Print

Course Transcript

Configure User Data in Windows 10

Mobile Data Access

Practice: File History

Course Introduction

Learning Objective

After completing this topic, you should be able to

1.

Can you think of anything more important than user data? corporate data? I cannot, and protecting that data is going to be important and granting access to that data of course is essential to any business's mission. So, in this section, we are going to talk about the data technologies in Windows 10 and that includes supporting the different types of user profiles, the different ways in which we can manage access to that data, and some unique ways in order to enable access. So things like work folders and of course, OneDrive, so some cloud based options as well.

Back to top

Mobile Data Access

Learning Objective

After completing this topic, you should be able to

1.

Data makes the world go around. And getting to our data from anywhere is an important business need, especially today. I want to talk to you about mobile data access in Windows 10. Now first thing we want to mention is we want to talk a little bit about some of the traditional challenges around accessing data, especially if the user is roaming around. You know – traditionally – when a user is on one station and the data is isolated on that station, well, it creates potential problems of course because then the data is inconsistent. Not only that, but the security that you want to apply, well, you might be securing it on one space, but you're not securing it in this other location. And then, when it comes to backups, well, you might be hit or miss if the data is moving around. So one of the things I want to mention is that when you have multiple devices, this creates all kinds of challenges for both IT and both the users. And you guys have probably experienced this if you had to tingle and wrestle with this problem. If data doesn't roam, the settings don't roam, the user is roaming, but things aren't following them around. So what do we do? The keyword to actually addressing those user data challenges is centralization. Centralization is going to help us maintain a central copy of that data where we can back it up, protect it, secure it. But, by providing access to that centralized location, we create a new set of scenarios and experiences for our users. That is we're allowing our users to go anywhere and access that data at any time. We also improve recovery situation. So, if the users' primary device goes down, they're not losing their data. You know, they just go to another authorized device and they can access the data from there. This creates a resilient, flexible environment and the keyword that enables all of this is centralization.

All right, here is a good example of synchronizing your settings to a centralized location. Now this particular technology in Windows 10 is not restricted to any one additional Windows 10 or restricted to corporate users. Consumers can use this feature as well. In fact, this is one my favorite features in Windows 10 because it allows me to roam my device settings. So, if I change – for instance – my theme on one device, then those gets synchronized across all of these other devices. Now there is one requirement here and that is that you have a cloud account – so like myaccountslive.com, outlook.com. And the reason why that's necessary is essentially you need to have access to the centralized location where the settings are being stored. And that's OneDrive. And, by storing those settings there, then they're made easily available here to the other devices where you're using that same account. Now you can configure this behavior in a Windows 10 device from that settings application. So let's actually have a look at this.

Windows eye will bring up that setting to application for you. And where you find that synchronization options in right here under sync your settings. So I'm going to click sync your settings, hit the accounts. It say sync settings, here we go. And then this has got information that relates to my live account. This is my cloud account. And I can manage it here if I want to. But look here on the left-hand side, do you see where it says – Sync your settings. All right, this is where I can turn on or off that syncing feature that comes with Windows 10. And this includes the ability to identify individual settings that I want to turn on or off. So, if I want to enable the ability to synchronize my web browser preferences, synchronize my theme, well I can do that right there. Now Windows 10 has other synchronization features. But, even just from a consumer standpoint, I find this an immensely convenient feature in Windows 10. And, as I said earlier is by far one of my favorite features. And a good example of this is when I'm trying to hunt for a favorites and the fact the favorites will follow me around, my web browser settings will follow me around, really proves to be handy in a lot of situations.

Now I want to look a little bit closer at OneDrive. Now OneDrive is the engine behind the sync your settings feature in Windows 10. But there is a lot more to it than just syncing the actual web browser settings or synchronizing my theme. OneDrive can actually be a personal cloud storage. So I use it in several different ways. I actually store some personal notebooks up there. I store some photos in there. In fact, my phone automatically uploads photos there. And what is great about that is no matter what device that I sit in front of, I have access to that camera role and I can actually get to those pictures. The other thing about OneDrive is it integrates with Windows. It integrates with other features such as libraries and other applications can take advantage of it. And there are a couple of different ways in which you can access OneDrive.

[OneDrive is a personal cloud storage from Microsoft. It makes user files available on every device, including non-Microsoft devices. It integrates with Windows libraries and windows apps.]

So here are the three different ways in which you might interact with OneDrive. For starters – you might use the universal app, also called a Windows app. And this is the tile-based access to OneDrive. I use this one on my phone all the time. And so it's going to integrate with other types of applications as well, allow you to share and access your data on the cloud. Then there is Windows Explorer which is...you know, the other name for this is the desktop app version of OneDrive. And this is just integrated inside of Windows Explorer. So, when you go to browse your my PC or this PC, you're going to see OneDrive listed as a folder just like you would see your C drive and such. Now this has got support for other operating systems as well. And you can install basically an OneDrive application on your other Windows systems and it's going to provide synchronization. So, no matter how you access it – whether you access it through, you know, your tile-based application here or you access it through the desktop app here – the data is going to be the same, right, because it's centrally stored. Then we've got over here – Onedrive.com. So this is the anywhere, anytime, any device type of access. So this is where you're using a browser to connect to OneDrive and accessing the data. Now, on Windows 10, OneDrive has several...has basically sync settings and several different options you can tweak. You can actually control which folders are being synchronized to your Windows 10 device and which ones are not synchronized. So we want to look at some of those OneDrive configuration settings as well.

Back to top

Work Folders

Learning Objective

After completing this topic, you should be able to

1.

The next topic on the docket is Work Folders. Let's have a look at Work Folders. How do you access your corporate files from a personally-owned Windows 10 device? Work Folders is an interesting technology because it seeks to overcome some of the problems around user accessing their corporate data, but doing that from a BYOD scenario from their own personal device. Now we could use VPNs. But VPNs don't synchronize the data and it requires a network. Work Folders has some additional features to it that give it advantages over even traditional remote access means.

So here is what Work Folders does for us – it allows workers to access their individual data from their devices from wherever they are. I love this picture actually of this poor fellow looking sharp of course, but lost in the woods. Nevertheless, he is able to access his Work Folder data. And that's because you can access the data from any device, anywhere. Now organizations still can enforce policies, and this is important. Users accessing the personally needed corporate data, but organizations can still apply policies in the event that device is lost or in the event the worker no longer works with that company. It's intellectual property in that regard. So it still allows organizations to apply mobile device management policies even though the data is sitting on a user's personal device.

Now let's talk a little bit about what Work Folders is not. And, hopefully, this will help clarify a little bit more about what it is. Work Folders is not a consumer service. This is not a cloud service. In many ways, it's similar to a cloud service and that we're providing a centralized location to store user data. Users can move from device to device to device and still have access to that data. But it's not a cloud service in that. It's publicly hosted by another organization – a vendor like Microsoft or Amazon – instead it's hosted by the organization. You see the problem with public cloud services is – well – users can store the data on the cloud and they have all that convenience, but the IT organization doesn't have any insight into that data, doesn't have any management over it. So you might think of this as kind of a corporate cloud service, right. So you or the organization is able to set up a Work Folder. This is going to allow users to sit at their desktop and their cubical, access that Work Folders, share, for put data into that work folder. And then, when they go home and they need to go and they need to do some work from their tablets or their personally-owned device – well – if we've Work Folders that's configured, then they are going to be able to access that same data and to do that securely and to do that in authenticated authorized fashion. And it doesn't leave the organization out in the cold because the organization still has the ability to apply mobile device policies against that data. So, if something were to happen, well, they can potentially wipe the data out without affecting the user's device. So it's important to recognize, Work Folders is not cloud services, but it's still the convenience of the cloud delivered by the organization.

Now I find this chart really useful. It helps me compare Work Folders to some of the other centralized data options, right. So the cloud, offline files for on-premise synchronization, Work Folders kind of falls right in the middle of that. The other thing that stands out to me is that Work Folders is not for team or work data, it's not meant for collaboration. It's meant for individual data for personal devices. So it's not a public cloud service and it is not an on-premise solution. It's kind of in between.

Back to top

Work Folder Components

Learning Objective

After completing this topic, you should be able to

1.

Now let's dig into the details of Work Folder components. Now some of these details really extend into the infrastructure piece and we'll talk a little bit about that. So keep in mind that there are aspects of this which is going to require an investment in Windows Server. Another important thing to keep in mind is that there are going to be a need for some certificate. So a publicly trusted SSL certificate may be necessary. Then again, we might need to invest in a private PKI. If you have one already, you are several steps ahead of the game in terms of implementing Work Folders. Now one of the other important components about Work Folders is that it's an entirely different protocol. So, in a similar fashion – on your server – you set up a shared folder. Only you are setting up a Work Folder share, so it has a different protocol behind it. So it's not SMB, it's a Work Folder protocol called sync shares. And these sync shares, well, you can have more than one per server. In fact, they can be one and the same. So you can have a traditional SMB share and a sync share be the same object or they can be different. Now one of the key benefits to Work Folders is the synchronization piece. The fact that a user can be on-premise making changes to their data, then they close it that gets synchronized right to their Work Folder. Then, when they access through Work Folder from another device, those changes are present. And so that's an important part of the way Work Folders provide an important benefit...the Work Folder provides. So it's a whole synchronization aspect and that's another important component in Work Folders. That being said, anything that's going to interrupt that synchronization or affect that could be a potential issue. So just be aware of that when it comes to restoring data and protecting data.

Okay, so let's dig even further into how Work Folders works by looking at the infrastructure. So what we have here is in the center our access point. This is the reverse proxy. The reverse proxy is accessible when you configure the URL on the user devices. And this is going to probably say HTTPS and then reference there the Work Folder's name and that's going to be also registered into DNS. So this is going to be your organization's path. So that's going to be something you need to define as well as deploying a reverse proxy server like the Web Application Proxy server. Now the reverse proxy server then is going to provide an entry point into the file server for those devices that are outside of the network. Those devices that are inside the network, well, those devices could be accessing it through a traditional path, even including integration with other more traditional kind of file share means. In either case, the benefit here...the practical use of Work Folders is the fact that data on both sets of devices are synchronized and you can access it from either place. The other thing I want to point out regarding the user devices is this is not restricted to Windows 10. This also supports Windows 8 devices. There is a Work Folders client you can download for Windows 7 and there is even one available for Apple iPad. All right,

so next let's talk about these file servers over here. Remember I said that Work Folders is a new protocol and so we can set up our sync shares as they are called. Now, when we set up Work Folders on those file servers, we can also apply what is called the device management policy. And there is the built-in policy and then we can extend policy control if we had mobile device management. So we could do things like require the devices to authenticate, we could have, you know, multifactor authentication, we can support selective wipe or we can wipe out that data. And what it actually does is it just removes the encryption keys, so the data can't be decrypted any longer. And so there is a secure way of preventing that data from leaking out of the organization or losing control over it. You can even enforce a rule that says – "We require the device to have a lock screen." And so you have several different management policies available to you. And then you can integrate this further with other file server technologies. So, for instance, you can restrict the types of files that are being used inside your Work Folders. So you can set up like a file screen that says – "We're not going to store MP3 files in there, we are only going to store certain types of files." And then a lot of the other features that come with Microsoft's, you know, data management options. So RMS, file classification, reporting features, all of that goodness that comes with a Windows file server that all works with Microsoft's Work Folders. That's pretty cool stuff.

[Device Management Policy limits access to registered devices. It supports file encryption and selective wipe. It requires a device to have a password and device locking.]

Now we also have authentication here. So let me mention that you have different authentication options. You can use traditional Kerberos. But you can also integrate with Active Directory Federation Services for other authentication methods like OAuth and basic Windows authentication. So this gives you kind of an overview of the different components. The highlight is really that we're using multiple devices from different places inside the network, outside the network. We're accessing these shares and the data is being synchronized between them. All right, here is a quick list of the different Work Folder clients that are Windows based. We have Windows 7 through Windows 10. Windows 7 requiring it to be a member of the domain. The others could be personally-owned devices. And then you can also use it in Apple iPad, iOS 8 supports Work Folders. All right, there are three ways in which Work Folders can be configured. First off, the user does it all. So it's a manual configuration. They go into the settings application, they type in that URL. Then there's the option to use policy-driven configuration. And that can include an advertised kind of a soft deployment or configuration where the user decides to participate or not. Or one that is mandatory because the device is enrolled in MDM. And so we push the policies down and the user doesn't have to do anything and yet we've got that device under the umbrella of our MDM or our policy management system. And that could be something like Microsoft Intune or System Center Configuration Manager.

[The different authentication options available include Kerberos, Digest, and Active Directory Federation Services. There are three methods to configure Work Folders. The three methods are manual, opt-in, and mandatory. In manual method, URL is discovered automatically. In opt-in and mandatory methods, settings are distributed to devices via GPO, SCCM, or Intune.]

Now we all care about this, right. We all care about security. And the minute we start talking about Work Folders, you know, you might be a bit apprehensive when you learn that we are talking about putting corporate data on individually or personally-owned devices. The good news is this Work Folders has got several security features to it to make this technology adoptable. So we've already mentioned the fact that devices can be enrolled into a policy-driven mobile device management infrastructure, so something like Intune. So that would give you added control, things like selective remote wipe. The authentication and identity model is pretty extensive with the help of the Active Directory Federation Service. And you can actually require multifactor authentication with Workplace Join if you wanted to.

Then with Web Application Proxy – that reverse proxy engine – well, the way reverse proxy works is it's more secure in many ways than a VPN because you are limiting the connection to just the Work Folders. A VPN would permit someone to dial in from a personal device and then have free reign to go anywhere they want in the corporate network. Whereas, reverse proxy prevents them from going anywhere. Instead, it presents the data of Work Folders to them and so this is going to be a more restrictive, more narrower connection. And then we've got other built-in policies. The ability to actually require encryption. So all the data is encrypted and then we can also require that the device have a password locker or lock screen. Actual connection, right. The actual connection is maintained in an SSL connection. So all that data is encrypted, the transactions are encrypted, and the data transfers are encrypted. And then, the device authentication can be based on certificates as well. And so that can further improve, you know, the authentication scheme that we are using. So there are several important aspects of Work Folders security that makes this robust and trustworthy.

Back to top

User Profiles and Libraries

Learning Objective

After completing this topic, you should be able to

1.

Now, if you need to manage a user on a Windows 10 machine, you really need to know the ins and outs of user profiles, and how they interact and work with their data to structure the profile and the different types of configurations that you as an organization – as an IT pro – can bring to a profile to kind of streamline it or even configure it so that users can access their profile from any device. So we want to talk now about user profiles and another feature that's related to that called Libraries. So the first question we want to ask – what are user profiles? Now user profiles really is a combination – a composed group – of folders and registry settings. And there is a lot of different folders and registry settings that make up the user profile that you're probably pretty familiar with. Things like My Documents, at least that's what it was called in XP, right now it's called Documents. Then Music, then Photos, but then there is other things related to it like the Desktop, that's also a folder. So we've got a very specific folder structure that's associated with the profile. In addition to that, we've got registry settings. And these settings can pertain to the system, they could pertain to the user's log on. So like, for instance, the theme and the background and those kinds of customizations. But then, you have a lot of applications which store their data on a per user basis rather than kind of a per system basis. So the user profile is an important part of the Windows, overall Windows architecture, or Windows installation.

[Some contents of user profile include Videos, Pictures, Desktop, Downloads, Favorites, Personalization, Home Page, Cookies, Documents, and Ease of Access.]

Now there are some common profiles. These are what you might say is kind of like the basic profiles. First one is local, right. Now anytime somebody logs onto their system and makes changes to it, that's per user. Well, then those are going to be stored in their personal local profile. Now you can find this profile folder if you open up the user's directory. Go to C drive – typically – Users, and then there will be a folder for each person who is logged onto their machine. And that's going to be your local profile. When you log on, right, you have your desktop opened for instance. Every time you add something to your desktop or you make a change and then log off, it gets saved to that local folder structure. And to the registry that's also part of that local folder. Now a question here is where do those folders structures come from? Well, that all comes from a template called the default profile. Now you don't see the default profile by default. It's actually hidden. But, if you were to turn off the hidden options and you would turn on your view options, you could see hidden files. You would find that default folder in there. And anything inside the default folder is actually what is provisioned and used to kind of set up any new profile. So you create a new user account. When they go to log on for the first time, the default profile is copied and then renamed and then they're given their own personal local profile.

[Some common user profiles are Local, Default, and Public.]

Now there is also a public profile and this is an interesting profile. In that it's kind of a partial profile set specific configuration areas or folder areas that are designed to allow cross profile sharing. So here is an example of that. Let's say, for instance, go to my house and we've got this laptop there at the end of the hallway there near the living room. And just about everybody comes by and sits down one time or the other and they're doing something on that laptop; and my wife is on there, checking Facebook; my daughter is on there, doing homework; my boys are on there, checking out their gaming forms. Now, because we're all logging in into this machine with our own accounts, there is separate profiles for each one of us but it's a shared system. Now one of the things to recognize is if I want to share something across all of the profiles for all the people logging on, one way of doing that is putting that into, like, the Public Documents. Public Documents is an area of the public profile that is actually available to anybody. So, if I was to store, you know, a little – hi, hello, how are you? – note in the Public Documents, then when my son logs on, he would see that in his Documents folder and my wife would see it in her Documents folder. So these are your common user profiles. Everybody gets a local profile created from the default profile. And then there is also a public profile which is there really is, kind of, a way to kind of bridge each other profiles if you have a shared machine like I was describing.

Back to top

User Profiles

Learning Objective

After completing this topic, you should be able to

1.

All right, I want to talk about working with files. Now this may not be the most exciting topic as we do this on a daily basis. But really, if you think about it, our digital lives are in files. I mean our pictures are in there, our work is in there, the great American novel that we're writing on the side – it's all in files. So managing files – that's an important ability when it comes to working inside our computers and working with Windows 10. So I want to talk a little bit about working with files in Windows 10 and how Windows 10 has got a great search engine to help us find the files that we're looking for. It also has the Libraries feature, which was first introduced with Windows 7. Interestingly, they turned it off in Windows 10, but I'll show you how to turn it back on.

[User files are either stored in their profile folders or are stored online. Files can also be accessed through Libraries.]

Special user profiles – these are profiles that are special. And what does that mean? Well, they are out of the ordinary. They are not just your regular, local profile or default profile. These profiles have special functions or they've been enabled by the IT pro, maybe you, so that you can – you know – provide a different experience for users or solve some sort of problems. So let's talk a little bit about what these do and what kind of problems they solve. So first off, roaming profiles. Roaming profiles, right. Some of you have bittersweet tears whenever you hear the word roaming profiles. Roaming profiles have this love-hate thing going on. Some of us love to hate them. Now the thing with roaming profiles is they solve a very specific problem and that's the fact that when a user logs on to one machine, they get their profile. Then when they log on to another, it's a different profile, it's a different desktop. They got different shortcuts, they have a different experience, their data is different. So roaming profiles meant to help solve that by having the profile follow the user around. But there are problems with them because the profile structure is so complex and deep. So one of the things we've recognized is that it would be better just to roam specific parts of the profile like just the application data. And then we're going to deal with user data other ways. Maybe combining roaming profiles with folder redirection or some other data synchronization technology, so that we're not actually having to download an entire profile structure every time.

Roaming profiles are still alive and well. And there have been improvements in some of the supporting technologies when it comes to roaming profiles. So don't totally dismiss roaming profiles even though we're in this, you know – the age of Windows 10. It's still a viable option in some circumstances. Now, if for some reason you can't load your roaming profile, Windows 10 might give you a temporary profile and that means that you're not getting your synchronized data perhaps. And you might actually want to require the user to get the profile and disable or prevent them from making changes to it. By that, we're talking about mandatory profiles and super mandatory profiles. So what I want to do now is take a look at these different types of profiles and the differences between roaming, mandatory, and super mandatory. Another thing I want to show you here is when it comes to roaming profiles, one of the things you have to be careful of is different versions. So Windows 10 versus Windows 7 profiles. There are structural differences and that can create some potential problems. So you have to be aware of the different versions and implement version control when it comes to using these special user profiles.

So you want to set up roaming profiles. Well, it's really just a few steps, very similar to the way we did it in the past – just have to be mindful of how to create the permissions and making sure the infrastructure is available and there are a couple of ways in which you actually might advertise the location of your roaming profiles. So profile versioning – that's going to be important because if we have users moving from different editions of Windows, that can create some compatibility and some integrity issues. You don't want to corrupt your profiles. You want to actually dedicate a group or manage your groups as a recommended process or creating a user group for those people who are going to participate in user profiles. Then you have to set up your shares, sign that appropriate permissions, and then enable it either through Group Policy or you can do it directly against user account or target computer accounts. You might have some restrictions on how much space can be actually taken for user data. So you might have some concerns about the user kind of camping, squatting on their systems, or putting a bunch of data on even file shares, data that...well, you don't want to support like maybe their Video library or their Music library or whatever. So you got a couple of things you can do in Windows to actually restrict the space usage by your users. Now one really basic one is disk quotas. Disk quotas is a per volume per user restriction. And this actually has been around since Windows 2000. And yeah, we still talk about it. Now disk quotas is something that you can turn on to restrict how much space, say, a particular user is using. And it's not going to restrict on a type of file, it's actually a per volume space limitation. So I can say, for instance, I don't want so and so to use more than 10 gigabytes of space, something like that.

Now, if I want something a little bit more sophisticated on my file servers, I might use something like File Server Resource Manager – FSRM – that has file screening and better reporting features. But, if I'm looking at providing restrictions on Windows 10, I can't put FSRM on there, disk quotas is what I have available to me. And I can actually push down settings via Group Policy if I want to. So, if I need to restrict how much space a user is using on a volume on a Windows 10 machine, I can go to the properties of that drive and I can enable disk quotas.

Back to top

Folder Redirection

Learning Objective

After completing this topic, you should be able to

1.

Next up, Folder Redirection. What exactly is Folder Redirection? Folder Redirection is a way that I can provide a network location for users' local folders. In other words, when they go and store data on the documents folder, it looks like it's part of their local profile. But, in reality, it's actually on a network location. It gives me several different advantages. One – the user is unaware perhaps that it's being stored on a server. Two – it can follow the user around, so no matter what machine they go to, that documents folder has the same content. It's like magic, right. And three – it's centrally located. Remember centralization is the keyword, it's the magic word. It's a word that all IT admins love because it gives us a central point of control of backup and of management. Folder Redirection gives me all of that.

All right, here is another fun word – user state virtualization. Well, what is user state virtualization? Well, it's about creating technologies or a total solution for the user's data and settings follow the user around. So you've got a technology or combination of technologies that provide this experience. Now Folder Redirection which we've been talking about is actually part of a user state virtualization solution. Now it's not the only one, but it plays a role. And, when you take kind of the best of these different technologies and bring them together, you can implement a USV option. Alternatively, you might consider Microsoft User Experience Virtualization. It's an additional way of actually enabling user state virtualization and it's really meant to address the shortcomings of some of these other technologies.

All right, let's have a look at Folder Redirection in more detail. Remember, with Folder Redirection what we're talking about is we're talking about taking some of the default data locations, the places users go already, the places they are familiar with, right. So we don't want to confuse them. What we are going to do is we are going to redirect those data locations to our servers. And we are going to do that through Group Policy. And so, when they go to log on, that documents folder is not going to be on their local machine even though it appears to them it's on the local machine. Now there are a lot of key advantages to this. So, no matter what computer...Windows computer the users, you know, log in to, they are going to have access to their data. Other key benefit here is that when you combine Folder Redirection with other technologies, you are able to create a more complete user state virtualization. This means that you can actually reduce the size of your roaming profiles. Because, instead of including these folders in the roaming profile, you can roam just the application data in the registry, right. But the user data like documents, well, you are handling that, managing that through Folder Redirection. So that's one of the reasons why they work well together. Roaming profiles can take care of this bit, Folder Redirection can take care of the user data in this bit over here.

[Some advantages of Folder Redirection are as follows: 1. Reduced size of Roaming Profiles. 2. Local hard drive failure does not affect the redirected user data. 3. Faster access and more intelligent synchronization in Windows 8 or Windows 10 (with Offline Files). 4. Designate "Primary Computer Support" with Server 2012, which prevents user data from roaming to unspecified machines such as conference room computers.]

Now you can combine it with other server-based technologies to help manage how much space it's taking. You can link it, make it resilient with the help of a service called DFS or things you can do along those lines. You can make it available offline here with offline files so that if there is intermittent networking problems, then the user still has access to it, very cool. And this last one right here – new in Windows Server 2012, new wish if you will – is this thing called primary computer support which basically means there might be some systems you don't want Folder Redirection happening. So like the conference room machine or those HR classroom machines, you got a person who sits down in front of it and logs on and then you don't want all of this stuff starting to happen as the profile and Folder Redirection occurs and all that in offline files and synchronization and all that. Instead, those machines are meant to be, you know, have a lightweight impact. So you can set up a policy basically indicating in...through policy indicating which systems are primary computers allowing for the full synchronization of the user state from this machine and this machine and other machines you can exclude. All right, so that's something you could do in Active Directory through the help with Windows Server 2012. Final thing I want to mention here are some of the recommendations around using Folder Redirection. All right, so here is a look at some best practices or recommendations. Lot of that I think is pretty common sense if you've done this before setting up a share. You don't want it available for just casual browsing. So it's a good idea to hide your shares and rely on groups, grant a minimum set of permissions, but the permissions that the user actually needs. And, as I was talking about earlier, combined Folder Redirection with other technologies, that's going to give you the best results.

[Some recommendations for Folder Redirection are as follows: 1. Backup redirected data. 2. Use security groups. 3. Use hidden shares. 4. Grant minimum permissions to users. 5. Combine Folder Redirection with Offline Files. 6. Consider using primary computer designations, EFS, and DFS. 7. Do not use the "Redirect to home folder" setting unless you already have home folders.]

Back to top

Offline Files

Learning Objective

After completing this topic, you should be able to

1.

Now here is another technology that you can combine with some of these other user state technologies. And one of the great things about Offline Files is it can address concerns about network connectivity. So, when talking about Folder Redirection, how users can connect to data on the network and it appears as if it's on their local machine or talking about roaming profiles where they're actually downloading parts of their profile under their local machine, both of those require that they actually have a network available to them. But what happens if the network is not available? Right, we don't want that. So what we do is we cache the content from those locations to their machine so they can continue to work offline using the data, accessing the data that they need, right. That's the beauty of Offline Files.

[The Offline Files feature in Windows 10 caches network data to the local system. The cached data is available even if disconnected. Caching can be automatic or manual. Changes to the data are synchronized in the background. The Offline Files feature supports exclusions and supports disabling Offline Files on individual redirected folders.]

So what exactly is Offline Files? Offline Files is all about caching network data to the local system, so it's available locally. Offline Files also synchronizes that data between the local machine and the network machine. So, when the network is available, the two can stay synchronized. When the network is not available, the user can continue to work. Now there has been enhancements with Offline Files. This is something that, you know, not new but the enhancements that have been included over recent years including Windows 8, Windows 10, makes it more robust, more trustworthy. One of the things that's pretty cool about it is it has a background synchronization feature. So, when the system is idle, that's when it will do this transparent kind of synchronization and transparent caching.

You can enable a feature called always offline which forces the machine to always use the local data as opposed to the network data and that can potentially improve performance. So this translates to the fact that the user is going to have a great experience because they're always going to have the data they need even if they're disconnected from the network. And then, when they do connect, that data gets synchronized. Now a word of caution, okay. Once again, we're not talking about collaboration, we're not talking about whole teams of people connecting to one location and making multiple changes to it. Offline Files cannot resolve conflicts like that. This is for an individual user accessing individual data. There are different applications when we need collaboration and that's where we're going to use SharePoint and Office 365 tools. And we're going to use these tools to control, you know, the versioning and to be able to collaborate. Those are not what we're talking about here with Offline Files. Offline Files is single user accessing their data, keeping it synchronized on their device, and keeping the data available even if the network is not available.

Now here is a look at some of the other details behind offline caching, couple of features to be aware of. You can control the location of your cache; it's called the CSC folder by default, the client-side cache. And, in many cases, you can actually toggle on or off whether or not you're in offline mode. User can also do manual caching, which means they can connect to a shared folder. If there is a file in there they always want to have access to, they can right-click on it, choose always available offline. That's manual caching sometimes called pinning the file. Over here, we have automatic caching. This is where from the server you're telling the server to always cache this to the client-side cache here. So there is automatic caching and manual caching options on the share itself. Now, in addition to that, there are settings in Group Policy that can drive the characteristics or the behavior of Offline Files. So you can set it up. Transparent caching and Background Sync – these are some enhancements. You can also control the behavior if a slow link is detected and enable some file screens. Now, on the client side, it's important to be aware of the Sync Center. The Sync Center can be your friend in helping users troubleshoot potential synchronization problems that you might encounter when using Offline Files. These are some features we definitely want to look into.

Back to top

UE-V

Learning Objective

After completing this topic, you should be able to

1.

Windows 10 supports UE-V. What is UE-V? Well, UE-V stands for User Experience Virtualization. And then of course the question is, well, what does that mean? What is User Experience Virtualization? Well, UE-V is all about user state virtualization. Remember user state virtualization is all about providing users their environment – that profile environment – those application settings, those Windows settings for wherever they go. You see UE-V goes beyond those inbox approaches like roaming profiles and Folder Redirections. And it seeks to overcome some of those problems that are inherent with those built-in approaches. Instead, User Experience Virtualization provides a consistent experience via an actual virtualization agent. Now this means more reliable consistency for more scenarios. So take the fact that User Experience Virtualization supports, for instance, synchronizing desktop settings from a tablet to a desktop to actually a remote app experience or an RDS or VDI experience. And it can synchronize just application settings. So, it doesn't matter how the app is accessed, whether it's locally installed or they are accessing it through like remote app in RDS. So it's far more comprehensive. It supports more heterogeneous environments and it really is more intended to give a more consistent experience. Now one of the things you should be aware of this is part of MDOP – that's a Microsoft Desktop Optimization Pack – and there are other features that come with MDOP. UE-V is just one of several.

[User Experience-Virtualization is a part of Microsoft Desktop Optimization Pack. It enables settings to follow the user when he moves from one Windows device to another device.]

All right, here is a quick look at some of the features that UE-V provides. I'm going to highlight a couple of them for us. First off, it's Windows only, so we're not doing desktop synchronization across other devices. But the advantage here is that you can do this across multiple types of Windows installations and multiple editions of Windows. So you've got the ability to synchronize desktops and tablets and even VDIs across each other, which is pretty cool. It is going to require an installation of an agent, so you're going to have to deploy an agent which is going to do a lot of the hard work for us. There is support for the new application model in Windows 10 called the universal apps. And one of the key components to how UE-V works is this idea of a settings store. So you're going to define a shared folder location to store these settings. In there, you're also going to be able to define and create templates for the different application settings. So it relies on a couple of components that you define, but it's pretty straightforward. You have, in terms of management and deployments...you have PowerShell and you have Group Policy & System Center support.

[Some features of User Experience-Virtualization are as follows: 1. It replaces Roaming Profiles. 2. It requires client-side agent. 3. It supports Universal Windows app setting. 4. It relies on Settings storage and templates. 5. It integrates with Group Policy and System Center.]

Now you also look at the components that UE-V provides. You've got, in the center, the piece that does all of the work and this is the agent. It's the one monitoring the system for changes and making sure those changes get written to the settings store for synchronization purposes. Another important piece to this is the fact that you can create template settings, template settings for your application. So you can tell the UE-V agent what settings that you need to keep synchronized? What registry settings to monitor and so forth. And MDOP with UE-V includes a tool called the Generator, the UE-V Generator to help you and assist you in easy building and creation of these templates. And then you want to distribute of course this agent across your machines and you can do that in a variety of ways. That is called command line way of installing and configuring the agents, but you can deploy it through your other server-based, you know, deployment options as well.

All right, here is a quick look at some of the UE-V requirements. In regards to Windows 10, we have Enterprise or Pro edition. Now the reason why it's Enterprise or Pro edition is this is really geared towards businesses. So the problem we are trying to solve is to give our users and the devices that they are using a consistent experience, so they can, you know, do their work and be productive. And so that's where...that's what the requirements tell us in terms of kind of the story behind User Experience Virtualization and the problem it's trying to solve. The other thing I want to highlight for you, again, is that the fact that it requires MDOP. So this is geared towards volume license customers. So you need to deploy UE-V. Well, first things first, you got to meet those requirements. Second of all, you're going need to define that network share which is going to be your settings store. You might also need to define any templates with the appropriate settings and edit your template files so that they identify exactly what settings in the applications you want to synchronize. So, for those line of business apps and those unique business scenarios that you need to provide certain settings for, that's what you need to also define. And then of course you need to deploy your agent. So AgentSetup.exe – this guy right here, that's going to deploy the agent. You can script that, you can deploy it through, you know, System Center or through other kinds of application deployment methods. But, when you deploy that, you can also define a custom location or the settings store location or rely on Group Policy that help you with these deployment steps.

[Some User Experience-Virtualization requirements are as follows: 1. It requires Microsoft Desktop Optimization Pack license. 2. It requires administrative credentials for every computer with User Experience-Virtualization installed. 3. It has support available for Windows 7, Windows 8, and Server 2008 R2.]

Back to top

Other Data Techs

Learning Objective

After completing this topic, you should be able to

1.

Okay, now what I want to do is touch on a couple of other scenarios that relate to users getting access to other data and a couple of features in Windows 10 that can improve or enhance accessing that data. So a couple of other data technologies that I think are – you know – pretty common, many of you are familiar with these. Users are going to access their data in a variety of different places depending on the kind of data and the kind of work we are trying to do. So file servers, web servers – real common places to go to get information, upload information, share information. And, in a collaborative approach, we can use SharePoint. And then we might be interacting through a specific application and then cloud services are a big deal today. Now, in regards to these other data sources here, Windows 10 has a couple of features in it that can improve accessing data on those different locations.

So, for instance, there is a feature called BranchCache. And BranchCache, what it does is it can...when it's enabled on Windows 10 machines, it can reduce the amount of traffic used over a WAN link when accessing like file shares, accessing web sites, and any other types of technology that supports branch caching. So let me give you an example. Let's say, for a minute, that this device right down here is accessing a SharePoint site up here. And so it's grabbing some data, grabbing some files. And so that data is then being downloaded back to this client. Now, with BranchCache enabled, this client - this Windows 10 device – can store locally. BranchCache, by the way, is also supported in Windows 7 and in Windows 8 and 8.1. But, in recent editions, we have some improvements. So it's actually a much better solution here in Windows 8 and Windows 10 than it was in Windows 7. It's, you know, encrypted. The actual traffic that's exchanged, it is smaller and optimized. So they have improved BranchCache quite a bit. And so now we've got a copy here on this guy.

Now here is what happens. Let's say this neighboring device over here, either one of these also needs the same data on that same web server over here. What can happen? Well, what they'll do is they'll go and they will contact that server and that server will inform them, "Hey, that data was cached, right, that was cached." So this guy will go and find that data on its neighbor and download it locally. That reduces the amount of traffic that's occurring over this WAN link. And then that's the beautiful thing about BranchCache. Now this right here is called a distributed mode where you have kind of a peer sharing. Alternatively, you can set up a BranchCache called hosted mode where if you have a local server, it can be kind of the primary place and kind of the central caching for that regional office at branch location. So any devices in this regional office won't share their cache data from each other. Instead, they'll share that cache data and pull that down from that server, okay. So that's one example of a technology that Windows 10 has built into it to help improve accessing data. Now the next one here I want to mention is DFS. The DFS is a server-based technology. So what we're doing there is we've got file shares and DFS is primarily intended for file shares and...or it can support applications who also have file shares. The way DFS works is you have a DFS target or namespace. Clients refer to data by accessing that namespace. The namespace itself, however, has redirectors in it. So the actual file servers, well, we could have more than one.

So let me illustrate exactly what DFS is doing for me. So imagine I've got a server up there and this server is hosting the namespace. And so the clients down here can refer to this, but when they refer to this, what is behind this might be a redirection to some other file shares. So the client doesn't know right per se, the location of these file shares. Instead, they are being redirected. Now the reason why this is beneficial and why it's called Distributed File System is if anything were to happen to this link right here – right – if that particular file server fails, then we still have a connection available to this guy here. We still have some resiliency. So DFS allows me to take shared data that would be in a file share and have it stored on more than one file server. And then, when changes occur to the one, those get replicated to anyone else who is part of the replication relationship. And this gives me the added benefit of keeping this data protected and synchronized and then I have a failback option. So, in case one goes down, we've got the other one that we can redirect clients to. Now Windows 10 has built-in DFS clients. So it supports DFS completely like the other Windows operating systems. And so this is again another example of a file share data access technology that's built into Windows server that Windows 10 can take advantage of.

Back to top

HomeGroup

Learning Objective

After completing this topic, you should be able to

1.

In this next section, I want to talk to you about HomeGroup support in Windows 10. And by HomeGroup, we're not talking about like your local neighborhood, reading group, or wine tasting group; we're talking about a technology that allows Windows 10 to participate in a HomeGroup network and be able to easily share files and folders. So how do you share your files in Windows 10? Well, there are actually several ways in which you can share your files with other users on your network. We've got HomeGroup, we've got OneDrive, we've got traditional shared folders. Now what I want to do is I want to focus in on how to share files using HomeGroups. HomeGroup – one of its primary benefits is the fact that it's meant to make sharing files easier. Because in the past – I don't know if you've ever tried to share files on XP in a small work group – oftentimes, it's a pain in the butt. But it can be made better if you know how to do it. So we're going to do HomeGroups because that's much better.

Now let's talk about sharing in HomeGroups. How does this work? First of all, HomeGroups take this library idea and allows users to indicate what folder in their library they want to share. And then it's immediately made available to any other device that's a member of a HomeGroup. HomeGroups are kind of a work group, kind of a small device networking. And the name implies exactly the scenario that Microsoft has envisioned for this and that's for people at home who want to share their files, their music, their movies with each other and they want to make it as easy as possible. Because, if you did it in XP, you would have to go and create a local account and set up a password. And that local account would have to be set up in all your other machines and they would all have to have the same password. And you have to have multiple local accounts and then someone has to go and create a shared folder and know how to do that and how to set up the permissions. I know it's just a pain in the butt.

But HomeGroups were introduced in Windows 7 to make it much, much easier. So all you need to do is enroll into a HomeGroup and you'll immediately be able to see whatever folders have been marked for sharing in the other user's libraries. And so you'll see their music, you'll see their folders. And so part of this is the implicit trust that comes with this, right. If you're all living together in the same home, you'll connect to that same network and there is kind of an implied trust that you're going to be sharing some of this stuff anyway. And so because families and people who are kind of cohorts and live in the same place, they all kind of share stuff anyway, Microsoft wanted to implement a technology to make that simple. Now it's secure because HomeGroups are not permitting sharing with devices outside of the group. You have to be in the group to be able to actually see and share this access and access other people's libraries. And the way you do that is you have to provide a password. So, when you come into like your neighbor's house and they have a HomeGroup. And you bring up your tablets and you see a HomeGroup there and they might even get a message that says, "Do you want to join their HomeGroup?" Well, you'll be able to click on it, but you will have to put in a password. And so someone is going to have to tell you what the HomeGroup password is so you can participate. And then the actual traffic between the devices is also protected. What is interesting about this is this is IPv6 technology. So this is something that is available in Windows 7, in Windows 8, in Windows 10. But it's not something that you can do with older versions. It's only IPv6-based operating systems, and 7, 8, 9...well – not 7, 8, 9 – 7, 8, 10, well they all have IPv6 – 6, 7, 8, you know what I mean.

Back to top

OneDrive and Shared Folders

Learning Objective

After completing this topic, you should be able to

1.

Alright, OneDrive. Now we've talked a little bit about OneDrive in another section elsewhere. What I want to focus in here is how do I share my files using OneDrive? Well, this is kind of neat because I can actually upload my content to my OneDrive folder and it's automatically shared with me, right. So any device that I go to, I have access to my data because that's a whole thing with – you know, the whole cloud thing and everything. So what if I want to share something in my cloud with somebody else? You can do that with OneDrive. Okay, the next thing we want to talk about is good, old-fashioned Shared Folders. The reason this is important is because, well, HomeGroups and OneDrive those are convenient, but we're not using those in corporations to share files. And, so a lot of times, we're going to rely on traditional Shared Folders to share files among users in our business. It's also useful if you're an IT pro or a power user to understand how SMB file sharing works. So that's where we're going next, right there.

Now this just might be one of the oldest technologies in Windows 10. Now by oldest, I mean this technology has not changed in many ways – since the early 1980s, mid 1980s or so when this was actually introduced, Microsoft developed this. What I'm talking about is traditional folder sharing using SMB. SMB was something that Microsoft worked with IBM. SMB stands for the Server Message Block, and it really was kind of the foundation of Microsoft networking for years. And we still use it all the time. However, the SMB protocol back then is not the same SMB protocol today. In Windows 10, we're using an enhanced, faster, better performing SMB. Nevertheless, lot of the ways that sharing works is, you know, very similar.

Now the way that it works is – if I want to take a folder in my file system and make it accessible over the network, I'm going to make and identify it as a shared folder. So I right-click on it and say I want to share this. And when I do that, I'm enabling other users to access it from...well, they can access it in several ways. They can access it in Windows Explorer by opening up their window and kind of browsing for it. They can access it by typing in the shared folder path, which is called a UNC path. Now many of you have seen this, right. UNC path is Universal Naming Convention. I'm sure you recognize it is kind of a \\the name of the machine\the name of that shared folder. Okay, so we can just type in the UNC path. The other way is – they can create a persistent connection, assign a drive letter to it called a mapped network drive. So these are the three different ways in which they can reach across the network and find my folder that I have shared.

So the next question I want to answer is what is required in order to access those shares? Well, you actually have to be an authorized user. And we can control who can connect to Shared Folders, and what they can do in those Shared Folders via permissions. And, in order to have any ability to read anything, let alone change anything, you need both – share permissions and you also need to have what are called NTFS permissions if it's on the NTFS file system, which it most likely will be. So permissions are required. Another thing that's required is creating the share in the first place, you have to have the appropriate permissions on your own system. So there is another set of requirements for creating shares and that is – you have to have proper rights, you have to have the service enabled. You see, sharing is not part of NTFS. Sharing is a separate service called file and print sharing. And then another thing that can inhibit and prevent access is the firewall, so you have to have the firewall open with the functioning network connection. So assuming, of course, that you're a legitimate or authorized user that permissions are being granted to you. And that the other person has the appropriate rights and permissions to set up sharing, but they have enabled the firewall to permit this that they have a functioning network and so do you. Well, then the two of you can actually share files, considering it gets rather complicated. At the same time, it's really not that difficult.

Back to top

How Sharing Works

Learning Objective

After completing this topic, you should be able to

1.

Alright, up next is a diagram of how sharing works? And this is a useful description of the different processes, how they work together and even though it's complex, I'm going to walk you through this. So I want you to imagine with me this scenario. Over here we have got a user, maybe yourself, and you're trying to access a resource on the server over there. This server over here, we're going to pretend is called FS1. And we have got its name listed right there. So we have a UNC path right here. So you're typing in \\FS1\Resources. Now Resources is the name of the shared folder. You can see on the server it's right there. So we're trying to go over the network, talk to FS1, and talk to the resources share and access whatever files are in there. Now, here is the thing, you can be doing this in a couple of different ways. We mention that there are three different ways to access it – you could be doing it from Explorer, you can do it from the Run window, it could be a MapNetworkDrive, whatever it is. There is a process that takes place to send your request to the file server.

Now basic networking is always this – it's always a client requesting from a service and the service responding. I mean think about the way a restaurant works, right, you sit down in a restaurant, you have a menu. And the client there makes a request of a server. And the server then brings a request to them. Well, that's what we're doing. We're asking not for, you know, not for lasagna and a glass of wine, we're asking for some files. So this is our server over here and this is our client over here. Now how that request works? Specifically, the way the communication works is that request is sent through SMB. SMB is the server message block protocol that's the requesting protocol. And so it sends its request over the networking stack, of course, all the networking basics apply here. You have to have a networking card, you have to have physical connection, you have to have an IP address blah, blah, blah.

So we build a packet here, okay. And this packet contains a request for the file – addressing FS1 – it's been addressed to the FS1s IP address, goes over the network, it's received by the networking card that's what understands for its Microsoft's networking card – an API. So it's received by the networking card here, processed here, and then it's passed up to the server service, also called File and Print Sharing. So up here we have the file and sharing service or server service. And what server service does is it takes this request. I want a file, FS1\Resources and it sends that request to the file system over here to NTFS. Now NTFS understands, right, that that file is not located. Well, let me put it this way, the user right here is referring to the name of the server and the name of the shared folder on the actual server though it's stored in the file system on the D drive. Notice okay, make this observation with me that the user is not typing in D drive, right, they are typing in UNC.

So how do we go from finding the file – the file that we want to from this path here to this path – how does this work? Well, that's what this is right here. You see the server service creates a mapping and association. You have the Resource folder and that's tied to this file system location. Now incidentally, this is why if you ever share something you can't rename it. Because if you rename it, you break this, it's now no longer associated with each other. Now, you might think, well you mean I can't rename a shared folder – no you can't. If you go to rename a shared folder, it will give you a warning saying, "Hey, if you do this, you're going to break the share and you'll have to reshare it." So there is this mapping between the sharing service and the file system path. So, when the request comes in, it's that association that mapping that's used to determine the location of the actual file on the server, so then that can be then used to respond to the client. Now we know where the file is on the server. The client doesn't have to know where it is, that's the job of the sharing service and NTFS. Does that make sense? Good.

Now the next thing I want to highlight from this diagram, and we have covered a lot of different aspects to this. We have talked about basic networking in here, we have talked about the UNC path, we talked about, you know, the relationship between sharing and the way the file system works here. We talked a lot...about a lot of things here so far. But the other thing I want to point out to you is that we're dealing with two different systems working together. We're dealing with the server service here and we're dealing with NTFS. And, in the previous slide we talked about, what is required in order to access this file. This user right here has to have appropriate permissions. They have to have a network connection, but they also have to have permissions here and permissions here. So you need permissions both on the shared folder and NTFS. You might think, oh, why don't we have just one set of permissions. Well, that's not how this works. This was developed with two different permissions. Sharing was developed years before we started using NTFS. NTFS has a built-in security system that protects files from a variety of different ways it can be access. Sharing has got...you know, it's a very kind of simple, you know, it's only providing protection for the shared folder. So, make a long story short here friends, there is security here and there is security here, but that should not come to us as a surprise to you, right. Because there could be firewalls right here in the middle as well, there could be security and multiple layers of this communication. The ultimate thing you should remember is if you're troubleshooting a problem that's related to users getting to their shared folders, it could be a combination, right, or it could be a situation somewhere in this communication path that includes either NTFS, includes the shared permissions, can include the firewall, can include a problem over here.

So the important thing you have to discover is how a user is accessing the resource and what security systems are they have in to cross. What are the different security systems they have to cross? And, if you can identify that, then you have an idea – better idea – of where you need to go to troubleshoot. I'll tell you a quick funny story. I once had a dream about this. I once dreamt that I was trying to pass or jump through golden hoops, it was one of those weird things. When I woke up, I just knew that one of those hoops was NTFS permissions and one of those hoops was shared permissions. And one of the things you should realize is whenever you're trying to pass through hoops, the smallest hoop is going to determine what actually can get through both of them. In other words, if I'm trying to fit through both hoops, if one hoop is this small, then it's not going to matter if I can get through the one, if I'm trying to get through both of them. In other words, if this right here is set to read permission and this one here is set to full control, if I'm passing through both of them, I only have read permission. The smallest hoop is going to determine my level of permissions, okay. So with NTFS, if it's set to read and this run here grants me full control, it doesn't matter – whichever one has a smallest degree of permission or security, that's ultimately the level of permission that's going to be granted to this user over here. We call that most restrictive. So when you're combining permissions, like share permissions and NTFS permissions and other permission for that matter. Whichever is the most restrictive that's the actual effect of permission. So, when you're troubleshooting access problems, one of the things you've to think about is, what security systems are they going through and what is the smallest hoop?

Back to top

Configure Shared Folders

Learning Objective

After completing this topic, you should be able to

1.

Okay, so now what I wanted to do is dig through how to configure Shared Folders? So a couple of highlights here. Windows 10 has this thing called basic sharing. And with basic sharing, you have got this button that comes up. You can even right-click on it, it gives you the option to do File Sharing, and you get this quick drop-down. The problem with this is it doesn't give you necessarily the kind of choices or control that advanced sharing gives you. Then sharing comes up, this gives you this option right here, you can click on that. And here you can see that I can dig into the Permissions if I need to, I can even give it more than one Share name.

[The Live Docs Properties dialog box is displayed. The dialog box contains four tabs. The four tabs are General, Sharing, Security, and Customize. The Sharing tab is selected by default. The tabbed page includes three sections. The three sections are Network File and Folder Sharing, Advanced Sharing, and Password Protection. The Network File and Folder Sharing section includes a Share button. The Advanced Sharing section includes an Advanced Sharing button.]

We also have this thing called the sharing snap-in and this can also be something you can use to create Shared Folders if you want to. I actually personally don't use that very often. I usually go into Advanced Sharing, or you can even use PowerShell now with a new dash SMB share coming to find out to be a very convenient way to set up Shared Folders, so consider that one as well. And then this is the Advanced sharing settings, this is something to take note of. And that is, if you share something, you have to have file and print sharing enabled. And so there is an option here called Turn on file and printer sharing, we want to make sure that that's enabled. And then notice here in this same interface is networking sharing center or settings for HomeGroup. There are settings for discovery, so they can browse and find you. So these have to be configured appropriately so that sharing works.

[The Advanced sharing settings window is displayed. It includes two radio buttons. The two radio buttons are "Turn on file and printer sharing" and "Turn off file and printer sharing."]

Couple of important reminders – these are things I want you to remember. First off, a folder can be shared multiple times. And the reason for that is because you're creating a mapping. So you're creating multiple shared folder names if assigned to a single NTFS folder – there is no problem with that. Alright, you're just creating multiple mappings, multiple associations. Files within a user profile can also be shared. Now this is an interesting characteristic that you can actually go to somebody's desktop, right-click, and share file. You can't do that anywhere else. If you go to the root of your drive, the C drive for instance and try to share a file, you won't be able to do that. You can only share folders that's why it's called Shared Folders, right, with one exception and that's that second boat there within a user's profile – desktop, documents, right, music – you can actually right-click on the file and share it, which is meant to simplify now the whole sharing concept for the average user.

Another important point here is that Shared Folders cannot be renamed, they cannot be moved because you break that association. And here is an interesting thing and that is – Windows actually has some shares already present. That if you're an IT admin and you have administrative rights on this system, you can take advantage of it. They are built-in shares. And they are hidden shares. They are called specifically administrative shares. So like for instance, the C drive is shared and the way you access it, is you do \\the name of the machine, \C for the C drive C:$. The "$" sign is what makes the share hidden from browsing. So people can't just stumble across it when they are going through, you know, the network and going through Windows Explorer. They won't stumble across that, that's a hidden share, it's well-known for administrators that it's there. And it's intended for you as an admin and IT pro to be able to get to any system that you have admin rights on and just, you know, get to the root of the C drive, so you can do your work. So there are some hidden shares, if you're not aware of those, you could take advantage of those for servicing Windows 10 machines.

Back to top

File History and Backup

Learning Objective

After completing this topic, you should be able to

1.

Alright, here is a great technology that I think a lot of users are going to love. You can use this in the business and in enterprise if you want to or turn it off. But, if you're a consumer and, you know, power user and you use Windows 10 at home, you might find File History to be one of your best friends ever – BFF – best friend File History, maybe it's BFFH.

So how do you backup and protect your files from failure or accidental deletion? Well, there are several options you have available to you, all of these are about creating redundancy, right – repeating your files. So you can have a backup of your files in your OneDrive. You can maintain a RAID copy, right, mirror them using striping or with Storage Spaces – so something along those lines – some sort of resiliency option in Storage Spaces. You can use a traditional backup that's built into Windows 10. And they call it Windows 7 backup in Windows 10. And then there is this File History feature. And what File History does is it's a "set it and forget it" type of backup feature. I really like File History personally because what File History does for me is File History allows me to basically store something in my library and immediately know that it's being protected.

And the way that that works is you just go in there and you turn it on. When you attach some sort of removable media, you indicate, "Hey, I want you to be my storage for my backup." Okay, so you plugin like a 1 terabyte drive and a little notification comes up asking you what you want to do with that 1 terabyte drive and you can choose File History as one of the options or you can actually do this against some other storage that's attached to your system or available to this system. And the whole point of it is to simplify the backup experience. I mean there are a lot of backup options out there. You can go purchase an appliance that's dedicated to backup, but many of them are just really complicated and you go through several wizards. And then you have to know things like incremental versus differential and configure the schedule. And then, you know, half the time it doesn't work quite as you expect. So File History is meant to take all of that pain away. You just plugin or have available storage you want to dedicate for your backup, you store data in your libraries and it's immediately backed up on an hourly basis using volume share or copy services just automatically for you. Then, if you need to restore it, you just go to that file that – you know, your backup location. You go to the file in your backup location and one tap and it's restored. Now, if you're one of those sentimental types – I really like the old classic backup feature in Windows 7– have no fear, you still have traditional backup in Windows 10. In fact, you have the Windows 7 backup they call it in Windows 10. So, if you want to have that added control, well it's available for you.

Back to top

Exercise: File History

Learning Objective

After completing this topic, you should be able to

1.

Pretend with me you're on a tablet device and you want to protect your data. So you want to configure file history. So my question for you is where do you go to add a new storage location to file history? Think about that. Now, you can pause the video. That way you have a little bit of time to think about it, and when you're ready go ahead and resume it, and I'll show you where it's at. Have you thought about it? Okay,

so let's see how well you did. First thing I'm going to do because I'm on a touch device or a tablet device – at least that's what I'm pretending here – so I'm going to actually select the ACTION CENTER or you can swipe your thumb and bring that up, and we want to go into All settings. The next thing we're going to do is we're going to go to Update & security. Then we are going to select Backup here – the backup category, and then here we have two different backup options – a legacy backup solution and then we've got file history. We're going to Add a drive to file history to storage space here and that is how easy that is. I mean that's it. So that's how you configure storage for file history.

[The Action Center window on a tablet interface is displayed. The Action Center window includes multiple clickable options, some of which include Connect, Note, All Settings, and VPN. The presenter clicks the All Settings option. As a result, the Settings window is displayed. This window includes multiple clickable options, some of which include System, Devices, Personalization, Privacy, and Update & Security. The presenter clicks the Update & Security option. As a result, the Update and Security window is displayed. The window is split into two parts. The first part of the window includes multiple options. Some of the options include Windows Update, Backup, Recover, and Activation. The second part of the window includes the details of the option that is selected in the first part of the window. The presenter selects the Backup option in the first part of the window. As a result, the second part of the window now includes the details related to the Backup option. The second part of the window includes the following information: "Back up your files to another drive and restore them if the originals are lost, damaged, or deleted." The second part of the window also includes an Add a drive button.]

Back to top