Article ID: 911805
Article Last Modified on 10/11/2007
APPLIES TO
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, 64-Bit Enterprise Edition
- Microsoft Windows Server 2003, 64-Bit Datacenter Edition
- Microsoft Windows XP Professional
INTRODUCTION
On a Microsoft Windows XP-based or a Microsoft Windows Server 2003-based client, you cannot load or unload a roaming user profile if it contains Encrypting File System (EFS) files. In this case, the following error messages are logged in the Application event log:
MORE INFORMATION
If an encrypted file is in any part of a roaming profile, the profile will fail. A roaming profile copies the whole profile from the server and then starts to log on as the user. Because the profile is not loaded during this process, the roaming profile does not have access to a user's encryption keys and cannot encrypt or decrypt any data. Therefore, when a roaming profile finds an encrypted file, it fails.
The use of encrypted files in a roaming user profile is not supported. This behavior is by design.
To work around this behavior, you can redirect the My Documents folder and then encrypt the client-side cache.
For more information about folder redirection, click the following article number to view the article in the Microsoft Knowledge Base:
232692 Folder redirection feature in Windows
For more information about how to encrypt the client-side cache, click the following article number to view the article in the Microsoft Knowledge Base:
312221 How to encrypt offline files to secure data in Windows XP
For more information about the Encrypting File System and about folder redirection, click the following article numbers to view the articles in the Microsoft Knowledge Base:
223316 Best practices for the Encrypting File System
274443 How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003
Keywords: kbinfo kbtshoot kbprofiles kbefs KB911805