We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Error applying security and log on problems due to locked profile

SommelierRHS asked
Medium Priority
Last Modified: 2012-05-07
Users sometimes gets the message that the profile can't be loaded and a local profile is loaded instead. When I try to reset the security in the profile on the server with Properties-Security-Advanced and then Replace permission entries on all child objects I get the message "An error occur when applying security information to.....Access is denied" on an specific URL in the profile. When I then shutdown the server with the profiles, this will be fixed and the user can log on and gets the profile in a normal way.

But to shutdown a server is not the best way to "solve" this problem. Is there another solution to free the profile on the server?  I have implemented UPHClean on one specific pc where the user has this problem with the profile, but it seems not to solve the problem.

So is there any permanent solution for this problem?
Watch Question

Distinguished Expert 2019

You have UPHCLean listed in the tag.  This should address the issue.
Are these users access a terminal server as well as a workstation?
You should define a separate profile for terminal server use.

Do you include in your GPO to add the administrators group to the security settings of the roaming profile?

What you can check when this situation occurs is whether the specific file/resource is seen as in use on the server.  If the user is seen as using the file, you can disconnect them from the resource and see if that fixes the issue.

Do you have an anti-virus application on the fileserver?  Double check that it is up-to-date and perhaps has this as a known issue.
McAfee, Trend Micro and Symantec had some version that under intermittent circumstances under which they would lock a file.


Yes one user access both a terminal server and a workstation. So I get your message here. But the problem occurs even after I have "loosen up" the profile by restarting the server and this user only has been working a couple of days with his pc.

Not in a GPO, but directly in his profile on the server.

When this occurs I always tell the user to log off, and then still the specific file in the profile seems to be in use. So how can I make a disconnection on the (profile-)server (no terminal server)? And the core question still is could I resolve it in another way than to restart the server?

Yes I have a anti-virus application on the server, but it works fine and I have 30 more users who don't have this problem.

So what more to do?
Distinguished Expert 2019

Battled this issue myself.  The problem starts when the ntuser.dat file includes both workstation and Server data.Using folder redirection with roaming profiles that point to one share for the workstation login profiles and another for the terminal server login profiles resolves the conflict while allowing the individual to access the same documents and maintain most of the same application settings/options without wasting too much space.
With the folders redirected (my documents, application date, start menu, and desktop) provided you use office templates to relocate where outlook stores the pst file, the porfile will often take up less than 30MB.


Thanks for your research. I will try your advices during the next two days. Will be back in the beginning of next week.

Have a nice weekend!


I just remember a case in another organization a couple of months ago,where we solved profiles problems with the combination terminal server and workstation included. The problem existed when we had two Windows 2003 Servers as dc, Windows 2008 server as terminal server and workstations with Windows XP. When we changed the terminal server to a Windows 2003 server, the problems dissapeared.

In my case right now I have a Windows 2003 Server as the terminal server and workstations with Windows XP and from when this problems started a change from a SBS 2003 as dc to a Windows 2008 server as dc. Seems that the problem exists when a Windows Server 2008 is involded towards a workstation with XP.

So arnold, which mixture was your set up in your last research?
Distinguished Expert 2019
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.