Work Folders overview

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows 10, Windows 8.1, Windows 7

This topic discusses Work Folders, a role service for file servers running Windows Server that provides a consistent way for users to access their work files from their PCs and devices.

If you’re looking to download or use Work Folders on Windows 10, Windows 7, or an Android or iOS device, see the following:

Role description

With Work Folders users can store and access work files on personal computers and devices, often referred to as bring-your-own device (BYOD), in addition to corporate PCs. Users gain a convenient location to store work files, and they can access them from anywhere. Organizations maintain control over corporate data by storing the files on centrally managed file servers, and optionally specifying user device policies such as encryption and lock-screen passwords.

Work Folders can be deployed with existing deployments of Folder Redirection, Offline Files, and home folders. Work Folders stores user files in a folder on the server called a sync share. You can specify a folder that already contains user data, which enables you to adopt Work Folders without migrating servers and data or immediately phasing out your existing solution.

Practical applications

Administrators can use Work Folders to provide users with access to their work files while keeping centralized storage and control over the organization’s data. Some specific applications for Work Folders include:

Provide a single point of access to work files from a user’s work and personal computers and devices

Access work files while offline, and then sync with the central file server when the PC or device next has Internet or intranet connectivity

Deploy with existing deployments of Folder Redirection, Offline Files, and home folders

Use existing file server management technologies, such as file classification and folder quotas, to manage user data

Specify security policies to instruct user’s PCs and devices to encrypt Work Folders and use a lock screen password

Use Failover Clustering with Work Folders to provide a high-availability solution

Important functionality

Work Folders includes the following functionality.

Functionality	Availability	Description
Work Folders role service in Server Manager	Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2	File and Storage Services provides a way to set up sync shares (folders that store user’s work files), monitors Work Folders, and manages sync shares and user access
Work Folders cmdlets	Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2	A Windows PowerShell module that contains comprehensive cmdlets for managing Work Folders servers
Work Folders integration with Windows	Windows 10 Windows 7 (download required)	Work Folders provides the following functionality in Windows computers: — A Control Panel item that sets up and monitors Work Folders — File Explorer integration that enables easy access to files in Work Folders — A sync engine that transfers files to and from a central file server while maximizing battery life and system performance
Work Folders app for devices	Android Apple iPhone and iPadВ®	An app that allows popular devices to access files in Work Folders

New and changed functionality

The following table describes some of the major changes in Work Folders.

Feature/functionality	New or updated?	Description
Improved logging	New in Windows Server 2019	Event logs on the Work Folders server can be used to monitor sync activity and identify users that are failing sync sessions. Use Event ID 4020 in the Microsoft-Windows-SyncShare/Operational event log to identify which users are failing sync sessions. Use Event ID 7000 and Event ID 7001 in the Microsoft-Windows-SyncShare/Reporting event log to monitor users that are successfully completing upload and download sync sessions.
Performance counters	New in Windows Server 2019	The following performance counters were added: Bytes downloaded/sec, Bytes uploaded/sec, Connected Users, Files downloaded/sec, Files uploaded/sec, Users with change detection, Incoming requests/sec and Outstanding requests.
Improved server performance	Updated in Windows Server 2019	Performance improvements were made to handle more users per server. The limit per server varies and is based on the number of files and file churn. To determine the limit per server, users should be added to the server in phases.
On-demand file access	Added to Windows 10 version 1803	Enables you to see and access all of your files. You control which files are stored on your PC and available offline. The rest of your files are always visible and don’t take up any space on your PC, but you need connectivity to the Work Folders file server to access them.
Azure AD Application Proxy support	Added to Windows 10 version 1703, Android, iOS	Remote users can securely access their files on the Work Folders server using Azure AD Application Proxy.
Faster change replication	Updated in Windows 10 and Windows Server 2016	For Windows Server 2012 R2, when file changes are synced to the Work Folders server, clients are not notified of the change and wait up to 10 minutes to get the update. When using Windows Server 2016, the Work Folders server immediately notifies Windows 10 clients and the file changes are synced immediately. This capability is new in Windows Server 2016 and requires a Windows 10 client. If you’re using an older client or the Work Folders server is Windows Server 2012 R2, the client will continue to poll every 10 minutes for changes.
Integrated with Windows Information Protection (WIP)	Added to Windows 10 version 1607	If an administrator deploys WIP, Work Folders can enforce data protection by encrypting the data on the PC. The encryption is using a key associated with the Enterprise ID, which can be remotely wiped by using a supported mobile device management package such as Microsoft Intune.

Software requirements

Work Folders has the following software requirements for file servers and your network infrastructure:

A server running Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2 for hosting sync shares with user files

A volume formatted with the NTFS file system for storing user files

To enforce password policies on Windows 7 PCs, you must use Group Policy password policies. You also have to exclude the Windows 7 PCs from Work Folders password policies (if you use them).

A server certificate for each file server that will host Work Folders. These certificates should be from a certification authority (CA) that is trusted by your users—ideally a public CA.

(Optional) An Active Directory Domain Services forest with the schema extensions in Windows Server 2012 R2 to support automatically referring PCs and devices to the correct file server when using multiple file servers.

To enable users to sync across the Internet, there are additional requirements:

The ability to make a server accessible from the Internet by creating publishing rules in your organization’s reverse proxy or network gateway

(Optional) A publicly registered domain name and the ability to create additional public DNS records for the domain

(Optional) Active Directory Federation Services (AD FS) infrastructure when using AD FS authentication

Work Folders has the following software requirements for client computers:

PCs and devices must be running one of the following operating systems:

Android 4.4 KitKat and later

iOS 10.2 and later

Windows 7 PCs must be running one of the following editions of Windows:

Windows 7 Professional

Windows 7 Ultimate

Windows 7 Enterprise

Windows 7 PCs must be joined to your organization’s domain (they can’t be joined to a workgroup).

Enough free space on a local, NTFS-formatted drive to store all the user’s files in Work Folders, plus an additional 6 GB of free space if Work Folders is located on the system drive, as it is by default. Work Folders uses the following location by default: %USERPROFILE%\Work Folders

However, users can change the location during setup (microSD cards and USB drives formatted with the NTFS file system are supported locations, though sync will stop if the drives are removed).

The maximum size for individual files is 10 GB by default. There is no per-user storage limit, although administrators can use the quotas functionality of File Server Resource Manager to implement quotas.

Work Folders doesn’t support rolling back the virtual machine state of client virtual machines. Instead perform backup and restore operations from inside the client virtual machine by using System Image Backup or another backup app.

Work Folders compared to other sync technologies

The following table discusses how various Microsoft sync technologies are positioned and when to use each.

Work Folders	Offline Files	OneDrive for Business	OneDrive
Technology summary	Syncs files that are stored on a file server with PCs and devices	Syncs files that are stored on a file server with PCs that have access to the corporate network (can be replaced by Work Folders)	Syncs files that are stored in Microsoft 365 or in SharePoint with PCs and devices inside or outside a corporate network, and provides document collaboration functionality	Syncs personal files that are stored in OneDrive with PCs, Mac computers, and devices
Intended to provide user access to work files	Yes	Yes	Yes	No
Cloud service	None	None	Microsoft 365	Microsoft OneDrive
Internal network servers	File servers running Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019	File servers	SharePoint server (optional)	None
Supported clients	PCs, iOS, Android	PCs in a corporate network or connected through DirectAccess, VPNs, or other remote access technologies	PCs, iOS, Android, Windows Phone	PCs, Mac computers, Windows Phone, iOS, Android

In addition to the sync technologies listed in the previous table, Microsoft offers other replication technologies, including DFS Replication, which is designed for server-to-server replication, and BranchCache, which is designed as a branch office WAN acceleration technology. For more information, see DFS Namespaces and DFS Replication and BranchCache Overview

Server Manager information

Work Folders is part of the File and Storage Services role. You can install Work Folders by using the Add Roles and Features Wizard or the Install-WindowsFeature cmdlet. Both methods accomplish the following:

Adds the Work Folders page to File and Storage Services in Server Manager

Installs the Windows Sync Shares service, which is used by Windows Server to host sync shares

Installs the SyncShare Windows PowerShell module to manage Work Folders on the server

Interoperability with Windows Azure virtual machines

You can run this Windows Server role service on a virtual machine in Windows Azure. This scenario has been tested with Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

To learn about how to get started with Windows Azure virtual machines, visit the Windows Azure web site.

Creating a Windows Service with C#/.NET5

February 10th, 2021

Windows Services

Windows Services have been a foundation of Windows since Windows NT. They help users, or system admins, manage long-running programs that execute in their own Windows sessions. It is fairly trivial to set them up and start whenever the computer boots, for example. Since they can be completely UI-less, they provide an interesting approach for tasks that don’t require user interaction, such as looking for directory or file updates, pooling a service, or logging data. Windows itself uses services for many common task that an operating system should do, like Windows Defender , and Windows Update .

