Problems with file attributes

[hovelsj]

We have a problem with roaming profiles copied during logon.

We experience that winlogon.exe copies files and folders from the profile-share and sets the "Read-Only"-attribute on the folders through the "SetBasicInformationFile"-operation. An application we use checks for this attribute and quits if found.

If we copy files from the profile-share manually from a logged in session, the attribute is not set.

The share is on Samba (version 3.0.21b). The Archive-attribute is set on the files on the share.

Why does winlogon.exe set the "Read-Only"-attribute ® at logon?

Any input is appreciated

[TranceEnergy]

Could you please provide Operating system, service pack version, and name of host/client OS, etc etc. Just provide details.

If i understand your post correctly, though i doubt i do, could you not just remove winlogon.exe from allowed ras clients? I have no idea how winlogon could do that or even if you are correct

that it is winlogon.

[hovelsj]

OS: Windows 2003 Standard,SP2 - 32-bit

I used Process Monitor to find out about winlogon.exe:

The process:

=========

Description: Windows NT Logon Application

Company: Microsoft Corporation

Name: winlogon.exe

Version: 5.02.3790.3959

Path: C:\WINDOWS\system32\winlogon.exe

Command Line: winlogon.exe

PID: 472

Parent PID: 400

Session ID: 0

User: NT AUTHORITY\SYSTEM

Architecture: 32-bit

Virtualized: n/a

Integrity: n/a

Started: 13.08.2008 16:17:34

Ended: (Running)

Modules:

