EFS Cannot copy profile

EFS Cannot copy profile
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
EFS Cannot copy profile Jose Arvelo 01-05-2006
Posted by Jose Arvelo on January 5, 2006, 11:53 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have deployed an Enterprise CA on a Windows 2000 domain. I have
encrypted a file on my desktop on a Windows XP workstation. I am using
a roaming profile. Currently, when I log off, I get the following
error(copied from event viewer):

Event Type:        Error
Event Source:        Userenv
Event Category:        None
Event ID:        1513
Date:                1/5/2006
Time:                11:28:07 AM
User:                MYDOMAIN\myusername
Computer:        MYPC
Description:
Windows cannot copy your profile because it contains encrypted files
or directories. The keys to decrypt the files or directories are also
stored in the profile and are not available now. Please decrypt the
files and try again.

I have checked using efsinfo to see if there is a recovery agent, and
there is, here is the output:
testing.txt: Encrypted
Recovery Agents:
Unknown (Administrator(Administrator@MYDOMAIN.COM))

Of course, my profile is not being copied over to the profile share
because of this profile error. I would like to deploy EFS for laptop
users, however, I would like them to be logging on to the laptops under
their domain credentials.

Any comments or help are appreciated!


Posted by Miha Pihler [MVP] on January 7, 2006, 4:24 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Jose,

the way EFS works you have to be able to decrypt the file before you can
copy it. Now the user is able to do anything he likes with the file -- but I
guess from what you describe the roaming profile synchronization does not
work under users credentials and therefore can't copy the file.

My best advice I can give is to instruct your users not to encrypt any files
in their profile.
One recommendation there is for EFS use is to mark a folder on a hard drive
as encrypted and then put confidential files in this folder (e.g. D:\Data
Files). Since this folder would not be a part of a profile it would not
cause any problems with roaming profiles.

I believe this problem will be solved in Vista.

--
Mike
Microsoft MVP - Windows Security

>I have deployed an Enterprise CA on a Windows 2000 domain. I have
> encrypted a file on my desktop on a Windows XP workstation. I am using
> a roaming profile. Currently, when I log off, I get the following
> error(copied from event viewer):
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1513
> Date: 1/5/2006
> Time: 11:28:07 AM
> User: MYDOMAIN\myusername
> Computer: MYPC
> Description:
> Windows cannot copy your profile because it contains encrypted files
> or directories. The keys to decrypt the files or directories are also
> stored in the profile and are not available now. Please decrypt the
> files and try again.
>
> I have checked using efsinfo to see if there is a recovery agent, and
> there is, here is the output:
> testing.txt: Encrypted
> Recovery Agents:
> Unknown (Administrator(Administrator@MYDOMAIN.COM))
>
> Of course, my profile is not being copied over to the profile share
> because of this profile error. I would like to deploy EFS for laptop
> users, however, I would like them to be logging on to the laptops under
> their domain credentials.
>
> Any comments or help are appreciated!
>



Similar ThreadsPosted
user profile April 27, 2006, 11:40 pm
Can not migrate profile settings July 12, 2005, 12:35 pm
New Passport profile I didn't sign up for August 11, 2005, 1:50 pm
Users with ADMIN profile December 19, 2005, 4:31 am
Service and profile settings May 6, 2007, 10:44 am
restricitng user profile access June 5, 2006, 9:45 pm
very strane problem with a mandatory profile October 31, 2006, 9:15 pm
802.1x, roaming profile, VLAN change October 31, 2006, 10:25 pm
Profile Registry Hive Saga (PRHS) February 18, 2006, 10:06 pm
User Profile on Windows 2003 Server August 7, 2007, 12:32 pm

The site map in XML format XML site map

Contact Us | Privacy Policy