I am Dale Hayter, a Microsoft and VMware certified Technical Consultant.

My blog has been built up over the years from my experience of working on an IT helpdesk and also from being out on-site.

How to Setup / Configure Work Folders in Server 2012 R2

In Server 2012 R2 Microsoft have introduced a new feature called Work Folders. This new feature is Microsoft’s 1st attempt to create a corporate version of Skydrive and Dropbox. Basically enabling users to sync data back to the Corporate’s file server without the need of a VPN or Remote Desktop. As long as the user has internet access the folders will be available and will sync back and forward.

The implementation is quite early for Microsoft as there are no shared folders, so you cant have a sync for multiple users etc. This might come in future versions……. However I suppose you could create a sales user for now as a workaround.

Lets get started. First of all we need to install the Work Folders Role to a server in your domain.

Open Server Manager on your designated server and click manage, Add Roles and Features.

Work Folders 1

When the new window appears it should say the server your on. Check this is right.

Work Folders 2

Click Role-based or feature-based installation, Click Next.

Work Folders 3

Make sure the correct server is hightlighted and click Next.

Work Folders 4

Branch out File and Storage Services and then File and iSCI Services. Tick Work Folders

Work Folders 5

On the next screen accept the defaults and just click Add Features.

Work Folders 6

Click Next to the 2 screens that follow. Then click install.

Work Folders 7

When the installation has succeeded. Click Close.

Work Folders 8

If your a powershell fan then all this can be done with the following Powershell command.

Add-WindowsFeature FS-SyncShareService

Now we have installed the Work Folder feature we need to configure it.

Open Server Manager and click on the server role File and Storage Services.

Work Folders 9

Click Work Folders on the left hand column

Work Folders 10

We now need to create a Sync Share. A sync share is where our data will be stored. In the sync share there will be sub folders for all our users. Its basically a repository. During the sync share wizard we will need to assign a group to the share. In this example I have create an Active Directory Security Group called “Work Folders Access”.

I’ve added a test user called Test to this group. I also created a folder in the root of my servers C drive called WorkFolders ready for the wizard.

In the top right corner click Tasks and then click New Sync Share…

Work Folders 11

The first screen just reiterates when I said above about the security groups and folder. Click Next.

Work Folders 12

In the Server and Path Section, click on Browse next to the Enter a local path section and browse to c:\WorkFolders or whereever you created your folder.

Work Folders 13

Leave the default option of “User alias” selected. User Alias is probably the one you will use most often as its compatible with Folder redirection. Also on this screen you can tell it to only sync subfolders. For example if you were making a users profile folder a work folder then you might only want to sync the “Documents” Folder. For now we will do everything. Click next.

Work Folders 14

I will leave the Sync Share Name as the default in my example. Click Next.

Work Folders 15

Add the group we created at the start and click next.

Work Folders 16

At this screen you can select device policies. Tick Encrypt Folder and click Next.

Work Folders 17

At the Confirmation screen. Check all the settings are right and then click Create

Work Folders 18

Click Close when the folder has been created.

Now we have our folders in place we need to put some certificates in place. In this example I’ll be using a wildcard self signed certs that I made using makecert. If you need to know how to create one then look at my article here. If you want a proper cert your need to create one for workfolders.yourdomain.com or use a wildcard.

Open up a certificate mmc for the local computer on your server hosting your work folders. Then click on Personal in the left hand column. Right click on All Tasks, Import.

Work Folders 19

Browse to your cert and click import. You should now see it listed under personal.

We now need to bind the cert to port 443. First of all we need thumbprint for your cert. Open an elevated powershell window and use the command

Get-ChildItem –Path cert:\LocalMachine\My
Work Folders 20

In my example we can see my thumbprint is



The command to bind must be run in an elevated command prompt NOT PowerShell :-

netsh http add sslcert ipport= certhash=C4A2B80DE65302D4CA19931D650BBF117C93661C appid={CE66697B-3AA0-49D1-BDBD-A25C8359FD5D} certstorename=MY
Work Folders 21

When clients connect, they will be asked to enter their email address. The email address is then used to append a workfolders A record to the domain name. So if my email was [email protected] the client would try and connect to workfolders.contoso.com. You need to ensure that this A record is created externally and also internally.

Now you should be all ready to go. All you need to do is if using a self signed cert import it into the Trust Root Certification Authorities.

On the client go into Control panel.

Work Folders 22

Then click on Work Folders. (Large Icon View)

Work Folders 23

Click on Setup Work Folders.

Work Folders 24

Enter the users email address and click next

Work Folders 25

Select the location where you want the Work Folder to be located, click next.

Work Folders 26

Your now be selected to accept the policies we setup when creating the work folder. Click I accept then click next.

Work Folders 27

Thats it!!!

One thing that is annoying is that users need local admin rights to the pc if using policies. Otherwise they cannot set it up and they get the error :

Work Folders 28