We all have used or currently use cloud drives, e.g. OneDrive, Box, DropBox, and so on. However what if you’re an organization that needs provide mobile access to files, however you need to keep some or certain files locally on the file server? How about CAD files or other documents that may not work well in a cloud based storage?
Fortunately there is a solution that allows mobile access to file server shares and it’s called Work Folders.
- Domain Controller access for authentication
- Windows Server 2012 R2 File Server
- Windows 7+ (Pro, Ult, Ent) and/or Windows RT
- iOS 8
- Update! Android now supported – 3/11/2016
- An SSL cert
Why use Work Folders?
- Work Folders is great for companies who are cloud adverse and wish to keep their files on their own servers (WS 2012 R2) but need a method for mobile devices to access.
- Good replacement for companies who want to move away from offline files.
Let’s get started
Here’s my Work Folders architecture and best of all it’s all hosted in Azure!
Install Work Folders from Windows Server 2012 R2 Add/Remove Roles in Server Manager and run through the brief wizard to complete the installation:
After Work Folders are installed, we need to configure a Work Folders file share in Server Manager.
Specify a path to the file share, add user groups from the domain, and specify device policies if desired:
After the Work Folders file share is configured we need to publish a URL to connect devices to Work Folders. This is where the SSL cert comes in.
We also need to make sure there is pointer from the DNS registrar that points to the application proxy, e.g. workfolders.yourdomain.com. The record can be an A or CNAME record.
For security purposes, on a server within your DMZ (or if you have a web proxy appliance) we need to create a reverse proxy connection.
In my diagram (below) my reverse proxy sits on the edge of my network. I used Windows Server 2012 R2 Application Proxy.
As I published the URL, I specified the SSL certificate (associated with my fileserver) installed on my Application Proxy as the cert to use.
Publishing an app using Windows Server 2012 R2 Application Proxy is very simple so I won’t detail it here.
My application proxy setup points https://workfolders.domain.com to http://fileserver.domain.com
Once everything is set up it’s time to test Work Folders.
Search for Work Folders and launch. Then select “Set up Work Folders”:
Depending on how your set up work folders, you can sign in using an email address which will convert it to http://workfolders.domain.com. Work Folders will automatically use the domain name of the email address to construct the URL. Or you may type in the URL directly.
If Windows Authentication was selected a login prompt will appear. If Active Directory Federation Services (AD FS) was selected login will happen automatically.
Once logged in we see a screens similar to the ones below:
Open up the Work Folders folder on the PC and we see files that were populated previously:
Statistics on Work Folders file share from my PC:
Download the iOS Work Folders app from iTunes: https://itunes.apple.com/us/app/work-folders/id950878067?mt=8 (for Android, download Work Folders from Google Play)
Launch Work Folders and enroll the iOS device using the same techniques described above for the PC. Select a passcode, and begin accessing your files.
Auditing and Logs
Logs are located on the Work Folders server under SyncShare:
Work Folders is a great solution to expose files to end users while maintaining control and access to those files within your datacenter.
- Work Folders Blog: http://blogs.technet.com/b/filecab/archive/2013/07/10/introducing-work-folders-on-windows-server-2012-r2.aspx
- Work Folders on TechNet: https://technet.microsoft.com/en-us/library/dn265974.aspx
- Work Folders Design TechNet: https://technet.microsoft.com/en-us/library/dn479242.aspx