Windows Tip Sheet

Where The Profiles Roam

The woes of roaming profiles brought on by EFS.

On a recent client visit, I was asked to try and troubleshoot some odd messages in the Application event log of some Windows XP computers. Here are a couple of samples:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
User: NT AUTHORITY\SYSTEM
Description: Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Please decrypt the files and try again. For more information, see Help and Support Center at .

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1504
Description: Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The specified file is encrypted and the user does not have the ability to decrypt it. For more information, see Help and Support Center at .

Seems pretty obvious -- something's wrong because the profiles contain encrypted files. Sure enough, the users with the affected profiles used Encrypting File System (EFS) to encrypt their profiles. My customer was just trying to figure out how to get the keys into the right place to make this work.

A perfect example of banging your head against a brick wall for naught: Windows can't do EFS in roaming profiles. That's because, as the error message says, the keys are in the profile, and Windows can't access the keys until it copies the profile -- which it can't do until it gets the keys -- which, oh I have a headache now.

You can achieve the same end effect, though. Instead, redirect the My Documents folder to a network drive and encrypt the files there. The keys will stay in the profile -- unencrypted -- and be accessible.

Additional Resources

Don Jones on HGTV
If you're a fan of Don Jones like we are over here at MCPmag.com, don't miss Home & Garden TV's "Landscaper's Challenge" Episode #906, featuring Don's home. In many areas, the episode will air on April 27th at 9:30 p.m., but be sure and check your local listings to get accurate information for your area. (MCPmag.com hopes Don's home is just as cool and efficient in the Las Vegas heat as his scripts and Windows tips are helpful to you out there in admin-land.)

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is an Author/Evangelist for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.

comments powered by Disqus

SharePoint Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.