Data Loss Prevention

 View Only

  • 1.  Prepare the AD RMS environment for RMS monitoring - Upgrade 14.6

    Posted Feb 09, 2017 11:02 AM

    Dear,

    I preparing all to upgrade the version of DLP to 14.0 to 14.6 and in the upgrade guide for Windows , its mentions to this points and its is nesessary or optional for upgrade?

     

    Prepare the AD RMS environment for RMS monitoring

    Complete the following steps to prepare your AD RMS environment for monitoring:
    1 Confirm that the latest AD RMS client is installed.
    2 Confirm that the AD RMS account has Read and Execute permissions to access
    ServerCertification.asmx. For additional details, refer to the Microsoft
    Developer Network article:
    https://msdn.microsoft.com/en-us/library/mt433203.aspx.
    3 Confirm that the AD RMS super user group and Service Group both have Read
    and Execute permissions.
    4 Add each detection server to the AD RMS domain.
    5 Complete the following to change the previous Symantec Data Loss Prevention
    version service user to a domain user that has access to the AD RMS super
    user group.
    ¡ Shut down all services on the detection server except VontuUpdate before
    updating the service user.
    ¡ Run the ChangeServiceUser.exe utility to change the service user:
    C:\SymantecDLP\Protect\bin>ChangeServiceUser.exe
    USAGE: ChangeServiceUser.exe [installation directory]
    [new service user username] [new service user password]

    Parameters:
    [new service user password] is optional.
    C:\SymantecDLP\Protect\bin>ChangeServiceUser.exe
    C:\SymantecDLP [AD RMS domain name]\[super user username]
    [super user password]
    After running the script, the command prompt displays the change status,
    including the service user change status.
    6 Restart all services after updating the service user.

    Prepare the Azure RMS environment for RMS monitoring

    Complete the following steps to prepare your Azure RMS environment for RMS
    monitoring:
    1 Confirm that the latest Azure RMS client is installed.
    2 Create a local or domain user on each detection server that can access the
    Azure RMS.

    After you upgrade the detection server, you enable the Microsoft Rights Management
    plugin to complete the process to monitor Microsoft Rights Management files. See
    “Enabling Microsoft Rights Management file monitoring” on page 55.



  • 2.  RE: Prepare the AD RMS environment for RMS monitoring - Upgrade 14.6
    Best Answer

    Broadcom Employee
    Posted Feb 09, 2017 11:16 AM

    It is optional. Starting in 14.6 we have the ability to read into RMS protected content. Should you wish to use that functionality you would have to prepare it using those instructions to ensure that the detection server can properly use RMS.