Article ID: 973835 - Last Review: August 12, 2009 - Revision: 1.0

Roaming user profiles and FSRM File Screening

View products that this article applies to.

System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

INTRODUCTION

File Server Resource Manager (FSRM) File Screening is a File Server Resource Manager feature that was introduced with Windows Server 2003 R2. This feature lets a server administrator block file types from being copied to folders and shares. When you implement roaming user profiles in combination with FSRM File Screening, it may cause unexpected and unusual behavior, depending on the version of the Windows client operating system that uploaded the blocked files. (The client uploads the user profile that includes files being blocked by FSRM File Screening.)

Back to the top

MORE INFORMATION

Windows XP and Windows Server 2003

During user logoff, a "User Environment" message appears that indicates that the first file could not be transferred to the profile share. The message resembles the following:

Windows cannot copy file path of the test file to location path of the profile share. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.

You can close the message by clicking the OK button. Or, you can wait for thirty seconds, and it will disappear.

After the upload is completed, the following additional "User Environment" message appears:

Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.

The following two Userenv events are also logged in the Application log on the client:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1509
User: user
Computer: computer
Description: Windows cannot copy file path of the test file to location path of the profile share. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1504
User: NT AUTHORITY\SYSTEM
Computer: computer
Description: Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

When you turn on Userenv logging, the following entry may be logged:

USERENV(160.6ec) 10:22:54:989 ReconcileFile: Failed to rename file <temp file> to <target file> with error = 5

For every profile file that fails to be renamed to the final name that is blocked by File Screening, the temporary Prf<xx>.tmp file remains in the profile folder. Because the temporary file name is generic, this reoccurs at every logoff for every blocked file. The files fill the user profile folder and consume more and more disk space on the profile share server.

Therefore, we do not recommend that you use Roaming Profiles from Windows XP-based or Windows Server 2003-based clients when FSRM File Screening applies to the profile share folder.

Back to the top

Windows Vista and Windows Server 2008

During logoff, there is no notification that a file could not be copied to the profile share. There is only a notification that is displayed for five seconds when the upload has completed:

Your roaming user profile was not completely synchronized. See the event log for details or contact administrator.

Additionally, event IDs 1509 and 1504 are logged in the Application log:

Log Name: Application
Source: Microsoft-Windows-User Profiles General
Event ID: 1509
Task Category: None
Level: Warning
Keywords: Classic
User: user
Computer: computer
Description: Windows cannot copy file C:\Users\proftest1\Desktop\test.avi to location \\RW08DC1\Profiles\proftest1.V2\Desktop\test.avi. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Event ID: 1504
Task Category: None
Level: Error
Keywords: Classic
User: user
Computer: computer
Description: Windows cannot update your roaming profile completely. Check previous events for more details.

Starting with Windows Vista, the profile upload mechanism has changed. The existing files on the profile share are renamed to Prf<xx>.tmp temporary files, and the user profile files are copied from the client to the profile server. For more information about the logoff process, click the following article number to view the article in the Microsoft Knowledge Base:

941436 (http://support.microsoft.com/kb/941436/ ) Redundant Prf<x>.tmp files are generated after a user who uses roaming user profile logs off from a Windows Vista-based client computer

When this copy action is prohibited by FSRM File Screening, it does not cause remaining temporary files if the client operating system is Windows Vista or Windows Server 2008.

Nevertheless, be aware that you may lose data without additional notification when you store prohibited data on roaming profiles and then move between clients or when the Delete cached copies of roaming profiles Group Policy setting is enabled.

Typically, implementing FRSM File Screening requires user education. Users may understand the implications of an "Access Denied" message during a manual copy attempt, but they may not understand that unexpected results may occur when an application is used to access shares that have FRSM restrictions. Therefore, you should thoroughly test your applications and procedures when FRSM restrictions are involved.

Back to the top