How to safely mingle personal and business data in a Windows world

Work Folders helps sync, and wipe, some data while leaving personal photos and the like alone.

big data

Work Folders is a new feature of Windows Server 2012 R2 that is designed to allow personally owned Windows 8.1 and Windows RT 8.1 tablets and laptops to sync business-related files and folders with a share on the corporate network.

Additionally, administrators can wipe the synced data because it is stored in a segregated way, and it's signed by a separate encryption key, so that the user's personally owned content, like photos and files, can be left intact after a wipe.

The key bit in all of this is the sync share. The sync share is essentially how Windows Server 2012 R2 manages which files to sync for which users. You set up a sync share by establishing a folder locally accessible to a Windows Server 2012 R2 server, and then pointing a wizard to that location. Within that shared folder, each user will have a subfolder that will contain the files that the Work Folders feature will host and sync.

In this piece, we'll walk you through the required steps to get Work Folders going on your network. We'll start with the server configuration, get the networking steps out of the way next and then discuss the client experience. At the end, you will come out with a working setup that you can build on later.

Setting up Work Folders on the server side

First off, you need to install the Work Folders role, which is an integrated part of Windows Server 2012 R2. You can do this through the Server Manager feature in the GUI, using the Add Roles and Features Wizard. Alternately, through PowerShell, a one-line command gets it done for you without all the clicking:

Add-WindowsFeature FS-SyncShareService

Wait for the installation to complete. If you are using the PowerShell command, a successful installation will result in the following display at the PowerShell command prompt:

Work Folders - Powershell
If you are using the PowerShell command, a successful installation will result in this display at the PowerShell command prompt.

Next up, it's time to create the sync share. Open Server Manager if it's not already open from the previous task, then navigate to File and Storage Services in the left section and Work Folders in the middle section. (Nothing happens in the right section.) Then from the Task drop-down menu, select the New Sync Share Wizard from the menu.

On the first screen, you can choose either an existing file share, which may be appropriate if you redirect user profiles and documents folders to a central file server, or you can enter a new local path to create the share.

Keep in mind the following requirements for the sync share:

  • The sync share must be on a volume formatted with NTFS (New Technology File System).
  • If you have an existing share or folder you are using, you must make sure that the following permissions are assigned in addition to any others: The Creator/Owner Group has full control on subfolders and files only; the Security Group containing the users who will have access to the sync share -- you'll set that up in a moment -- has list, create, traverse, read/write attributes permission for that folder only; Local System has full control of this folder, subfolders and files; and Administrator has read permission for this folder only.

If you are creating a new folder and making it a sync share from the start, the wizard will apply these permissions automatically. But if you are using an existing folder, it is best to ensure these permissions remain and that access control list (ACL) inheritance from other folders and subfolders does not muck with these required defaults.

Once you have made your new or existing selection, click Next, and the "Specify the structure for user folders" screen appears. Here you can choose one of two ways for how folders will be built under your sync share. The "user alias" method essentially employs the users' login names only to create subfolders for each person under the sync share to hold their folders.

1 2 3 4 Page 1
Page 1 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon