JSI Tip 10212. You cannot load or unload a roaming profile if it contains EFS files on a Windows XP or a Windows Server 2003 client?

Roaming profiles on Windows XP or Windows Server 2003 client computers cannot be loaded or unload if it contains EFS (Encrypting File System) files. When you try, the Application event log records:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
Date: MM/DD/YYYY
Time: HH:MM:SS
User: NT AUTHORITY\SYSTEM
Computer: <ComputerName>
Description: Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://go.microsoft.com/fwlink/events.asp>.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1504
Date: MM/DD/YYYY
Time: HH:MM:SS
User: <UserName>
Computer: <ComputerName>
Description: Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The specified file is encrypted and the user does not have the ability to decrypt it. For more information, see Help and Support Center at <http://go.microsoft.com/fwlink/events.asp>.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
Date: MM/DD/YYYY
Time: HH:MM:SS
User: <UserName>
Computer: <ComputerName>
Description: Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://go.microsoft.com/fwlink/events.asp>.

The use of encrypted files in a roaming profile is NOT supported. When a user logs on, the whole roaming profile is copied from the server, but because the profile is NOT YET loaded, it doesn't have access to the user's encryption key and the copy fails.

To workaround this behavior, redirect the users My Documents folder and encrypt the client-side cache.



TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish