-
Title
Roaming Profiles cannot be accessed after user migration or Resource Updating Manager processing -
Description
A user with a roaming profile will get an error when attempting to log in after either the user has been migrated, or the server storing the roaming profile has been updated using RUM. The error is as follows:
"Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator".You cannot log into a source user's roaming profile with a target user, or vise versa.
-
Cause
This problem is due to the fact that Windows XP service pack 1 and higher, and Windows 2000 SP4 and higher check the ownership of the roaming profile folder when logging in. If the owner is not a member of the local administrators group, or the user logging in, the profile will not load. For more information about this issue, see Microsoft KB article 327462 at http://support.microsoft.com/kb/327462.
-
Resolution
To resolve this issue, you can undo the changes using RUM (using the "Revert to the original local group, user rights, and object permissions" option). Also, after undoing, you can process the machine storing the roaming profiles, but un-check the "Roaming Profiles" check box in RUM. This will leave the source permissions and ownership in place on the roaming profiles.
If the user is logging into the target domain and the roaming profile server has not been processed by RUM, logging into the source domain will allow the user to use the profile. If the user is logging into the source domain and the roaming profile server has been processed by RUM, logging into the target domain will allow the user to use the profile.
Also, you can disable the checking of roaming profile ownership using a Group Policy Object (GPO). See the following text from the above Microsoft article:
"A new computer policy that is named "Do not check for user ownership of Roaming Profile Folders" exists under Administrative Templates\System\User Profiles in Group Policy Editor. In Windows 2000 SP4, the new computer policy exists under Computer configuration\Administrative Template\System\Logon in Group Policy Editor. Administrators can use this policy to turn off the ownership verification for existing roaming user profile folders and to revert to the Windows XP behavior. This new policy prevents Windows XP SP1 and Windows 2000 SP4 from checking for correct permissions on a user's roaming profile folder. In Windows XP without SP1 and versions of Windows 2000 before SP4, no checks are performed for correct permissions if the profile folder already exists.
Windows XP SP1 and Windows 2000 SP4 do not copy files to or from the roaming profile folder if all these conditions exist:- You turn off or do not configure this setting.
- The roaming user profile folder exists.
- Neither the user nor the Administrators group is the owner of the folder.
If you turn on this setting, the behavior is the same as Windows XP without SP1 and versions of Windows 2000 before SP4."