If you control access to resources outside of the local forest by a Web proxy server, you might need to configure AD RMS to use the proxy in some scenarios. Situations that require this are the following:
- You are supporting Microsoft Rights
Management Services (RMS) version 1.0 clients in your organization
that do not have Internet connectivity.
RMS version 1.0 clients must be activated by Microsoft over the Internet prior to the first use. The RMS version 1.0 clients attempts to have the AD RMS cluster proxy the activation request, but if the AD RMS cluster does not respond, the client then tries to obtain the credentials directly through an Internet connection on the local computer, if one is available. In RMS with Service Pack 1 (SP1) and later, AD RMS client computer activation over the Internet is no longer required.
- You are trusting rights account certificates
(RACs) from Windows Live ID users.
When you select to trust Windows Live ID sites and services as one of your trusted user domains, the AD RMS cluster needs to be able to validate the user against Windows Live ID sites and services.
- You have multiple forests in your
organization that are separated by a Web proxy server and you have
established trusts across those forests.
This is similar to the scenario with Windows Live ID in that the registry of user accounts that the AD RMS cluster must validate against is behind the Web proxy server.
If your AD RMS cluster does not need to negotiate a connection through a proxy server, you do not need to configure these settings. If the proxy server authenticates users before allowing outbound access, you must provide a user account that AD RMS can use when challenged for credentials by the proxy server.
Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.
To change the AD RMS Proxy settings |
-
Open the Active Directory Rights Management Services console, right-click the AD RMS cluster, and then click Properties.
-
Click the Proxy Settings tab, and then select the This cluster uses a proxy server to access external networks box.
-
In the Address box, type the IP address or DNS name of the proxy server that you want to use.
-
In the Port box, type the port number that the proxy server uses to connect to the Internet.
-
If you do not use the proxy server to connect to local resources, select the Bypass proxy server for local addresses check box.
-
If you have addresses that should not be using the proxy server at all, type them in the Do not use proxy server for address beginning with box.
-
If appropriate, select the This proxy server requires authentication check box.
- In Authentication type, choose the
appropriate authentication type from the list: Basic,
Digest, or Integrated Windows.
- In the User name box, type the user
name that should be supplied in response to the challenge from the
proxy server.
- In the Password and Confirm
password boxes, type the password that should be supplied in
response to the challenge from the proxy server.
- If your proxy server uses Integrated Windows
authentication, in the Domain box, type the domain to which
the user belongs.
- In Authentication type, choose the
appropriate authentication type from the list: Basic,
Digest, or Integrated Windows.
-
Click OK.
Additional considerations
- You can also perform the task described in
this procedure by using Windows PowerShell. For more information
about Windows PowerShell for AD RMS, see http://go.microsoft.com/fwlink/?LinkId=136806.