Work Folders is a new feature of Windows Server 2012 R2 that is designed to allow personally owned Windows 8.1 and Windows RT 8.1 tablets and laptops to sync business-related files and folders with a share on the corporate network.
Additionally, administrators can wipe the synced data because it is stored in a segregated way, and it's signed by a separate encryption key, so that the user's personally owned content, like photos and files, can be left intact after a wipe.
The key bit in all of this is the sync share. The sync share is essentially how Windows Server 2012 R2 manages which files to sync for which users. You set up a sync share by establishing a folder locally accessible to a Windows Server 2012 R2 server, and then pointing a wizard to that location. Within that shared folder, each user will have a subfolder that will contain the files that the Work Folders feature will host and sync.
Alternatively, you can choose the "user alias@domain" structure if you are working in a larger organization that may have multiple domains and therefore has an increased chance of collision between alias names. For example, a user with an alias of bsmith working for one organization would collide with a user with an alias of bsmith working for a subsidiary; so, using the domain portion of the user principal name [UPN] creates a unique entity.
There is one other option on this structure-selection screen, entitled "Sync only the following subfolder." This allows you to choose one individual subfolder on which to enable the Work Folders feature.
In the case where you are putting sync share capabilities on your existing home directories, which may include a user's saved music, pictures and movies, there is little business reason to sync all of these everywhere. You may wish to sync only the Documents folder, or you may wish to create a new subfolder called "Work Folders" and then train your users to save documents that they want synced into that folder.
The main point here is that the Work Folders client devices are going to look for hosts presenting as the following:
The certificates for the machine hosting Work Folders sync shares must cover those domain names. If you are using self-signed certificates, make sure to import those certificates using administrator credentials on your client machines so that Windows knows to trust those certificates when they are presented within the transaction.
Setting up Work Folders on the client
The client process is pretty simple, to be honest. Just follow these few steps:
- On the client computers or devices: Open Control Panel.
- Click on System and Security.
- Click on Work Folders.
- Click on Set up work folders.
- Enter the user's email address. Here, the wizard looks for WorkFolders.domain.tld and then tries to establish a partnership. You will be prompted for credentials on non-domain-joined machines.