MCSE R2 working folder Word Folders (1)

Source: Internet
Author: User
Tags ssl certificate

Configure the Windows Server R2 working folder for BYOD synchronization

The working folder is a new feature in Windows Server R2 that allows users to synchronize work data across multiple devices. Working folders enable IT administrators to provide them with the ability to synchronize work data on all their devices, regardless of where the information worker is located. Oh, oh, it's amazing, right? 650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/73/wKiom1SCziuBZv9CAAAHWqPyDDs067.jpg "/>650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/72/wKioL1SCzrzgfQwBAAAHY99LDIY382.jpg "/> This is done by synchronizing the user data on the device to the local file server. However, the current work folders only supports Windows 8.1 clients. Windows 7 and ipad, Android devices will also be supported in the future.

First, the experimental environment:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/73/wKiom1SCziuizK0uAAEDz4Skxos359.jpg "/>

Where LON-DC1 is a domain controller and an ad Certificate Server, LON-SVR1 is a member server that is joined to the domain, and the Work Folders feature is installed on LON-SVR1, LON-DC1 and LON-SVR1 are running the Windows Server Edition R2 version of the operating system. The Windows 8.1 operating system is installed on both Client1 and Client2. In fact Client1 joined the domain xuehao51.com,client2 is in the workgroup environment, CLIENT1 and Client2 DNS server IP addresses all point to the LON-DC1 IP address.

Please install the domain environment and install ad CS yourself first, this example is not introduced.

Second, the experimental steps:

1. Installation of the "Working folders" feature

Work folders are a component of the role of the file and storage services that you can enable through Server Manager or PowerShell.

1) on the LON-SVR1 Server Manager, click Manage, select the Add Roles and Features button, and the Add Roles and Features wizard dialog box pops up. Click "Next"

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/73/wKiom1SCzivDpaQEAACgJw2c_3I579.jpg "/>

2) in Select installation type, select Role-based or feature-based installation, click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/72/wKioL1SCzrzwQ0YlAADr6anrYb4447.jpg "/>

3) in Select Destination Server, select Select a server from the server pool, and then click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/73/wKiom1SCzizBrDQ-AAFNZEjvnAg908.jpg "/>

4) in Select Server role, select Web Server (IIS), select Working folders in file and storage services → file and iSCSI services, and click Next.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/72/wKioL1SCzr3AvhqlAAFLucZwHDg421.jpg "/>

Next, always use the default option to install Ann.

2. Configure "working folder"

To configure work folders for each user in the enterprise, you need to find a larger partition on the server where you can create folders to hold the work folders data. The main steps for configuring a working folder are described below.

1) In Server Manager, click File and storage services → working folders, click to create a synchronization share for work folders, start the New Sync Share Wizard link.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/73/wKiom1SCziyCHOhUAAD4y9QS3C8110.jpg "/>

2) Click Next in the Before you begin screen of the New Sync Share Wizard.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/72/wKioL1SCzr2yz7iSAADZ-3vh35c693.jpg "/>

3) in the Select Server and Path dialog box, you are asked to select a server to sync shares with, and then select an existing file share or enter a local path.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/72/wKioL1SCzr3BJcMoAADeVod5qho414.jpg "/>

4) Next, you are asked to choose the format of the named folder. You have two options:

Use user aliases: If your directory structure is a single-domain environment created from a user alias, select the user alias.

use [email protected] Format: This is generally best suited for organizations with multiple domains, because it eliminates the possibility of conflicts among multiple different users with the same alias in different domains.

There is also a check box to specify the folders you want to sync.

Synchronization occurs on a per-user basis, which is why sync sharing can use user aliases or e-mail addresses. Work folders can only be used as a mechanism to allow users to take files offline, not for working together.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/73/wKiom1SCzi2D40GmAAERC8XML2U286.jpg "/>

5) Click Next and you will be prompted to enter a sync share name. You can also enter an optional document description.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/73/wKiom1SCzi3ToJV5AACkp4eogt8936.jpg "/>

6) You will then be asked to specify the user or group you want to access. I chose domain users, which means that you want to enable synchronization for each user in the domain. The most notable is a check box labeled "Disable inherited permissions and grant exclusive access to users for their files." It is selected by default, but is recommended for cancellation. Otherwise, the administrator will not be able to access the user files.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/72/wKioL1SCzr7wkSchAADneVPCxuo233.jpg "/>

7) Click Next and you will go to the Specify Device Policy dialog box with two checkboxes: "Automatically lock the screen and ask for a password". If you want to further secure your work folders ' data, you can select Encrypt working folders.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/73/wKiom1SCzi2A3zFxAAChrc9-gog114.jpg "/>

8) Click Next to confirm. If all goes well, click "Create" to create a sync share

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/72/wKioL1SCzr6RsCYhAAEHTExeiVM263.jpg "/>

9) Finally, in the View Results dialog box, click Close.

10) After configuration, in the Server Manager → files and storage services → working folders dialog box, you can see that the Work Folders Wizard has created a sync share for each user in the domain.

3. Request a certificate for the working folder server

The Work Folders server requires a binding certificate, and the administrator can request a computer certificate from the Enterprise Certificate Server. In this experiment, I have configured "Enterprise Certificate Server" on LON-DC1.

1) in LON-SVR1, open the Run dialog box and execute the MMC.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/72/wKioL1SCzsHQUeX1AABuTEchAk8974.jpg "/>

2) Open "Console 1" and select "Add/Remove Snap-in" from the "File" menu.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/73/wKiom1SCzjDQxxLVAABkeYq2KxY791.jpg "/>

3) in the Add or Remove Snap-in dialog box, select Certificates in the available snap-in list, and click the Add button.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/72/wKioL1SCzsHDNuw4AAD_Ac1wCnc617.jpg "/>

4) In the Certificates snap-in dialog box, select Computer account.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/73/wKiom1SCzjHBCGC-AABwR7sCJrA147.jpg "/>

5) In the Select Computer dialog box, select Local Computer (the computer that is running this console).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/72/wKioL1SCzsHh878HAABOC2fCAsw367.jpg "/>

6) Return to the Add or Remove Snap-in dialog box, as you can see in the selected snap-in list, the certificate (local computer) has been added, and click the OK button.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/73/wKiom1SCzjGwMOAAAAEz0llE0WI104.jpg "/>

7) After returning to the "console", in the "Certificates (local computer) → personal → certificates" snap-in, right-click on the right side, and in the Blank menu that pops up, select "All tasks → request New certificate" and prepare to apply for a computer certificate.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/72/wKioL1SCzsKgxibDAADvZVxMH40471.jpg "/>

8) in the certificate enrollment → Select certificate Enrollment Policy dialog box, select Active Directory Enrollment policy and click the Next button.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/73/wKiom1SCzjGjLDdCAACEnfF4eo0997.jpg "/>

9) in the certificate enrollment → request Certificate dialog box, select Computer, click the Register button

10) After the certificate has been requested and registered, in the Certificate Installation Results dialog box, the display status is success, click the Finish button

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/72/wKioL1SCzsWR3_kfAAB8prDmv8E758.jpg "/>

11) After applying for the certificate, in the "certificate → personal → certificate" option, you can see the requested certificate named Lon-svr1.xuehao51.com (same as the name of the current computer).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/73/wKiom1SCzjWz4d47AADQ9JBMo_4394.jpg "/>

4. Bind the certificate in IIS Manager

After you request a computer certificate, you can bind the certificate in IIS Manager by following these steps:

1) in Server Manager →iis, right-click the computer name and select Internet information Services (IIS) Manager from the shortcut menu that appears.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/72/wKioL1SCzsajgFPIAADm9U7oHOc248.jpg "/>

2) In IIS Manager, select Default Web Site, and in the action list on the right, select the Bind button.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/73/wKiom1SCzjXQP8yQAAE-n0C7Kpw983.jpg "/>

3) In the Site Bindings dialog box, you can see that there are currently only HTTP types of sites, and you need to add an HTTPS site and bind the certificate. Click the Add button

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/72/wKioL1SCzsbTiZYgAABXHJJzqZ4315.jpg "/>

4) in the Add Site Bindings dialog box that pops up, select HTTPS in the Type drop-down list, select the port by default to 443, select the certificate named Lon-svr1.xuehao51.com from the previous section in the SSL certificate drop-down list, and then click the OK button.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/73/wKiom1SCzjXwi_V-AABqXDGez_k651.jpg "/>

5) Return to the Site Bindings dialog box to see that the HTTPS type Web site has been added.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/72/wKioL1SCzsbytNwKAABb3si_jjA653.jpg "/>

6) After returning to IIS Manager, you can see that the 80 and 443 port sites have been configured, and from the status you can see that the current default site has stopped because the work folders are consuming TCP 80 and 443 ports.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/73/wKiom1SCzjbwdiCDAAE0EHmp-y0079.jpg "/>

After the certificate is bound, IIS Manager can uninstall it. The working folder does not require IIS Manager.

5. Configure Group Policy to support working folders

Finally, on the Active Directory server, configure Group Policy to support working folders, the main steps are as follows.

1) switch to the Active Directory server (LON-DC1), and in Server Manager, select Group Policy Management from the Tools menu. In the Group Policy Management dialog box, right-click Default Domain Policy and select Edit. In Computer configuration → policies → administrative templates →windows components → working folders, double-click force Automatic settings for all users on the right, and select the Enable radio button.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/72/wKioL1SCzsbx4HpoAAEDZk_m9C4276.jpg "/>

2) in the user configuration → policies → administrative templates →windows components → working folders, double-click Specify working folder settings on the right, in the Specify Working Folder Settings dialog box, select Enabled, and in the Working Folder URL text box, enter the URL of the Work folder server. Here is https://LON-SVR1.xuehao51.com (this certificate name is consistent with the working folder server computer name) and select Force automatic settings.

Executes Gpupdate/force, forcing Group Policy to be updated.


If in doubt, need to exchange please add teacher Liu Number:


650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/80/2C/wKiom1c527eQJU_cAAGePRoin8E387.jpg "title=". jpg " alt= "Wkiom1c527eqju_caageproin8e387.jpg"/>

This article is from the "Liu Daojun blog" blog, make sure to keep this source http://ldj027.blog.51cto.com/401017/1587088

MCSE R2 working folder Word Folders (1)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.