- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
Installing the server role ^
Work Folders in Windows Server 2012 R2 is an installable server role just like DNS, IIS, or Hyper-V. To start, fire up the Server Manager. In Server Manager, click Add roles or features (if you’re on the server console) or Manage > Add roles and features (if you’re managing the server remotely).
Add roles and features in Server Manager
Click Next to bypass the Before you Begin screen. On the Installation Type screen, leave the default role-based or feature-based installation option and click Next again. On the Server Selection screen, select the file server that will be hosting your Work Folders and click Next.
Select destination server
On the server roles screen, check Work Folders and then confirm the additional required features. Click Next and then click Next on the Features screen.
Add Work Folders role
Confirm the roles to be installed and click Install. Click Close when the install completes.
Confirm the roles
Or… you can save yourself a lot of clicking by installing Work Folders with PowerShell:
Configuring Work Folders
Now that we have Work Folders installed on the server, we can configure it for end users. Start the Server Manager and click File and Storage Services.
File and Storage Services
Click on Work Folders and then Tasks > New Sync Share.
New Sync Share
Click Next to bypass the Before You Begin screen. Enter a path for a new share or select an existing user file share if there is already one on the server and click Next.
Enter a local path
On the User Folder Structure screen, select the folder naming convention that you want Work Folders to use. Unless you have multiple domains and your file server hosts files for users in more than one domain, the “User alias” option should be sufficient.
If you have an existing share for users on your file server, you can specify a specific sub-folder (like Documents or My Documents) to be synced.
Specify the structure of user folders
Specify a Sync Share Name and which groups of users should have access to the share. In my example, I’ve created a group just for users that should receive access, but you can always use existing groups depending on how you want to provision access.
Note that the Disable inherited permissions and grant users exclusive access to their files is much like the same option in Folder Redirection. Use it at your own risk since this will prevent Administrators from accessing the files without modifying the permissions of the files first.
Grant sync access to groups
Last, set whether the files on the client system should be encrypted and whether the device should be automatically locked with a password required.
The Automatically lock screen, and require a password option will require that the device lock after 15 minutes and have a password with at least 6 characters.
Specify device policies
Confirm your options and your Work Folders are almost ready to use!
Confirm your options
Or, here’s the PowerShell shortcut for setting up a Work Folders share:
New-SyncShare –Path C:\Shares\WorkFolders –User DOMAIN\GROUP –RequireEncryption $true –RequirePasswordAutoLock $true
DNS configuration ^
The Work Folders client uses a user’s email address to determine the name of the Work Folders server. It would be really nice if it determined the server name by performing a DNS query; unfortunately, that isn’t exactly how it works.
The Work Folders set up Wizard uses the domain specified in the email address and adds “workfolders” to the beginning. For example, if your email address is firstname.lastname@example.org, then the set up Wizard will try to connect to https://workfolders.4sysops.com. If your email address is email@example.com, then it will try to connect to https://workfolders.na.4sysops.com. So, keep that in mind since many organizations use a sub-domain instead of the root domain for their Active Directory environments.
If you’re using Windows DNS, you can add the record on your DNS server by using the following PowerShell command:
Add-DnsServerResourceRecordCName –Name “WorkFolders” –HostNameAlias “file1.atl.trekker.net” –ZoneName “trekker.net”
At this point, Work Folders is configured and almost ready for users to connect. In our next part, I’ll cover setting up the SSL certificate so user-owned devices can connect to the Work Folders server.