Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You cannot load or unload a roaming user profile if it contains EFS files on a Windows XP-based or a Windows Server 2003-based client

You cannot load or unload a roaming user profile if it contains EFS files on a Windows XP-based or a Windows Server 2003-based client

View products that this article applies to.

Introduction

On a Microsoft Windows XP-based or a Microsoft Windows Server 2003-based client, you cannot load or unload a roaming user profile if it contains Encrypting File System (EFS) files. In this case, the following error messages are logged in the Application event log:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer Name
Description:
Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://support.microsoft.com>.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1504
Date: Date
Time: Time
User: User Name
Computer: Computer Name
Description:
Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The specified file is encrypted and the user does not have the ability to decrypt it. For more information, see Help and Support Center at <http://support.microsoft.com>.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
Date: Date
Time: Time
User: User Name
Computer: Computer Name
Description:
Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://support.microsoft.com>.

↑ Back to the top

More information

If an encrypted file is in any part of a roaming profile, the profile will fail. A roaming profile copies the whole profile from the server and then starts to log on as the user. Because the profile is not loaded during this process, the roaming profile does not have access to a user's encryption keys and cannot encrypt or decrypt any data. Therefore, when a roaming profile finds an encrypted file, it fails.

The use of encrypted files in a roaming user profile is not supported. This behavior is by design.

To work around this behavior, you can redirect the My Documents folder and then encrypt the client-side cache.

For more information about folder redirection, click the following article number to view the article in the Microsoft Knowledge Base:
232692 Folder redirection feature in Windows
For more information about how to encrypt the client-side cache, click the following article number to view the article in the Microsoft Knowledge Base:
312221 How to encrypt offline files to secure data in Windows XP
For more information about the Encrypting File System and about folder redirection, click the following article numbers to view the articles in the Microsoft Knowledge Base:
223316 Best practices for the Encrypting File System
274443 How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003

↑ Back to the top

Keywords: KB911805, kbinfo, kbtshoot, kbefs, kbprofiles

↑ Back to the top

Article Info
Article ID : 911805
Revision : 5
Created on : 10/11/2007
Published on : 10/11/2007
Exists online : False
Views : 303