Article ID: 973835 - View products that this article applies to.
File Server Resource Manager (FSRM) File Screening is a File Server Resource Manager feature that was introduced with Windows Server 2003 R2. This feature lets a server administrator block file types from being copied to folders and shares. When you implement roaming user profiles in combination with FSRM File Screening, it may cause unexpected and unusual behavior, depending on the version of the Windows client operating system that uploaded the blocked files. (The client uploads the user profile that includes files being blocked by FSRM File Screening.)
Windows XP and Windows Server 2003During user logoff, a "User Environment" message appears that indicates that the first file could not be transferred to the profile share. The message resembles the following:
You can close the message by clicking the OK button. Or, you can wait for thirty seconds, and it will disappear.
Windows cannot copy file path of the test file to location path of the profile share. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
After the upload is completed, the following additional "User Environment" message appears:
The following two Userenv events are also logged in the Application log on the client:
Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
Event Type: Error
Event Type: Error
When you turn on Userenv logging, the following entry may be logged:
For every profile file that fails to be renamed to the final name that is blocked by File Screening, the temporary Prf<xx>.tmp file remains in the profile folder. Because the temporary file name is generic, this reoccurs at every logoff for every blocked file. The files fill the user profile folder and consume more and more disk space on the profile share server.
USERENV(160.6ec) 10:22:54:989 ReconcileFile: Failed to rename file <temp file> to <target file> with error = 5
Therefore, we do not recommend that you use Roaming Profiles from Windows XP-based or Windows Server 2003-based clients when FSRM File Screening applies to the profile share folder.
Windows Vista and Windows Server 2008During logoff, there is no notification that a file could not be copied to the profile share. There is only a notification that is displayed for five seconds when the upload has completed:
Additionally, event IDs 1509 and 1504 are logged in the Application log:
Your roaming user profile was not completely synchronized. See the event log for details or contact administrator.
Log Name: Application
Log Name: Application
941436When this copy action is prohibited by FSRM File Screening, it does not cause remaining temporary files if the client operating system is Windows Vista or Windows Server 2008.
(http://support.microsoft.com/kb/941436/ )Redundant Prf<x>.tmp files are generated after a user who uses roaming user profile logs off from a Windows Vista-based client computer
Nevertheless, be aware that you may lose data without additional notification when you store prohibited data on roaming profiles and then move between clients or when the Delete cached copies of roaming profiles Group Policy setting is enabled.
Typically, implementing FRSM File Screening requires user education. Users may understand the implications of an "Access Denied" message during a manual copy attempt, but they may not understand that unexpected results may occur when an application is used to access shares that have FRSM restrictions. Therefore, you should thoroughly test your applications and procedures when FRSM restrictions are involved.
Article ID: 973835 - Last Review: August 12, 2009 - Revision: 1.0