Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 7

Chapter 7

1:

Table 7-3. AD RMS Administrative Roles
Administrative RoleDescription
AD RMS Enterprise AdministratorsMembers of this group can manage all AD RMS policies and settings. When you install AD RMS, the user account used for installation and the local Administrators group are added to this group. Best practices stipulate that you should limit membership in this group to those users that need full AD RMS administrative control only.
AD RMS Template AdministratorsMembers of this group can manage rights policy templates. This includes reading cluster information, listing rights policy templates, creating new templates or modifying existing ones, and exporting templates.
AD RMS AuditorsMembers of this group can manage audit logs and reports. They have read-only access to cluster information, logging settings, and available reports on the AD RMS cluster.


2:

Table 7-4. AD FS Role Services
Role ServiceDescription
Federation ServiceComprises one or more federation servers sharing a common trust policy. These servers handle authentication requests from external or Internet-based user accounts. The servers running this service in the resource and account partners are known as the resource federation server and account federation server, respectively.
Federation Service ProxyServes as a proxy to the Federation Service on a perimeter network or demilitarized zone. This service uses WS-Federation Passive Requestor Profile (WS-FPRP) protocols to obtain user credentials from browser clients, and it forwards this information to the Federation Service on their behalf. The servers running this service in the resource and account partners are known as the resource federation proxy and account federation proxy, respectively. This service cannot be installed on the same server that runs the Federation Service.
Claims-aware agentUses a claims-aware application to enable the querying of AD FS security token claims. This is a Microsoft ASP .NET application that uses claims that are present in an AD FS security token to perform authorization decisions and personalize applications. It includes the default.aspx, web.config, and default.aspx.cs files.
Windows token-based agentUsed on a web server that hosts a Windows NT token-based application to support conversion from an AD FS security token to a Windows NT access token by means of Windows-based authorization mechanisms.



  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint