How to safely mingle personal and business data in a Windows world


Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CSO, Computerworld, InfoWorld, IT World and Network World Learn more.

Work Folders helps sync, and wipe, some data while leaving personal photos and the like alone.

Work Folders is a new feature of Windows Server 2012 R2 that is designed to allow personally owned Windows 8.1 and Windows RT 8.1 tablets and laptops to sync business-related files and folders with a share on the corporate network.

Additionally, administrators can wipe the synced data because it is stored in a segregated way, and it's signed by a separate encryption key, so that the user's personally owned content, like photos and files, can be left intact after a wipe.

The key bit in all of this is the sync share. The sync share is essentially how Windows Server 2012 R2 manages which files to sync for which users. You set up a sync share by establishing a folder locally accessible to a Windows Server 2012 R2 server, and then pointing a wizard to that location. Within that shared folder, each user will have a subfolder that will contain the files that the Work Folders feature will host and sync.

Alternatively, you can choose the "user alias@domain" structure if you are working in a larger organization that may have multiple domains and therefore has an increased chance of collision between alias names. For example, a user with an alias of bsmith working for one organization would collide with a user with an alias of bsmith working for a subsidiary; so, using the domain portion of the user principal name [UPN] creates a unique entity.

There is one other option on this structure-selection screen, entitled "Sync only the following subfolder." This allows you to choose one individual subfolder on which to enable the Work Folders feature.

In the case where you are putting sync share capabilities on your existing home directories, which may include a user's saved music, pictures and movies, there is little business reason to sync all of these everywhere. You may wish to sync only the Documents folder, or you may wish to create a new subfolder called "Work Folders" and then train your users to save documents that they want synced into that folder.

The main point here is that the Work Folders client devices are going to look for hosts presenting as the following:

  • SyncSvr.domain.tld
  • WorkFolders.domain.tld

The certificates for the machine hosting Work Folders sync shares must cover those domain names. If you are using self-signed certificates, make sure to import those certificates using administrator credentials on your client machines so that Windows knows to trust those certificates when they are presented within the transaction.

Setting up Work Folders on the client

The client process is pretty simple, to be honest. Just follow these few steps:

  1. On the client computers or devices: Open Control Panel.
  2. Click on System and Security.
  3. Click on Work Folders.
  4. Click on Set up work folders.
  5. Enter the user's email address. Here, the wizard looks for WorkFolders.domain.tld and then tries to establish a partnership. You will be prompted for credentials on non-domain-joined machines.
To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
How to ace the CISO interview: Be ready for the tough questions
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies