The Storage Team Blog about file services and storage features in Windows and Windows Server.
When we introduced Work Folders in Windows Server 2012 R2, we included support for PCs running Windows 8.1 and Windows RT 8.1. However, we knew that we needed to continue releasing support for other clients, and the number one request was to support the large number of enterprise deployments of Windows 7.
We heard the feedback and we are excited to announce that we have just released the packages of Work Folders for Windows 7 on the Download Center! There are 2 packages:
This blog post will focus specifically on the differences between Work Folders on Windows 7 and Windows 8.1 as well as deployment considerations. You can find more general information on Work Folders here in the Work Folders Overview
Windows 7 is still our most widely deployed operating system, especially in the enterprise, which is the group of customers who have been most interested in Work Folders support on Windows 7. So we created this release focusing on our enterprise customers.
Given the enterprise focus, the Work Folders for Windows 7 package can be installed only on PCs running the following editions of Windows 7:
This package can be installed only on these editions of Windows 7, no other operating system is supported by this package. The package also requires Windows 7 Service Pack 1.
For home users with Windows 7 PCs, we recommend upgrading to Windows 8.1.
To set up Work Folders on Windows 7, the client PC must be joined to your organization’s domain. If not, Setup will fail with the following error:
Work Folders provides two device policies that administrators can control. The policies are enforced on the Windows 8.1 clients before data sync is allowed:
The policy settings are not configurable, and they are enforced on the devices running with Windows 8.1 through the EAS Engine.
Work Folders on Windows 7 can’t enforce the lock screen and password policy due to missing feature (EAS Engine) support in the operating system. This can be easily mitigated with Group Policy to enforce password policies on their domain-joined PCs. Since Work Folders on Windows 7 is supported only on domain-joined PCs, you (as the admin) still have control over the password policies of all your Work Folders users.
You should continue using Group Policy to manage password policies for all the domain-joined PCs. For PCs and devices that aren’t joined to a domain (Windows 8.1 devices only), Work Folders will enforce its password policy as set on each sync share.
To do so, you’ll need to run the Set-SyncSharecmdlet to add the domain in which all of your Windows 7 PC computer accounts are located to a domain-exclusion list. We describe how to do that in the Server Configuration section below.
If you use the Work Folders password policy but do not configure the excluded domain list on the server, the user will see the following error during Work Folders setup:
Encryption is different on Windows 7, as the Windows 8.1 Work Folders encryption mechanism (selective wipe) is not available. On Windows 7, the files in Work Folders are encrypted using EFS, which does not have remote wipe capability.
On Windows 8.1 clients, users can view the sync status in the File Explorer status bar, and are notified of sync issues through the Action Center. On Windows 7, Work Folders can’t integrate into Windows Explorer and the Action Center, so we added a Work Folders icon to the notification area of the taskbar.
The Work Folders taskbar icon shows sync status, and also a convenient menu option to open Work Folders in Windows Explorer. The icon by default will only show notifications, and is not present on the taskbar. A user can choose to always show the icon by opening Control Panel, searching for “notification” and then using the Notification Area Icons Control Panel item, as shown below.
As mentioned above in the Policy enforcement section, if the administrator wants to enforce Work Folders password policies on Windows 7 PCs, the computer accounts must be in an excluded domain list. An administrator can configure the excluded domain list by using the following cmdlet:
Set-SyncShare <share name> -PasswordAutolockExcludeDomain <domain list>
For example, you can use the following cmdlet to exempt all computer accounts (this doesn’t apply to user accounts) of the contoso.com domain from the Work Folders password policy for the FinShare sync share:
Set-SyncShare FinShare -PasswordAutolockExcludeDomain “Contoso.com”
In this example, PCs in the Contoso.com domain (running Windows 7 or Windows 8.1) receive password policies from Group Policy – not from Work Folders because the domain is excluded from the Work Folders PasswordAutolock policy. Windows 8.1 PCs that aren’t joined to the domain receive Work Folders password policies, if set on the sync share – not from Group Policy because Group Policy applies only to domain-joined PCs.
Each user can be given permission to sync with a single sync share, though they can have a mix of Windows 8.1 and Windows 7 PCs that sync with this share.
When it is the time to upgrade or migrate a Windows 7 PC to a newer version, the expected behavior is listed below:
So that’s our Windows 7 app for Work Folders. Let us know what you think, and we’ll keep working on clients for other popular platforms and update when they’re ready.
Jian Yan and the Windows 7 Work Folders team
We setup a windows 7 test machine (enterprise) on our domain with the client. Installation was fine. Trying to connect to our work folders machine it shows error: "The connection with the server was terminated abnormally (0x80072efe) Even though all firewalls are off, bindings show 443 not used on server, and pingable/can be seen across the network.
I figured out that we needed a SSL cert for 443, so I added the registry entry to allow unsecured. 0x80004005 Unspecified Error however, upon realizing a binding on 80, I attempted to alter the port designation on system32 XML file settings for Sync share...however it will not allow domain or local administrator rights to do so?
@Fred, the client will always try to connect using either 443 or 80. You can ping us with your issue wfdisc at microsoft.com, to further discuss the details
I installed work folders on a server but I can not connect from a windows 7 client.Should I configure something special on the windows 7 client?
@Jared, what error are you getting?
Thanks for that great informations.
Visit http://cautionboringalert.wordpress.com/ for more info on windows 7 and linux, if you want to know how to do anything on windows 7 we have 12 hour service on are site we will awnser any queastions
about computers, with in 24 hours please feel free to check it out.
I have setup a single Work Folder in E:\Workfolders, shared in Windows Server 2012, only one group has permissions.
Users are say John and Mary. When I connect via my Windows 7 laptop (John) or Windows 8.1 netbook (Mary), I see a new folder in WorkFolders called john and one called mary, why am I not seeing the one shared folder and data structure where users see the same
From your description, looks like John is connected using Win 7, and Mary is connected using the netbook. John and Mary are different users, on the server, their data will be separated with each user folder. Work Folders is designed for individual user data.
If you are thinking of a team share scenario, Work Folders doesn't support that in this release.
Can Work Folders be used as users home drives in Windows 7? Are there pros or cons to use it instead of previous sync options?