搭配 AD FS 與 Web 應用程式 Proxy 部署工作資料夾︰步驟 5 設定用戶端Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set-up Clients

適用於:Windows Server (半年度管道)、Windows Server 2016Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

本主題說明使用 Active Directory 同盟服務 (AD FS) 和 Web 應用程式 Proxy 部署工作資料夾的第五個步驟。This topic describes the fifth step in deploying Work Folders with Active Directory Federation Services (AD FS) and Web Application Proxy. 您可以在這些主題中找到這個程序的其他步驟︰You can find the other steps in this process in these topics:

使用以下程序設定已加入網域和未加入網域的 Windows 用戶端。Use the following procedures to set up the domain-joined and non-domain joined Windows clients. 您可以使用這些用戶端測試檔案是否在用戶端的工作資料夾間正確同步。You can use these clients to test whether files are syncing correctly between the clients' Work Folders.

設定已加入網域的用戶端Set up a domain-joined client

安裝 AD FS 和工作資料夾憑證Install the AD FS and Work Folder certificates

您必須在已加入網域的用戶端電腦上,將稍早建立的 AD FS 和工作資料夾憑證安裝到本機憑證存放區。You must install the AD FS and Work Folders certificates that you created earlier into the local computer certificate store on the domain-joined client machine.

因為您將安裝的是無法在「受信任的根憑證授權單位」憑證存放區中追溯發行者的自我簽署憑證,您還必須將憑證複製到該存放區。Because you are installing self-signed certificates that can't be traced back to a publisher in the Trusted Root Certification Authorities certificate store, you must also copy the certificates to that store.

若要安裝憑證,請依照下列步驟執行:To install the certificates, follow these steps:

  1. 按一下 [開始],然後按一下 [執行]Click Start, and then click Run.

  2. 輸入 MMCType MMC.

  3. 按一下 [檔案] 功能表上的 [新增/移除嵌入式管理單元]On the File menu, click Add/Remove Snap-in.

  4. [可用的嵌入式管理單元] 清單中,選取 [憑證],然後按一下 [新增]In the Available snap-ins list, select Certificates, and then click Add. [憑證嵌入式管理單元精靈] 隨即啟動。The Certificates Snap-in Wizard starts.

  5. 選取 [電腦帳戶],然後按 [下一步]Select Computer account, and then click Next.

  6. 選取 [本機電腦 (執行這個主控台的電腦)],然後按一下 [完成]Select Local computer: (the computer this console is running on), and then click Finish.

  7. 按一下 [確定]Click OK.

  8. 展開資料夾 Console Root\Certificates(Local Computer)\Personal\Certificates。Expand the folder Console Root\Certificates(Local Computer)\Personal\Certificates.

  9. 以滑鼠右鍵按一下 [憑證],按一下 [所有工作],然後按一下 [匯入]Right-click Certificates, click All Tasks, and then click Import.

  10. 瀏覽至含有 AD FS 憑證的資料夾,然後依照精靈中的指示匯入檔案,並將它放在憑證存放區。Browse to the folder that contains the AD FS certificate, and follow the instructions in the wizard to import the file and place it in the certificate store.

  11. 重複執行步驟 9 和 10,這次瀏覽到工作資料夾憑證並將其匯入。Repeat steps 9 and 10, this time browsing to the Work Folders certificate and importing it.

  12. 展開資料夾 Console Root\Certificates(Local Computer)\Trusted Root Certification Authorities\Certificates。Expand the folder Console Root\Certificates(Local Computer)\Trusted Root Certification Authorities\Certificates.

  13. 以滑鼠右鍵按一下 [憑證],按一下 [所有工作],然後按一下 [匯入]Right-click Certificates, click All Tasks, and then click Import.

  14. 瀏覽至含有 AD FS 憑證的資料夾,然後依照精靈中的指示匯入檔案,並將它放在「受信任的根憑證授權單位」存放區。Browse to the folder that contains the AD FS certificate, and follow the instructions in the wizard to import the file and place it in the Trusted Root Certification Authorities store.

  15. 重複執行步驟 13 和 14,這次瀏覽到工作資料夾憑證並將其匯入。Repeat steps 13 and 14, this time browsing to the Work Folders certificate and importing it.

在用戶端上設定工作資料夾Configure Work Folders on the client

若要在用戶端電腦上設定工作資料夾,請依照下列步驟執行︰To configure Work Folders on the client machine, follow these steps:

  1. 在用戶端電腦上,開啟 [控制台],然後按一下 [工作資料夾]On the client machine, open Control Panel and click Work Folders.

  2. 按一下 [設定工作資料夾]Click Set up Work Folders.

  3. [輸入您的公司電子郵件地址] 頁面上,輸入使用者的電子郵件地址 (例如,user@contoso.com) 或工作資料夾 URL (測試範例中為 https://workfolders.contoso.com),然後按 [下一步]On the Enter your work email address page, enter either the user's email address (for example, user@contoso.com) or the Work Folders URL (in the test example, https://workfolders.contoso.com), and then click Next.

  4. 如果使用者連接至企業網路,驗證是由 Windows 整合式驗證執行。If the user is connected to the corporate network, the authentication is performed by Windows Integrated Authentication. 如果使用者未連接企業網路,驗證會由 ADFS (OAuth) 執行並且將提示使用者輸入認證。If the user is not connected to the corporate network, the authentication is performed by ADFS (OAuth) and the user will be prompted for credentials. 輸入您的認證,然後按一下 [確定]Enter your credentials and click OK.

  5. 在您驗證後,會顯示 [導入「工作資料夾」]頁面,您可以選擇是否變更工作資料夾的目錄位置。After you have authenticated, the Introducing Work Folders page is displayed, where you can optionally change the Work Folders directory location. [下一步]Click Next.

  6. [安全性原則] 頁面會列出您為工作資料夾設定的安全性原則。The Security Policies page lists the security policies that you set up for Work Folders. [下一步]Click Next.

  7. 顯示訊息,指出工作資料夾已開始與電腦同步。A message is displayed stating that Work Folders has started syncing with your PC. 按一下 [關閉]Click Close.

  8. [管理「工作資料夾」] 頁面會顯示伺服器上的可用空間量、同步狀態等。The Manage Work Folders page shows the amount of space available on the server, sync status, and so on. 如有需要,您可以在此重新輸入您的憑證。If necessary, you can re-enter your credentials here. 關閉視窗。Close the window.

  9. 您的工作資料夾會自動開啟。Your Work Folders folder opens automatically. 您可以將內容新增到此資料夾以便與您的裝置同步。You can add content to this folder to sync between your devices.

    基於測試範例的目的,可新增一個測試檔到此「工作資料夾」。For the purpose of the test example, add a test file to this Work Folders folder. 您在未加入網域的電腦上設定「工作資料夾」之後,將無法在每部電腦上的「工作資料夾」之間同步檔案。After you set up Work Folders on the non-domain-joined machine, you will be able to sync files between the Work Folders on each machine.

設定未加入網域的用戶端Set up a non-domain-joined client

安裝 AD FS 和工作資料夾憑證Install the AD FS and Work Folder certificates

使用您在加入網域的電腦上安裝 AD FS 和「工作資料夾」憑證的相同程序,在未加入網域的電腦上進行安裝。Install the AD FS and Work Folders certificates on the non-domain-joined machine, using the same procedure that you used for the domain-joined machine.

更新主機檔案Update the hosts file

未加入網域用戶端上的主機檔案必須為測試環境進行更新,因為沒有建立「工作資料夾」的公用 DNS 記錄。The hosts file on the non-domain-joined client must be updated for the test environment, because no public DNS records were created for Work Folders. 新增這些項目到主機檔案︰Add these entries to the hosts file:

  • workfolders.domainworkfolders.domain

  • AD FS service name.domainAD FS service name.domain

  • enterpriseregistration.domainenterpriseregistration.domain

如需測驗範例,請使用這些值︰For the test example, use these values:

  • 10.0.0.10 workfolders.contoso.com10.0.0.10 workfolders.contoso.com

  • 10.0.0.10 blueadfs.contoso.com10.0.0.10 blueadfs.contoso.com

  • 10.0.0.10 enterpriseregistration.contoso.com10.0.0.10 enterpriseregistration.contoso.com

在用戶端上設定工作資料夾Configure Work Folders on the client

使用您在已加入網域的電腦上設定的相同程序,在未加入網域的電腦上設定工作資料夾。Configure Work Folders on the non-domain-joined machine by using the same procedure that you used for the domain-joined machine.

當新的「工作資料夾」資料夾在此用戶端上開啟時,您可以看到已加入網域的電腦中的檔案已經與未加入網域的電腦同步。When the new Work Folders folder opens on this client, you can see that the file from the domain-joined machine has already synced to the non-domain-joined machine. 您可以開始新增內容到資料夾以便在裝置之間同步。You can start adding content to the folder to sync between your devices.

這包含透過 Windows Server UI 部署工作資料夾、AD FS 和 Web 應用程式 Proxy 的程序。This concludes the procedure for deploying Work Folders, AD FS and Web Application Proxy via the Windows Server UI.

另請參閱See Also

工作資料夾概觀Work Folders Overview