Выбрать главу

The syntax for New-PsDrive is:

New-PsDrive -Name DriveLetter -Root \\ServerName\ShareName -PsProvider FileSystem

DriveLetter is the drive letter to use and ServerName is the DNS name or IP address of the server hosting the share and ShareName is the name of the share, such as:

New-PsDrive -Name g -Root \\CorpServer21\CorpData -PsProvider FileSystem

NOTE To ensure that the mapped drive is available each time the user logs on, add the -Persist parameter.

If the client computer is running Windows 8.1, you can map network drives by completing the following steps:

1. When you open File Explorer, the This PC node should be opened by default. If you have an open Explorer window and This PC is not the selected node, select the leftmost option button in the address list, and then select This PC.

2. Next, tap or click the Map Network Drive button in the Computer panel, and then tap or click Map Network Drive.

3. Use the Drive list to select a free drive letter to use, and then tap or click the Browse button to the right of the Folder list. In the Browse For Folder dialog box, expand the network folders until you can select the name of the workgroup or the domain with which you want to work.

4. When you expand the name of a computer in a workgroup or a domain, you’ll get a list of shared folders. Select the shared folder with which you want to work, and then tap or click OK.

5. Select Reconnect At Logon if you want Windows to connect to the shared folder automatically at the start of each session.

6. Tap or click Finish. If the currently logged-on user doesn’t have appropriate access permissions for the share, select Connect Using Different Credentials, and then tap or click Finish. After you tap or click Finish, you can enter the user name and password of the account with which you want to connect to the shared folder. Enter the user name in Domain\UserName format, such as Cpandl\Williams . Before tapping or clicking OK, select Remember My Credentials if you want the credentials to be saved. Otherwise, you’ll need to provide credentials in the future.

Disconnecting a network drive

In Windows Server 2012 R2, you disconnect a network drive using NET USE and Remove-PsDrive. The syntax for NET USE is:

net use DeviceName /delete

DeviceName specifies the network drive to remove, such as:

net use g: /delete

The syntax for Remove-PsDrive is:

Remove-PsDrive -Name DriveLetter

DriveLetter is the network drive to remove, such as:

Remove-PsDrive -Name g

NOTE If the network drive has open connections, you can force remove the network drive using -Force parameter.

In File Explorer, you can disconnect a network drive by following these steps:

1. When you open File Explorer, the This PC node should be opened by default. If you have an open Explorer window and This PC is not the selected node, select the leftmost option button in the address list, and then select This PC.

2. Under Network Location, press and hold or right-click the network drive icon, and then tap or click Disconnect.

Configuring synced sharing

Although the standard approach to sharing files requires a computer that is joined and connected to a domain, synced sharing does not. With sync shares, users can use an Internet or corporate network connection to sync data to their devices from folders located on enterprise servers. You implement synced sharing by using Work Folders.

Work Folders is a feature that you can add to servers running Windows Server 2012 R2 or later. Work Folders use a client-server architecture. A Work Folders client is natively integrated into Windows 8.1, and clients for Windows 7, Apple iPad, and other devices are becoming available as well.

Getting started with Work Folders

You deploy Work Folders in the enterprise by performing these procedures:

1. Add the Work Folders role to servers that you want to host sync shares.

2. Use Group Policy to enable discovery of Work Folders.

3. Create sync shares on your sync servers and optionally, enable SMB access to sync shares.

4. Configure clients to access Work Folders.

NOTE Group Policy is discussed in detailed in Chapter 6 “Managing users and computers with Group Policy.” For detailed information about configuring Group Policy to enable discovery of Work Folders, see “Automatically configuring Work Folders,” in Chapter 6.

Work Folders use a remote web gateway configured as part of the IIS hostable web core. When users access a sync share via a URL provided by an administrator and configured in Group Policy, a user folder is created as a subfolder of the sync share and this subfolder is where the user’s data is stored. The folder naming format for the user-specific folder is set when you create a sync share. The folder can be named by using only the user alias portion of the user’s logon name or the full logon name in alias@domain format. The format you choose primarily depends on the level of compatibility required. Using the full logon name eliminates potential conflicts when users from different domains have identical user aliases, but this format is not compatible with redirected folders.

To maintain compatibility with redirected folders, you should configure sync folders to use aliases. However, in enterprises with multiple domains, the drawback to this approach is that there could be conflicts between identical user aliases in different domains. Although the automatically configured permissions for a user folder would prevent amyh from the cpandl.com domain from accessing a user folder created for amyh from the pocket-consultant.com domain, the conflict would cause problems. If there was an existing folder for amyh from the cpandl.com domain, the server would not be able to create a user folder for amyh from the pocket-consultant.com.

With Work Folders, you have several important options during initial setup. You can encrypt files in Work Folders on client devices and ensure that the screens on client devices lock automatically and require an access password. Encryption is implemented by using the Encrypting File System (EFS). EFS encrypts files with an enterprise encryption key rather than an encryption key generated by the client device. The enterprise encryption key is specific to the enterprise ID of the user (which by default is the primary SMTP address of the user). Having an enterprise encryption key that is separate from a client’s standard encryption key is important to ensure that encrypted personal files and encrypted work files are managed separately.

When files are encrypted, administrators can use a selective wipe to remove enterprise files from a client device. The selective wipe removes the enterprise encryption key and thus renders the work files unreadable. Selective wipe does not affect any encrypted personal files. As the work files remain encrypted, there’s no need to actually delete the work files from the client device. That said, you could run Disk Optimizer on the drive where the work files were stored. During optimization, Disk Optimizer should then overwrite the sectors where the work files were stored. Selective wipe only works when you’ve enabled the encryption option on Work Folders.