Aucune remarque pour cette diapositive
Slide Objective: Explain Remote PowerShell. Instructor Notes:Evan opens PowerShell (2.0) on his machine, which gives him a client side runspace. Evan types New-PSSession –URI https://server.fqdn.com/PowerShell to target this endpoint. Once connected, IIS Authenticates the user (For Datacenter, Live.edu its basic, On-Premise it’s Kerberos).IIS then goes through RBAC process to figure out who Evan is and what he can do and where. Reading Roles, Role assignment from AD DS, etc. It returns the available cmdlets, attributes Evan can run or set.IIS then creates the restricted PowerShell runspace on the Server which only allows these cmdlets to be executed. These cmdlets are then added to Client Side runspace to be executed on Evans computer. When the client then runs New-Mailbox Bob in the client runspace it then gets executed on the Server.The result then gets piped back to the Client runspace which allows further actions (e.g., piping the result into another command on the client). Important Takeaways: There are always 2 separate runspaces, Client and Server (not like Telnet)Cmdlets and usability is just like they were in Exchange Server 2007
Slide Objective: You need tools to enforce confidentiality where it is required. Instructor Notes: Many of you may receive emails similar to this one in which the author is essentially begging and pleading with the recipient to “do the right thing” with the information—and prior to RMS we saw a lot of these inside Microsoft as well. In this case, while the organization may have a “policy” for what should and should not be done with the information, there are no mechanisms in place to digitally enforce that policy. You cannot rely on the fact that all end-users will apply confidentiality measures where required, even with training.
Slide Objective: Introduce Automatic Content-Based Privacy, at the Transport Level. Instructor Notes: Today an employee may accidentally include sensitive information that belongs to a consumer in an email which is sent in clear text over the internet. If that data is accidentally emailed the organization may face considerable reputation damage, legal exposure, and reduction in company’s market value. To address this, the Exchange Server can be configured to encrypt messages that contain personal information or critical business information. Sensitive email can be detected, using Transport Rules, by filtering the content of a message (including content of supported attachments). Regular expressions are supported. AD DS RMS uses XML-based policy templates to allow compatible IRM-enabled applications to apply consistent protection policies. In Windows Server 2008, AD DS RMS server exposes a web service that can be used to enumerate and acquire templates. Exchange Server 2010 SP1 ships with the following template: Do Not Forward: When the Do Not Forward template is applied to a message, only the specified recipients can decrypt the message. The recipients can't forward the message to anyone else, copy content from the message, or print the message. For example: Ed is a nurse at Contoso, a large hospital. Ed is sending Chris the results of his recent blood test. When Ed’s email reaches the Exchange Server, the server is able to examine the message and determine that personal information is included in the mail. Because personal information is included in the message, the Exchange Server encrypts the message before it leaves the organization. The message that gets to Chris is an encrypted copy of the message.