
close
close
Work Folders is a new feature of Windows Server 2012 R2 that allows users to have access to individual corporate data folders, no matter where the users are and from what device they are connecting. At present, only Windows 8.1 is supported, but iOS and Android clients are reportedly in the making.
This functionality may sound a bit familiar to cloud-based file-sharing solutions like Microsoft OneDrive, DropBox, and Google Drive. The Work Folders option tends to give administrators a bit more control over what data is accessible, and they can have improved control over user connections enforcing device connection policies.
advertisment
In order to install Work Folders, you need the following configured (as a minimum):
For external and production solutions, you also need the following:
No matter if the Work Folders will be used only internally or both internally and externally, the first step is installing the Work Folders Server Role.
advertisment
A pop-up will inform you about the additional IIS Hostable Web Core component that will be installed as well.
Work Folders are working much like regular NTFS folders from a security perspective. To grant/deny access, you rely on global security groups within Active Directory.
In this example, I’m going to create an Active Directory group called “Work Folders Users,” that is allowed full access rights to the Work Folders directories. Remember, these groups can be anything, or maybe you already have a full set of AD security groups in your organization than can be used for this, such as Sales, HR, Production, IT, etc.
advertisment
In this last step, we will create and configure a sync share for work folders, granting access rights to the earlier created AD security group.
As the main idea of the Work Folders feature is to allow connections from outside of your network to internal file shares, security is very important. That’s why we need to present the web service with an SSL certificate. You have a few options here:
In this example, I’ll use a wildcard certificate for my domain “*.2012R2.demo”, which is installed in my computer personal certificate store (MMC / Certificates / Computer Account / Personal / Import).
Once your SSL certificate is installed on the work folders server, you have to “bind” this certificate. As you don’t have the IIS Admin Tools installed on the server, we have to use a netsh command to do this. To make sure we enter the Thumbprint of the certificate correctly, let’s open up this certificate from the MMC again.
The netsh command looks like this (Note: This isn’t a Powershell cmdlet, so run this in an elevated command prompt).
netsh http add sslcert ipport=0.0.0.0:443 certhash= c844d6ac45eadf6443c45233af8c836e29287e57 appid={CE66697B-3AA0-49D1-BDBD-A25C8359FD5D} certstorename=MY
This completes the configuration of the Work Folders sync share from the server side. Now let’s move over to the Windows 8.1 client machine.
In this example, the Windows 8.1 client is domain-joined. However, it’ll also work if your SSL certificate is trusted on a non-domain-joined client.
That’s all! Enjoy having your corporate users’ data folders synchronized to your end-user’s client device in a safe, secure, and simple but effective way. Happy Work Folder-ing!
More from Peter De Tender
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Windows Server 2012
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group