidelines you could follow to make backing up a routine task.

What to back up

You should back up data that cannot be replaced easily, balancing this with the need to keep backup sizes within reasonable control. If you have hundreds of gigabytes of music, it may not be possible to back up all of it within reasonable costs.

You could decide to back up your work-related files, Internet downloads that you’ve paid for, photographs, music that you’ve purchased from the Internet, any financial records, your Outlook Address Book and so on.

Once you decide what you would like to backup, you can estimate the amount of storage space you would need for this. The estimate should also include the possibility of data growth in future. The amount of storage space you need will help you decide where you would create your backups.

Where to back up

A backup should ideally be created on a separate hard disk or at least a separate hard-disk partition. You could also take backups on Zip drives, CDs or DVDs, or even USB pen drives. Remember that taking backups is a regular task, so you need adequate space for them. If you decide to backup to removable media like CDs or DVDs, remember to buy RW disks, so that you can update your backups by erasing the older ones and burning the new ones.

Another way of taking backups is to do it online. Here, you connect to a website, such as Xdrive, which gives you a backup utility that creates your backup, compresses it, encrypts it, and then transfers it to a third-party location. You can connect to this location to view or update your backups, when your system information or data changes. Online backups have the advantage that your data is stored in two separate locations—you’re PC and a remote location.


CD-RWs and DVD-RWs are relatively inexpensive. Moreover, a CD-RW can store up to 700 MB of data, while a DVD-RW can store a few GB. However, you need to check that your PC comes with the appropriate drive for the media you want to use. Otherwise, you’ll need to invest in the drive as well. Most USB drives can hold up to 2 GB of data and are not too expensive, but due to their small size, are easy to misplace. Zip drives and disks are relatively expensive, but usually come with backup software that helps in taking backups.

How to back up

There are many ways of taking backups. Windows XP and Vista come with backup utilities. In Windows XP, this is available under Start > All Programs > Accessories > System Tools. In Windows Vista, go to Start > Control Panel > System and Maintenance > Back up your computer.

If you don’t have the backup utility in Windows, you can install it from the CD. Apart from the Windows utilities, you can also use any of the numerous free backup utilities that are available online. Only remember to download these from trusted sites, such as download.com.

Backup utilities take you through the process of backing up—choosing what to back up, where to back up, creating the backup, usually with compression so that more data can be stored. You can also create a backup schedule with the utility.

If the data you want to backup is not too large in size, you can create manual backups. Go to the folder that you want to backup, copy it and paste it to the location or disc where you want to create the backup.

You can also create an image of your hard disk by using utilities meant for this, so that your system can be restored to its current state in case of a crash. Several free utilities are available for this as well.

You’ll need to backup regularly, especially those parts of your essential data that change frequently. You can do this manually if the data isn’t too large or use the backup utility all over again.


- JMD Computer

Read more »

Mobile users beware! Hackers are on the prowl

Mumbai: With India adding almost 8 million cell phone subscribers per month - and SMS being the largest-used service - hackers find wishing a great tool to target gullible users.

Rakshita Kolaskar (name changed) was pleasantly surprised to receive a SMS recently, announcing her as the winner of a $3 million (around Rs 12.5 corer) prize from the Shell International Mobile Draw.

The message prompted her to mail her claim and asked her to call an international number. However, when her excitement died, she tried hard to recall if she ever used any Shell product or service, as the SMS stated.

She soon realized that she had never done so. So why was this SMS sent, especially, when a Shell official confirmed that it had not issued any such award?

Welcome to the world of Wishing or voice phishing, wherein hackers are using a combination of voice over internet protocol (VoIP), SMSs and the internet to fool and redirect users into dialing a phone number and collect critical information for financial gain. In Kolaskar's case, both mobile spam and wishing were used.

Phishing-related losses have been estimated at $2.8 billion with a single victim losing $1,244 in 2006, compared with $257 in 2005, according to Gartner.

According to some recent reports, phishing attacks on banks have increased since the beginning of the year.

Globally, the first wishing attack was registered in 2006, but there have been reports that these are increasing. Earlier this year, the FBI's internet Crime Centre said it received multiple reports on different variations of wishing. These attacks against US financial institutes and individual users continue to rise.

Many feel that India is a compelling market for this kind of an attack. With almost 8 million subscribers added per month —and SMS the largest-used service —experts feel this could be the best way to target Indian users.

Rohas Nagpal, president, Asian School of Cyber law, feels that the above is a social engineering attack could be later used for a fraudulent activity or it could also be the first step towards wishing.

Security experts are of the opinion that more than the technology solutions, it is the ease of database availability from the telecom operators that is responsible for this in India. "If you go to Nehru place in New Delhi, you can get a mobile number database for a few thousands of rupees," says a security specialist.