This blog post will demonstrate how to build a system file watcher as a Windows service that runs in the background, and classifies images using the WinML model we’ve previously set in my previous blog post.

ASP.NET similarities

If you ever created an ASP.NET Core project, you probably noticed that the default templates create a Program.cs file. This file contains the worldly famous Main method. Actually, most templates create this method, aside from class libraries, which don’t necessarily provide a starting point for your code to execute.

In my last blog post we created a small program that parses the arguments passed down to it and processes one image file, using WinML. For a Windows Service, which must not end its execution straight away, we need to halt the termination of our process until the Windows Service manually is terminated, not only after a single image is processed. We don’t want the Start -> Process -> End flow to exist. To achieve this, instead of using the command line argument to inform a single image file path, we will change our software to expect a Directory path, which we will listen for file changes. Then, whenever a new file is created inside this folder we are watching, we will run our WinML code to move the file to a folder named after its category, recognized by our WinML model.

ASP.NET is the most common framework to provide a web service using .NET , but unlike a web service, a Windows Service is not necessarily accessed through the network. It is, still, quite simple to setup a Windows Service that hosts a web service. Since this is a possible scenario, Microsoft provides a NuGet package named Microsoft.Extensions.Hosting.WindowsServices that let us host our .NET process, with or without ASP.NET , as a Windows Service. It automatically provides logging capabilities to the Windows Events, the default output where Windows Services should log information to, as well as automatically logging life-cycle events, such as Started , Stopping and Stopped events. It also provides a helpful method to detect if your process is running as a windows service or not.

Coding, coding, coding!

With this NuGet installed inside our project, we can change our Main method to initialize a Host, which will initialize it as a Windows Service and run it. We’ll move all the WinML related code to a new Worker class, which will act as a hosted service without our host process. The code itself is simpler than it sounds:

As you can see, we are still using the CommandLineParser NuGet package that we’ve used on the last blog post, since we still want to make this software act based on the parameters that we invoked it with. You’ll notice that the CreateHostBuilder method has both the string array parameter, as well as our already parsed and valid CommandLineOptions . We need both, since we want the parsed one and due to the fact that the Host.CreateDefaultBuilder method allows you to pass parameters from the command line to configure it, so we need to pass down the original string array to it.

We start by creating this default builder. We then configure its logging to filter only if the log level is Information or higher, and then we add our hosted service. We also create a singleton with our parsed CommandLineOptions , which allows us to use it inside the ImageClassifierWorker class that is initialized for us by the default builder. We will expect a CommandLineOptions parameter in the constructor of our ImageClassifierWorker which will be automatically injected for us. We are also configuring our EventLogSettings with a LogName and a SourceName . These parameters let us choose where the Events from our logs will be stored. Last, but not least, we are initializing this host as a Windows Service. This last step is as easy as calling the UseWindowsService() method, which configures the host to use the logging properties we just set, as well as setting up automatic logging for the Windows Service lifetime events.

Since this new code will listen to new files in the directory we specify, we need a way to filter the file extensions we want to allow processing. We could hard-code this, but lets simply add a parameter to our CommandLineOptions class, which will easily handle all the parsing for us:

See how easy it is to support our list of extensions? Since these are the most commons ones, we support png , jpg , and jpeg , and all the classes we use to load our image handle these extensions, so we are safe with them. We’ve also updated the HelpText of the Path argument, to better reflect what it actually means.

Now that you understand the structure of our Program.cs , and we’ve updated our arguments, lets look at our new ImageClassifierWorker class, which inherits from BackgroundService :

This is the class that will run our WinML code. The ExecuteAsync method is going to be called automatically for us, so we need a mechanism to keep it from returning, to keep our process from ending. There are many ways to achieve that, specially since we need to return a Task . I’ve chosen a simple one that can be achieved in only 3 lines of code:

This should be at the very end of our ExecuteAsync method. The stoppingToken is passed down to our ExecuteAsync method, and it is an instance of CancellationToken which will be cancelled when our service is requested to stop. See how we are using the _logger object that we stored in our constructor? That is a handy helper that lets us log whatever we want/need. Remember that this code is headless (no user interface at all), so we need a way to know what our code is executing, and that is done through logs.

At the start of our method, we should load our WinML model, pretty much the same way we were doing before:

The interesting code that we are adding here is this:

This creates a FileSystemWatcher instance that will hook up to some Windows events for us, and automatically raise the Created event whenever there is a new file created on the folder we are watching. Notice that we are adding Filters to it, which are mapping to the extension filters coming from our new command line argument.

