Automatically configuring Work Folders
Computers that are members of a workplace can access internal network resources, such as internal websites and business applications. Work Folders enable users to synchronize their corporate data to their devices and vice versa. Those devices can be joined to the corporate domain or a workplace. Devices access Work Folders via a remote web gateway running on Microsoft Internet Information Services (IIS).
To deploy Work Folders, you add the File And Storage Services Work Folders role to a file server, and then configure Work Folders by using Server Manager. Afterward, you can use policy settings to control related options, such as the server to which users can connect remotely and access Work Folders. You control the connection server in one of two ways:
? By specifying the exact URL of a file server hosting the Work Folders for the user, such as https://server29.cpandl.com
? By specifying the URL used within your organization for Work Folders discovery, such as https://workfolders.cpandl.com
REAL WORLD Clients use secure encrypted communications to connect to work folders as long as the file servers hosting the Work Folders have valid SSL certificates. When a device initiates an SSL connection, the server sends the certificate to the client. The client evaluates the certificate and continues only if the certificate is valid and can be trusted. If you configure a connection to an exact URL, the client can connect directly to the specified sever and synchronize data in Work Folders. The server’s certificate must have a Common Name (CN) or a Subject Alternative Name (SAN) that matches the host header in the request. For example, if the client makes a request to https://server18.cpandl.com, the CN or SAN must be server18.cpandl.com.
In Group Policy, you specify the URL used within your organization for Work Folders discovery by using the Specify Work Folders Settings policy found under Administrative Templates policies for User ConfigurationWindows ComponentsWork Folders. Any server configured with Work Folders acts as a discovery server by default. If you configure a discovery URL, a client connects to one of several servers, and the email address of the user is used to discover which specific server hosts the Work Folders for the client. The client is then connected to this server. Each discovery server will need to have a certificate with multiple Subject Alternative Names, which includes the server name and the discovery name. For example,
if a client makes a request to https://workfolders.cpandl.com and connects to FileServer11.cpandl.com, the server’s certificate must have a CN or SAN of fileserver11. cpandl.com and a SAN of workfolders.cpandl.com.
If you want to configure Work Folders in Group Policy, use the following technique:
1. Access Group Policy for the system, site, domain, or OU with which you want to work. Next, access the Work Folders node by using the Administrative Templates policies for User Configuration under Windows ComponentsWork Folders.
2. Double-tap or double-click Specify Work Folders Settings, and then select Enabled.
3. In the World Folders URL text box, enter the URL of the file server that hosts the Work Folders for the user or the URL used within your organization for Work Folders discovery.
4. If you want to prevent users from changing settings when setting up Work Folders, select Force Automatic Setup.
5. Tap or click OK.