- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
Installing the server role
Work Folders in Windows Server 2012 R2 is an installable server role just like DNS, IIS, or Hyper-V. To start, fire up the Server Manager. In Server Manager, click Add roles or features (if you’re on the server console) or Manage > Add roles and features (if you’re managing the server remotely).
Add roles and features in Server Manager
Click Next to bypass the Before you Begin screen. On the Installation Type screen, leave the default role-based or feature-based installation option and click Next again. On the Server Selection screen, select the file server that will be hosting your Work Folders and click Next.
Select destination server
On the server roles screen, check Work Folders and then confirm the additional required features. Click Next and then click Next on the Features screen.
Add Work Folders role
Confirm the roles to be installed and click Install. Click Close when the install completes.
Confirm the roles
Or… you can save yourself a lot of clicking by installing Work Folders with PowerShell:
Configuring Work Folders
Now that we have Work Folders installed on the server, we can configure it for end users. Start the Server Manager and click File and Storage Services.
File and Storage Services
Click on Work Folders and then Tasks > New Sync Share.
New Sync Share
Click Next to bypass the Before You Begin screen. Enter a path for a new share or select an existing user file share if there is already one on the server and click Next.
Enter a local path
On the User Folder Structure screen, select the folder naming convention that you want Work Folders to use. Unless you have multiple domains and your file server hosts files for users in more than one domain, the “User alias” option should be sufficient.
If you have an existing share for users on your file server, you can specify a specific sub-folder (like Documents or My Documents) to be synced.
Specify the structure of user folders
Specify a Sync Share Name and which groups of users should have access to the share. In my example, I’ve created a group just for users that should receive access, but you can always use existing groups depending on how you want to provision access.
Note that the Disable inherited permissions and grant users exclusive access to their files is much like the same option in Folder Redirection. Use it at your own risk since this will prevent Administrators from accessing the files without modifying the permissions of the files first.
Grant sync access to groups
Last, set whether the files on the client system should be encrypted and whether the device should be automatically locked with a password required.
The Automatically lock screen, and require a password option will require that the device lock after 15 minutes and have a password with at least 6 characters.
Specify device policies
Confirm your options and your Work Folders are almost ready to use!
Confirm your options
Or, here’s the PowerShell shortcut for setting up a Work Folders share:
New-SyncShare –Path C:\Shares\WorkFolders –User DOMAIN\GROUP –RequireEncryption $true –RequirePasswordAutoLock $true
The Work Folders client uses a user’s email address to determine the name of the Work Folders server. It would be really nice if it determined the server name by performing a DNS query; unfortunately, that isn’t exactly how it works.
The Work Folders set up Wizard uses the domain specified in the email address and adds “workfolders” to the beginning. For example, if your email address is email@example.com, then the set up Wizard will try to connect to https://workfolders.4sysops.com. If your email address is firstname.lastname@example.org, then it will try to connect to https://workfolders.na.4sysops.com. So, keep that in mind since many organizations use a sub-domain instead of the root domain for their Active Directory environments.
If you’re using Windows DNS, you can add the record on your DNS server by using the following PowerShell command:
Add-DnsServerResourceRecordCName –Name “WorkFolders” –HostNameAlias “file1.atl.trekker.net” –ZoneName “trekker.net”
At this point, Work Folders is configured and almost ready for users to connect. In our next part, I’ll cover setting up the SSL certificate so user-owned devices can connect to the Work Folders server.
Want to write for 4sysops? We are looking for new authors.
ok, If I deleted a file at home then I return to office and connect to our network. What cause? Whether is file synching from server to my system?
I will create a DNS record for Work Folders. How workfolder server recognize that particular url created for it’s usage only. Because We already created many URL in DNS server for various purpose. We did not mentioned the URL link during the work folder installation in server.How work-folder server sync with that particular URL?.
This is addressed in the article.
Could you explain me about network traffic in case of I am configured Work Folders in our company?
This is the only thing from a Microsoft site I’ve seen on Work Folders performance. There are too many variables (how many users you have, what type of files users will be syncing, sizes of Work Folders being synced, etc.) for me to estimate what your network traffic will look like.
I went through your article which was pretty easy to follow, but, it seems I am missing something here. I also created a A record at my host to point to my site, but, for some reason I keep receiving the following error “There was a problem finding your Work Folders server” Unspecified error – 0x80000040005
I assume this is a DNS issue either with my external host or internal DNS.
Have any idea’s for me?
From the client, I would try pinging workfolders.yourdomain.ext from the client both on your corporate LAN and off to see if the name is resolving. If the name resolves, DNS isn’t necessarily your problem. You can also try manually specifying the server name (instructions in Part 4). I would try both the workfolders.domain.ext DNS and the actual server name to rule out name resolution. If you’re still getting the error, you’ve got other issues.
Thanks Kyle – I am able to ping via workfolders.server.local, but, not through workfolders.server.com. I already had a split DNS setup and I did create the A record for the .com zone. I will trouble shoot that one.
I also noticed when I used email@example.com I would get the SSL error about incorrect hostnames. Which is correct because the public cert I used is only for server.com
So, I suppose let me trouble shoot my external resolving issue and I should be good to go. Thanks for the advice.
I was able to get everything working finally – My final error was a 80004005 error which ended up being a sharing and security error. While this feature is nice, I was thinking this was more of a sync of my entire DFS share for offline access, which would kind of be large on my local laptop. I can see this would take some planning with groups, shares and setup your server initially with the intent that you are going to use Work Folders. Which this may be a huge under taking for some companies. Kind of makes me think, “Well, VPN still works”. Of course is VPN truly secure anymore – haha
Thanks again and I hope everyone has a awesome new year – 2015
Syncing of group shares isn’t currently supported in Work Folders; though, it is supposedly on the road map. Work Folders is intended as an on-premises Dropbox-like service for users to sync a folder of their user files to their devices.
Since some of our users have upgraded to Windows 10 you can’t use the encryption policies set by the Work Folders server. These policies work fine in Windows 8.1
Hi, i followed your instruction but I got an error “The WS-Management service cannot process the request. The service cannot find the resource identified by the resource URI and selectors.”
Did you reboot after installing Work Folders?
Work Folders didn’t install successfully due to that error. What do you think is the problem? Thanks
If it didn’t install at all, sounds like some other configuration issue on the server. If you’re applying any Group Policy to the server, you may need to remove it to see if it resolves the issue. You may also need to remove any third-party software… especially third-party firewalls. I would also check the Event Log to see if there’s anything that could point you in the right direction.
I find problem in the firewall used (Pfsense). It’s hard for me to erase it and setu-up everything again. Installed is a Remote Desktop Services for company’s system.
May I know if there is a way to connect to my shared network folder via RemoteApp Services using browser? In publish RDS, only applications you can ADD are executable programs.. I want to add my network shared folder so that users can add, copy and select files they want to use just like in their local computer regardless of connection and location. Thanks.
I have been facing the installation errors but i have realized that my exchange is using the same ports 80 and 433, i changed the port to 11180 and 11433 and the server side is running fine except that from the client side i am getting an error Access is denied 0x80070005 how can i get rid of this
Work Folders needs to be running on a file server or dedicated server that is just running Work Folders. As long as you’re running it on the same server as Exchange, I don’t think you’re in a supported configuration. The fact that the ports had to be changed should be an indication that you’re going to have other issues. If I had to guess, the client is having problems finding the sync share. In the age of virtualization, there’s really no reason to put multiple services on one box any more unless they are running inside of a VM or container. Stand up a VM and run Work Folders there. You’ll save yourself a lot of headaches.
Great! it worked perfectly on a VM.