Windows XP SP1 and Windows 2000 SP4 checks for existing roaming user profile folders when a roaming user profile is created (327462)

SUMMARY

In the release version of Windows XP (before Service Pack 1), and versions of Windows 2000 earlier than Service Pack 4 (SP4), Windows does not check the permissions of the target roaming profile folder if it already exists when a roaming user profile is created. This behavior might permit an individual to create another user's roaming profile folder in advance and to set permissions that could allow the creator of the folder to visit the folder later. The creator might then be able to modify the user's roaming user profile, or to deny access to the legitimate user.

Windows Server 2003, Windows XP SP1, and Windows 2000 SP4 look for correct permissions and do not permit roaming if the permissions are not those that Windows requires. This article discusses this new behavior in the products listed at the beginning of this article.

For additional information about the latest service pack for Microsoft Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

For additional information about the latest service pack for Microsoft Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

MORE INFORMATION

Windows XP SP1 and Windows 2000 SP4 perform the following checks to verify correct security on roaming user profile folders:

If the roaming profile folder exists, Windows XP SP1 and Windows 2000 SP4 check to determine if either the user or the local Administrators group is the owner of the folder. If a member of the local Administrators group, but not the local Administrators group itself, is the owner, this check will fail.
If the folder is owned by the user or the Administrators group and if the "Do not check for user ownership of Roaming Profile Folders" policy is not set, Windows XP SP1 and Windows 2000 SP4 consider the folder to be legitimate and copy files to the folder during the logoff process and from the folder during the logon process.
If the roaming profile folder exists, and if the user or Administrators group is not the owner of the folder, Windows XP SP1 and Windows 2000 SP4 do not copy any files from or to the folder, display an error message, and log an event in the system event log. The user's cached profile is issued, or a temporary profile is issued if no cached profile exists.
If the profile folder does not exist, Windows XP SP1 and Windows 2000 SP4 create the folder in its current manner.
If the "Do not check for user ownership of Roaming Profile Folders" policy is set, the ownership of the folder is not checked, and Windows XP SP1 and Windows 2000 SP4 assume that the folder is legitimate.

The following pre-SP4 updates include the updated files that cause this behavior:

(824141) MS03-045: Buffer overrun in the list box and in the combo box control could allow code execution
(824390) Cannot log on to a Windows NT 4.0 resource domain from a Windows 2000-based client
(827953) Computer crashes and a Stop 0x50 error occurs when you try to print a document
(835732) MS04-011: Security update for Microsoft Windows

Error messages

If Windows XP SP1 or Windows 2000 SP4 cannot save a user's profile because of incorrect security, the user may receive either of the following error messages. These error messages are also recorded in the event log:

Event ID: 1526
Severity: Error

Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator.

Event 1000:
Source: Userenv
Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator.

If a user cannot be logged on by using a cached profile and is issued a temporary profile, the standard temporary profile message appears after the error message.

How to turn off the new check for existing roaming user profile folders

A new computer policy that is named "Do not check for user ownership of Roaming Profile Folders" exists under Administrative Templates\System\User Profiles in Group Policy Editor. In Windows 2000 SP4, the new computer policy exists under Computer configuration\Administrative Template\System\Logon in Group Policy Editor. Administrators can use this policy to turn off the ownership verification for existing roaming user profile folders and to revert to the Windows XP behavior. This new policy prevents Windows XP SP1 and Windows 2000 SP4 from checking for correct permissions on a user's roaming profile folder. In Windows XP without SP1 and versions of Windows 2000 before SP4, no checks are performed for correct permissions if the profile folder already exists.

Windows XP SP1 and Windows 2000 SP4 do not copy files to or from the roaming profile folder if all these conditions exist:

You turn off or do not configure this setting.
The roaming user profile folder exists.
Neither the user nor the Administrators group is the owner of the folder.

If you turn on this setting, the behavior is the same as Windows XP without SP1 and versions of Windows 2000 before SP4.