Work Folders is a new role service within File and Storage Services in Windows Server 2012 R2 that enables users to automatically and seamlessly synchronize work-related documents with a file server. Users can synchronize work data to any computer running Windows 8.1 or a personal device, such as a tablet running Win- dows RT 8.1, while maintaining compliance with company security policies. All data is stored on a specially configured folder on the file server that includes subfolders for each user. For example, a user might save her data at her desktop computer and then access the data on her home computer or tablet while offline. At home, she makes changes to this data and saves them on her device. The next day on returning to the office, the data is automatically synchronized to the file server.
ptg14504686 Similar to Folder Redirection or Offline Files, Work Folders enables synchroniza-
tion of work documents with a file server; however, Work Folders extends synchro- nization capabilities to include user-owned computers and devices not normally connected to the corporate network without the need for remote access connection technologies such as DirectAccess or virtual private networks (VPNs). Further, cloud technologies such as Microsoft OneDrive are not required (users can sync personal data with the cloud using OneDrive or other technologies).
The following are several of the important capabilities of Work Folders:
■ Provide a single point of access to data on a user’s computers and devices run-
ning Windows 8.1 or Windows RT 8.1. It is planned to extend this functional- ity to Windows 7 computers and additional devices such as iPads in the future. ■ You can deploy Work Folders alongside other file server technologies, includ-
ing folder redirection, offline files, and home folders.
■ Assists users in keeping work and personal information separate from each
other.
■ Maintains data encryption during synchronization activities and enables
corporate data wipe by means of data management services such as Win- dows Intune. You can use security policies to ensure that Work Folders are encrypted and a lock screen password is in use.
■ You can manage user data using available file server management technolo-
gies, including disk quotas and file classification.
The following are functionalities included with Work Folders:
■ Work Folders role service: Enables you to set up shared folders that store work data on a Windows Server 2012 R2 computer. You can also monitor data being stored and manage sync shares and user access.
■ Work Folders PowerShell cmdlets: Includes a comprehensive set of cmdlets for managing Work Folders on Windows Server 2012 R2 computers.
■ Integration with client computers: Provides Work Folders functionality on computers and devices running Windows 8.1 or Windows RT 8.1. Included is a Control Panel applet that sets up and monitors Work Folders, integra- tion with File Explorer, and a sync engine that facilitates file transfer with the file server.
■ Work Folders app for devices: Apps are currently in development that will enable popular devices such as iPads and Android to access information stored in Work Folders.
ptg14504686 Enabling and Configuring Work Folders
As already mentioned, Work Folders is available as a role service within File and Storage Services server in Windows Server 2012 R2. Use the following procedure to enable Work Folders:
1. From the Server Manager Dashboard, click Manage > Add roles and features .
2. If you receive the Before you begin page, click Next to bypass this page.
3. On the Select installation type page, leave the default of role-based or feature- based installation selected, and then click Next .
4. Select the server on which you want to install Work Folders (by default, this is the local server), and then click Next .
5. On the Select server roles page, expand the File and Storage Services node; then expand the File and iSCSI Services subnode.
6. As shown in Figure 4-19 , select Work Folders , and then click Next .
ptg14504686
7. If you receive a message box informing that you need to add IIS Hostable Web Core, click Add Features to proceed.
8. Click Next to receive the Confirm installation selections page. Review the information provided, and then click Install to proceed.
9. The Installation progress page tracks the progress of installing Work Folders and IIS Hostable Web core. When informed that installation has succeeded, click Close .
You can also use the following PowerShell cmdlet to set up Work Folders: Add-WindowsFeature FS-SyncShareService
Installing the Work Folders role service adds the Work Folders page to File and Storage Services in Server Manager. In addition, the Windows Sync Shares service and the SyncShare Windows PowerShell module are installed on the file server. After installing this service, you need to configure the shared folder from which users will synchronize their work data. Use the following procedure:
1. From the Server Manager Dashboard, click File and Storage Services > Work Folders .
2. You are informed that there are no sync shares. Click the link labeled To create a sync share for Work Folders ; this starts the New Sync Share Wizard.
3. The wizard begins with a Before you begin page. Note the information pro- vided about creating sync shares, and then click Next .
4. On the Select the server and path page shown in Figure 4-20 , specify the local path where user subfolders will be stored. You can also click the Select by file share radio button to use a shared folder provided on this page, or click Browse to locate a suitable folder. When finished, click Next .
ptg14504686 Figure 4-20 Specifying the path to the Work Folders share.
5. On the Specify the structure for user folders page shown in Figure 4-21 , select one of the options provided for naming user-based subfolders; then click Next .
ptg14504686 Figure 4-21 Specifying a naming format for user subfolders in the Work Folders share.
6. On the Enter the sync share name page, provide a name and optional descrip- tion, and then click Next .
7. On the Grant sync access to groups page shown in Figure 4-22 , click Add to display the Select User or Group dialog box shown in Figure 4-23 . Type the name of the user or group you want to grant access to, and then click OK . Repeat as required to add users or groups. When finished, click Next .
ptg14504686 Figure 4-22 The Grant sync access to groups page enable you to specify users or groups that
are permitted to sync data to the Work Folders share.
Figure 4-23 The Select User or Group dialog box enables you to specify groups that are permitted to sync to the Work Folders share.
8. You see the Specify device policies page, which enables you to select either or both of the following policies. Select the desired policies, and then click Next . ■ Encrypt Work Folders: Encrypts all documents with the Enterprise ID.
This is the user’s primary SMTP email address. The use of a different key to encrypt Work Folders ensures the security of documents on client
ptg14504686 devices and enables an administrator to wipe Work Folders as necessary,
for example, if the users’ device is lost or stolen.
■ Automatically lock screen and require a password: Requires a pass-
word policy with a minimum password length of 6, an autolock screen policy set to 15 minutes or less, and a maximum password retry of 10 or less. If a device does not meet these polices, the user will be unable to set up Work Folders on her device.
9. On the Confirm selections page, review the settings you’ve specified. If neces- sary, click Previous to make changes. When finished, click Create .
10. The wizard charts the progress of setting up Work Folders. When informed that the process is finished, click Close .
The following items are also needed to enable users to sync to the Work Folders share across the Internet:
■ A server certificate for each file server hosting the Work Folders share: You should use certificates granted by a public certification authority (CA) that is trusted by your users. For more information, refer to the Cert Guide for exam 70-412.
■ Firewall proxy or gateway access rules that enable access to the server
across the Internet: For more information, refer to Chapter 19 , “Configur- ing Windows Firewall.”
■ A publicly registered DNS domain name with the ability to create addi-
tional public records: For more information, refer to Chapter 12 , “Deploy- ing and Configuring Domain Name System (DNS).”
Ideally, you should also have an AD DS forest that includes Windows Server 2012 R2 schema extensions that support automatic referral of computers and devices to the correct file server. If using Active Directory Federation Service (AD FS) authen- tication, you need to include the appropriate AD FS infrastructure.
Configuring Client Computers for Work Folders
Client computers use Secure Sockets Layer (SSL) to connect to the server. Conse- quently, you need to install an SSL certificate on the server. Use the following pro- cedure on a client computer running Windows 8.1 to set up Work Folders:
1. In Control Panel, click System and Security > Work Folders .