We are waiting 1000 milliseconds (1 second), before we process the file. The FileSystemWatcher is attached to the Windows events, and is so fast that it will raise the Created event even before the file is closed by whichever process is still creating it. If we didn’t add a Delay, our ProcessFileAsync method would throw an exception:

We could have created a retry logic if we caught this specific exception but, again, this solution is a simplification, and will keep our code simple for this sample.

The ProcessFileAsync method expects a full path to an image file and a confidence float, just like we had before. I’ve just extracted it to its own method. Also, I’ve changed the logic at the end to, instead of just printing the classification to the Console, to move the file to its correct folder:

Notice that the folderName argument passed in our MoveFileToFolder method is the label with highest confidence, returned by our WinML classification model for that one specific image. Therefore, we are moving that file inside a folder with its category name. The whole process is so fast that if you copy and paste an image file into the folder we are watching, it barely stays inside the folder, almost instantaneously being moved to a newly (or existing) folder.

Where is the service?

The next step is to (1) deploy this somewhere, (2) register our Windows Service, and (3) start it!

The deployment step is very straight forward. Right-click in our ImageClassifier project, inside Visual Studio, and select Publish . This will let you select where you want to publish it, and since this is a simple .NET5 console application, we can choose between a variety of places. Lets select a simple Folder .

On the next step, just select Folder again and click Next . On the last step, we need to select a path. I’ve chosen a simple folder inside my Desktop, but this could be anywhere you need it to, as long as the user you select to run the service have the proper permissions to execute it.

Click on Finish to create the publish profile, and then on Publish to build our code and deploy it!

You will see that all the files that we need are properly deployed in that folder, so we can now configure our service!

Another way to publish your project is using the dotnet publish command.

Service Controller

Windows Services are managed through a tool called Service Controller, a.k.a. SC . We’ll use one simple command to create a windows service, and we’ll start it manually through the services tab. Remember that you need admin privileges to create a service on Windows, so run an elevated command line to run these commands.

All we need is a name for our service, and which command should be executed (the binary path).

Notice that we are passing the binPath argument in quotes. We are passing our arguments to the executable right after the path, still inside the quotes, which will be handled by our implementation of the CommandLineParser .

Running this command should return a simple message, if successful:

This means our service is created, but not yet running. To run it, lets call the SC command again, but now with different parameters:

This will log some properties on the console, and you will probably read START_PENDING in the STATE , since the SC command will return immediately. The simplest way to check the state of your service is at Windows’s Task Manager . If you never noticed, there is a Services tab:

This means that our service is running! Lets see if it works!

Code in Action!

Since I’ve added the C:\Users\alzollin\Desktop\ImageClassification\Images path parameter when I created the service, it will be listening to new files created at that folder. Here is the folder before I do anything:

And I’m going to copy all these files at the same time inside this empty folder:

The instant I copy these files over to the Images folder, there will be an intentional one second delay, followed by a refresh of explorer showing all the images already classified:

Notice that some files were not moved, and that is due to our logic that moves them only if the WinML model classified them with a 90% confidence. But how do we know how these files were classified? The answer is the Windows Events.

Event Viewer

The Windows Event Viewer is a tool that helps you read the Windows Logs. Just search on Windows’ start menu for Event Viewer , and the Windows search will show find it. There is also a neat shortcut that I often use: Windows Key + X then V .

When you open the Event Viewer you will see a tree view on the left side, that categorizes the events. Remember when we configured our LogName , during our process initialization? This is where the log will be, inside the Applications and Services Logs :

Selecting our Image Classifier Service will show all the events that your service logged under that category, with the Level, Date/Time, and much more:

You can quickly see that the Cat2.jpg file was not moved around since its highest ranked classification was at only about 44% (0.44842827) of confidence, as a “tabby, tabby cat”. Since our default confidence is 90%, the file wasn’t moved. You can easily play around with this service, for example, by dragging images from the browser to that folder to see the logs of how they were classified. Just remember to refresh by pressing F5.

Conclusion

As we were able to show with our fun sample, Windows Services are not extremely complex, if used properly. They allow developers to implement complex scenario with a simple lifecycle management, and C#/.NET5 is a great technology to create them.

Don’t forget to check out the full sample source here.

I hope you enjoyed this 3-part series. You can read the other 2 blog posts here: