Windows Live
Facebook
Twitter
Linkedin
Digg it
Yahoo
Delicious
StumbleUpon
Yammer
Reddit
Technorati
FriendFeed
EmailArticle ID: 911805 - Last Review: October 11, 2007 - Revision: 2.3 You cannot load or unload a roaming user profile if it contains EFS files on a Windows XP-based or a Windows Server 2003-based client
INTRODUCTIONOn a Microsoft Windows XP-based or a Microsoft Windows Server 2003-based client, you cannot load or unload a roaming user profile if it contains Encrypting File System (EFS) files. In this case, the following
error messages are logged in the Application event log: Event Type: Error
Event Source: Userenv Event Category: None Event ID: 1513 Date: Date Time: Time User: NT AUTHORITY\SYSTEM Computer: Computer Name Description: Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://support.microsoft.com>. Event Type: Error
Event Source: Userenv Event Category: None Event ID: 1504 Date: Date Time: Time User: User Name Computer: Computer Name Description: Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The specified file is encrypted and the user does not have the ability to decrypt it. For more information, see Help and Support Center at <http://support.microsoft.com>. Event Type: Error
Event Source: Userenv Event Category: None Event ID: 1513 Date: Date Time: Time User: User Name Computer: Computer Name Description: Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://support.microsoft.com>. MORE INFORMATIONIf an encrypted file is in any
part of a roaming profile, the profile will fail. A roaming profile copies the
whole profile from the server and then starts to log on as the user. Because the
profile is not loaded during this process, the roaming profile does not have access to a user's
encryption keys and cannot encrypt or decrypt any data. Therefore, when a roaming profile finds an
encrypted file, it fails.
The use of encrypted files in a roaming user profile is not supported. This behavior is by design. To work around this behavior, you can redirect the My Documents folder and then encrypt the client-side cache. For more information about folder redirection, click the following article number to view the article in the Microsoft Knowledge Base: 232692
(http://support.microsoft.com/kb/232692/
)
Folder redirection feature in Windows
For more information about how to encrypt the client-side cache, click the following article number to view the article in the Microsoft Knowledge Base:
312221
(http://support.microsoft.com/kb/312221/
)
How to encrypt offline files to secure data in Windows XP
For more information about the Encrypting File System and about folder redirection, click the following article numbers to view the articles in the Microsoft Knowledge Base:
223316
(http://support.microsoft.com/kb/223316/
)
Best practices for the Encrypting File System
274443
(http://support.microsoft.com/kb/274443/
)
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003
APPLIES TO
| Other Resources Other Support Sites
CommunityGet Help NowArticle Translations
|
Back to the top
