Knowledge Base

You cannot load or unload a roaming user profile if it contains EFS files on a Windows XP-based or a Windows Server 2003-based client

Article ID: 911805

Article Last Modified on 10/11/2007

APPLIES TO

Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, 64-Bit Enterprise Edition
Microsoft Windows Server 2003, 64-Bit Datacenter Edition
Microsoft Windows XP Professional

INTRODUCTION

On a Microsoft Windows XP-based or a Microsoft Windows Server 2003-based client, you cannot load or unload a roaming user profile if it contains Encrypting File System (EFS) files. In this case, the following error messages are logged in the Application event log:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer Name
Description:
Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://support.microsoft.com>.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1504
Date: Date
Time: Time
User: User Name
Computer: Computer Name
Description:
Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The specified file is encrypted and the user does not have the ability to decrypt it. For more information, see Help and Support Center at <http://support.microsoft.com>.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
Date: Date
Time: Time
User: User Name
Computer: Computer Name
Description:
Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at <http://support.microsoft.com>.

MORE INFORMATION

If an encrypted file is in any part of a roaming profile, the profile will fail. A roaming profile copies the whole profile from the server and then starts to log on as the user. Because the profile is not loaded during this process, the roaming profile does not have access to a user's encryption keys and cannot encrypt or decrypt any data. Therefore, when a roaming profile finds an encrypted file, it fails.

The use of encrypted files in a roaming user profile is not supported. This behavior is by design.

To work around this behavior, you can redirect the My Documents folder and then encrypt the client-side cache.

For more information about folder redirection, click the following article number to view the article in the Microsoft Knowledge Base:

232692 Folder redirection feature in Windows

For more information about how to encrypt the client-side cache, click the following article number to view the article in the Microsoft Knowledge Base:

312221 How to encrypt offline files to secure data in Windows XP

For more information about the Encrypting File System and about folder redirection, click the following article numbers to view the articles in the Microsoft Knowledge Base:

223316 Best practices for the Encrypting File System

274443 How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003

Keywords: kbinfo kbtshoot kbprofiles kbefs KB911805

Microsoft KB Archive/911805

You cannot load or unload a roaming user profile if it contains EFS files on a Windows XP-based or a Windows Server 2003-based client

INTRODUCTION

MORE INFORMATION