You are currently offline, waiting for your internet to reconnect

Windows Server 2003 checks for pre-created roaming profile folders when you make a roaming user profile

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q327259
For a Microsoft Windows 2000 SP4 and Windows XP SP1 version of this article, see 327462.
Versions of Microsoft Windows 2000 earlier than Service Pack 4 (SP4) and versions of Microsoft Windows XP earlier than Service Pack 1 (SP1) do not check the permissions of the target roaming profile folder if the folder already exists when a roaming user profile is created. This behavior might permit an individual to create another user's roaming profile folder in advance and to set permissions that might permit the creator of the folder to visit the folder later. The creator might then be able to modify the user's roaming user profile or to deny access to the legitimate user. Windows Server 2003, Windows XP Service Pack 1 (SP1), and Windows 2000 SP4 checks for correct permissions and does not permit roaming if the permissions are not those that Windows requires. This article discusses this new behavior in the products that are listed at the beginning of this article.
Windows Server 2003 uses the following steps to confirm correct security for roaming user profile folders:
  • Windows Server 2003 determines if the roaming profile folder exists and that either the user or the Administrators group is the owner of the folder.
  • Windows Server 2003 considers the folder legitimate and copies files to the folder during the logoff process and from the folder during the logon process if the following conditions are true:
    • The user or the Administrators group owns the folder.
    • The "Do not check for user ownership of Roaming Profile Folders" policy is not set.
  • When these conditions are not true, Windows Server 2003 does not copy any files from or to the folder. Windows Server 2003 displays an error message and logs an event in the System event log.
  • Windows Server 2003 creates the folder in its current secure manner if no cached profile exists, the user's cached profile, or a temporary profile is issued.
  • Windows Server 2003 assumes that the folder is legitimate if the "Do not check for user ownership of Roaming Profile Folders" policy is set and the ownership of the folder is not checked.

Error messages

When you log on as a user that has a roaming profile and Windows Server 2003 determines that the roaming profile folder is not legitimate, you receive the following error message:
Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator.
This new policy prevents Windows Server 2003 from checking for correct permissions on a user's roaming profile folder. Windows Server 2003 does not copy files to or from the roaming profile folder if the following conditions exist:
  • You turn off or do not configure this setting.
  • The roaming user profile folder exists.
  • Neither the user nor the Administrators group is the owner of the folder.
If you turn on this setting, the behavior is the same as versions of Windows that are earlier than Windows Server 2003 or Microsoft Windows XP without SP1.

To change the "Do not check for user ownership of Roaming Profile Folders" policy setting:
  1. Start the Group Policy snap-in.
  2. Browse to the following folder:

    Computer Configuration\Administrative Templates\System\User Profiles
  3. In the right pane, double-click Do not check for user Ownership of Roaming Profile Folders.
  4. To turn on the policy, click Enabled. To turn off the policy, leave the policy undefined or click Disabled.
  5. Click OK.

Article ID: 327259 - Last Review: 02/28/2007 23:06:44 - Revision: 9.4

Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86)

  • kbinfo KB327259
if?DI=4050&did=1&t=">ss="col-sm-6 col-xs-24 ng-scope"> Venezuela - Español
//"> var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" ')[0].appendChild(m);" onload="var m=document.createElement('meta');'ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src=""> 50&did=1&t=">