Many feel that laws should be strengthened. Kartik Shahani, regional director, India, McAfee, says: "Everyone knows that databases are sold by network operators. One can also specify the type of database based on a user's ARPU spend. Besides, the rules and regulations on providing database access to other users are very weak in India."

He also believes that if the attack is taking place from the net, then there are solutions that can help users detect the authentic site. But in case of wishing, it becomes difficult.

Howard Schmidt, president and CEO, R&H Security Consulting and a former special advisor for cyberspace security for the White House, had told Business Standard that with the mobile usage increasing, the next wave of security threats will target handhelds.

He said: "Five years from now, the mobile will be used like we use PC and laptops today. So, the attacks will be using the data on the handheld. The problem is that while solutions are available people are not using it."

Niraj Kaushik, country manager, India and Saarc, Trend Micro, cautions that though wishing is still at a nascent stage, very few operators are providing any security solutions that can control spam on mobile handsets.

The Nigerian scam

Phishing is a common phenomenon on the internet. It is a form of internet fraud that aims to steal valuable information such as credit card details, social security numbers, user IDs and passwords for financial gains.

Several top banks in India have reportedly been hit by phishing. A popular email scam is the Nigerian scam.

The email, in this case, is sent by a prominent official from an African country asking the recipient to help him/her in depositing money into a local bank and also offers to share the bounty.

Source: Business standard

JMD Computer

Read more »

Browse safely in a cyber café

Some ways to protect your identity and your data on a public terminal Public computers, like those found in cyber cafés, hold two types of risks. First, you don’t know what programs are installed on the computer; so there’s a very real danger from malicious programs like key loggers or spyware that can capture your keystrokes to figure out passwords and other confidential information or monitor your browsing behavior. Second, over-the-shoulder peeping can enable others to find out your passwords. Moreover, you have to be extremely careful about protecting your privacy on such terminals, since you don’t know who will use the computer after you.

Here are some tips to keep yourself safe while using a computer in a cyber café (or an airport or hotel).

Always log out: While checking mail, instant messaging or using any other service that requires a username and password, remember to click ‘log out’ or ‘sign out’ when you’re done. Simply closing the browser window is not enough, because if somebody uses the same service after you, there are chances of them accessing your account. Also, don’t save your login information through options that allow automatic login. Disable such options before you logon.

Stay with the computer: While you’re browsing, you should not leave the computer unattended for any period of time. If you have to go out, log out and close all browser windows. You can start afresh when you return.

Clear history and temporary files: Internet Explorer saves pages that you’ve visited in the History folder and in Temporary Internet Files. Your passwords may also be stored in the browser if that option has been enabled on the computer that you’ve used. Therefore, before you begin browsing, do the following. Go to Tools > Internet Options in IE. Click the Content tab and then click AutoComplete. If the checkboxes for passwords are selected, deselect them. Click OK twice. After you’ve finished browsing, you should clear the History and Temporary Internet Files folders. For this, go to Tools > Internet Options again. Click the General tab and go to Temporary Internet Files. Click Delete Files and then click Delete Cookies. Then, under History, click Clear History. Wait for the process to finish before leaving the computer.

Avoid online financial transactions: You should ideally avoid online banking, shopping, or other transactions that require you to enter sensitive information like credit card or bank account details. If it is urgent and you have to do it, take the precaution of changing all your passwords as soon as you can. You should change the passwords using a more trusted computer, like at home, at a friend’s place or in office.

Be alert: Stay alert and aware of your surroundings while using a public computer. Snooping over the shoulder is an easy way of getting at your passwords; staying alerts will help you avoid this.

- JMD Computer

Read more »

Bluetooth

Bluetooth is a short range wireless digital communication technology. It was developed as a low cost, low power way of removing many of the data wires between devices. This concept is called a PAN or Personal Area Network.

The Scoop

Bluetooth can remove the wires from your printer allowing your computers or PDA to print directly to it wirelessly. It can remove the wires from your mouse, your joystick, your digital camera and can replace the cradle you drop your PDA into to synchronize your calendar. On an even more personal level, it can remove the wires between your cell phone and a hands-free headset.

Then there is the mobile Internet aspect. Why not push IP over this digital communication channel? Using a digital cell phone with Bluetooth and a Bluetooth PDA, you can wirelessly surf the internet or get your email. Sony even makes a camcorder that will surf the web over a Bluetooth cell phone using Bluetooth.

Networking
here are the facts. Bluetooth has a range of about 30 feet. It also has a maximum throughput of 1.5Mbps. Bluetooth might be good to put in a Web pad to surf the internet, but it's too slow to move good size files between your computers. A typical MP3 file is 3Mb. That would take about 20 seconds or so to move between two Bluetooth devices. In contrast, 802.11b could have moved 5-7 of those files in that time.

What are your opinions about using Bluetooth for networking?

- JMD Computer

Read more »