Friday, April 16, 2004

Windows Server 2003 Checks for Pre-Created Roaming Profile Folders When You Make a Roaming User Profile

"Versions of Microsoft Windows 2000 earlier than Service Pack 4 (SP4) and versions of Microsoft Windows XP earlier than Service Pack 1 (SP1) do not check the permissions of the target roaming profile folder if the folder already exists when a roaming user profile is created. This behavior might permit an individual to create another user's roaming profile folder in advance and to set permissions that might permit the creator of the folder to visit the folder later. The creator might then be able to modify the user's roaming user profile or to deny access to the legitimate user. Windows Server 2003, Windows XP Service Pack 1 (SP1), and Windows 2000 SP4 checks for correct permissions and does not permit roaming if the permissions are not those that Windows requires."



