Microsoft KB Archive/841801

= Offline users may not be able to access cached profile resources when they log on with cached credentials =

Article ID: 841801

Article Last Modified on 5/28/2004

-

APPLIES TO


 * Microsoft Windows XP Professional

-





SYMPTOMS
If you log on to a Microsoft Windows XP Professional-based computer, you may experience the following behavior:
 * If you log on by using cached credentials, you cannot access your user profile resources that are located on a network share. For example, contents of the My Documents folder may not be available.
 * The homedrive and homepath environment variables that should point to network resources are set to local resources.



CAUSE
This behavior may occur if more than three users log on to a computer, and some contents of those users' homeshares are cached. This behavior occurs because Windows XP client-side caching (CSC) only stores the access rights of the last three users who accessed a file or a share. When a fourth user logs on, Windows determines if the user has access to the homehare path before it sets the homedrive and homepath environment variables. This check does not work because the user's credentials are no longer stored when three or more users have logged on with cached credentials since this user last logged on. Therefore, this user is denied access.



WORKAROUND
To permit more than three offline users to share one computer, configure the permissions on the user profile to give Full Control permissions to the Everyone group, and then make sure that only authenticated users have Full Control permissions for the home folder. To do this, follow these steps.

Warning Before you follow these steps, make sure that you understand the security implications of granting Full Control permissions for the profile path to the Everyone group.  Determine the profile path and home folder path for the user profile. To do this, follow these steps:  Log on as a user who has administrator credentials to the local computer that you want to share between more than three offline users. Click Start, click Control Panel, and then click User Accounts two times. Click the Advanced tab. Under Advanced user management, click Advanced. In the left pane of the Local Users and Groups window, click Users.</li> Double-click the user who you want to find the profile path for, and then click the Profile tab.</li> Note the profile path for the user profile and the home folder path.</li></ol> </li> Edit the security settings for the profile path. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Locate the profile path that you noted in Step 1.</li> Right-click the folder, and then click Properties.</li> Click the Security tab, and then click Add under Group or user names.</li> Type everyone, and then click OK.</li> In the  Properties window, click Everyone in the Group or user names list, and then select the Full Control check box.</li></ol> </li> Edit the security settings for the home folder path. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Log on to the domain as a network administrator.</li> Locate the home folder path that you noted in Step 1.</li> Make sure that only authenticated users have Full Control permissions.</li></ol> </li></ol>

<div class="status_section">

STATUS
This behavior is by design.

Keywords: kbprb KB841801

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.