winlogon.exe 0x1000000 0x87000 C:\WINDOWS\system32\winlogon.exe

xpsp2res.dll 0x1290000 0x2C5000 C:\WINDOWS\system32\xpsp2res.dll

msvcp60.dll 0x15A0000 0x65000 C:\WINDOWS\system32\msvcp60.dll

msctfime.ime 0x4DC30000 0x2E000 C:\WINDOWS\system32\msctfime.ime

dimsntfy.dll 0x5A120000 0x8000 C:\WINDOWS\system32\dimsntfy.dll

NTLANMAN.dll 0x5F120000 0xE000 C:\WINDOWS\system32\NTLANMAN.dll

hnetcfg.dll 0x5F270000 0x5A000 C:\WINDOWS\system32\hnetcfg.dll

NETUI1.dll 0x5F860000 0x31000 C:\WINDOWS\system32\NETUI1.dll

NETUI0.dll 0x5F8A0000 0x16000 C:\WINDOWS\system32\NETUI0.dll

rsaenh.dll 0x68000000 0x35000 C:\WINDOWS\system32\rsaenh.dll

wshtcpip.dll 0x71AE0000 0x8000 C:\WINDOWS\System32\wshtcpip.dll

mswsock.dll 0x71B20000 0x41000 C:\WINDOWS\System32\mswsock.dll

UxTheme.dll 0x71B70000 0x36000 C:\WINDOWS\system32\UxTheme.dll

wsock32.dll 0x71BB0000 0x9000 C:\WINDOWS\system32\wsock32.dll

MPR.dll 0x71BD0000 0x11000 C:\WINDOWS\system32\MPR.dll

WS2HELP.dll 0x71BF0000 0x8000 C:\WINDOWS\system32\WS2HELP.dll

WS2_32.dll 0x71C00000 0x17000 C:\WINDOWS\system32\WS2_32.dll

NETAPI32.dll 0x71C40000 0x57000 C:\WINDOWS\system32\NETAPI32.dll

kerberos.dll 0x71CA0000 0x58000 C:\WINDOWS\system32\kerberos.dll

WINSCARD.DLL 0x72430000 0x1B000 C:\WINDOWS\system32\WINSCARD.DLL

WINSPOOL.DRV 0x73070000 0x27000 C:\WINDOWS\system32\WINSPOOL.DRV

icmp.dll 0x74010000 0x5000 C:\WINDOWS\system32\icmp.dll

wbemsvc.dll 0x74CE0000 0xE000 C:\WINDOWS\system32\wbem\wbemsvc.dll

wbemprox.dll 0x74CF0000 0x9000 C:\WINDOWS\system32\wbem\wbemprox.dll

Cabinet.dll 0x74FA0000 0x19000 C:\WINDOWS\system32\Cabinet.dll

wbemcomn.dll 0x750F0000 0x3A000 C:\WINDOWS\system32\wbem\wbemcomn.dll

fastprox.dll 0x75550000 0x79000 C:\WINDOWS\system32\wbem\fastprox.dll

PROFMAP.dll 0x75800000 0x9000 C:\WINDOWS\system32\PROFMAP.dll

NDdeApi.dll 0x75810000 0x8000 C:\WINDOWS\system32\NDdeApi.dll

WlNotify.dll 0x75820000 0x1B000 C:\WINDOWS\system32\WlNotify.dll

MSGINA.dll 0x75840000 0x12C000 C:\WINDOWS\system32\MSGINA.dll

sxs.dll 0x75DA0000 0xBD000 C:\WINDOWS\system32\sxs.dll

apphelp.dll 0x75E60000 0x27000 C:\WINDOWS\system32\apphelp.dll

drprov.dll 0x75E90000 0x7000 C:\WINDOWS\System32\drprov.dll

davclnt.dll 0x75EA0000 0xA000 C:\WINDOWS\System32\davclnt.dll

MSASN1.dll 0x76190000 0x12000 C:\WINDOWS\system32\MSASN1.dll

CRYPT32.dll 0x761B0000 0x93000 C:\WINDOWS\system32\CRYPT32.dll

IMM32.DLL 0x76290000 0x1D000 C:\WINDOWS\system32\IMM32.DLL

cscdll.dll 0x76520000 0x1D000 C:\WINDOWS\system32\cscdll.dll

cryptdll.dll 0x766E0000 0xC000 C:\WINDOWS\system32\cryptdll.dll

NTDSAPI.DLL 0x766F0000 0x14000 C:\WINDOWS\system32\NTDSAPI.DLL

USERENV.dll 0x76920000 0xC2000 C:\WINDOWS\system32\USERENV.dll

ATL.DLL 0x76A80000 0x18000 C:\WINDOWS\system32\ATL.DLL

WINMM.dll 0x76AA0000 0x2D000 C:\WINDOWS\system32\WINMM.dll

sfc.dll 0x76B10000 0x5000 C:\WINDOWS\system32\sfc.dll

SHSVCS.dll 0x76B40000 0x23000 C:\WINDOWS\system32\SHSVCS.dll

PSAPI.DLL 0x76B70000 0xB000 C:\WINDOWS\system32\PSAPI.DLL

credui.dll 0x76B80000 0x2E000 C:\WINDOWS\system32\credui.dll

WINTRUST.dll 0x76BB0000 0x2B000 C:\WINDOWS\system32\WINTRUST.dll

sfc_os.dll 0x76BE0000 0x2B000 C:\WINDOWS\system32\sfc_os.dll

imagehlp.dll 0x76C10000 0x28000 C:\WINDOWS\system32\imagehlp.dll

MPRAPI.dll 0x76CD0000 0x19000 C:\WINDOWS\system32\MPRAPI.dll

iphlpapi.dll 0x76CF0000 0x1A000 C:\WINDOWS\system32\iphlpapi.dll

adsldpc.dll 0x76DC0000 0x28000 C:\WINDOWS\system32\adsldpc.dll

ACTIVEDS.dll 0x76DF0000 0x34000 C:\WINDOWS\system32\ACTIVEDS.dll

rtutils.dll 0x76E30000 0xC000 C:\WINDOWS\system32\rtutils.dll

DNSAPI.dll 0x76ED0000 0x2A000 C:\WINDOWS\system32\DNSAPI.dll

WTSAPI32.dll 0x76F00000 0x8000 C:\WINDOWS\system32\WTSAPI32.dll

WLDAP32.dll 0x76F10000 0x2E000 C:\WINDOWS\system32\WLDAP32.dll

Secur32.dll 0x76F50000 0x13000 C:\WINDOWS\system32\Secur32.dll

winrnr.dll 0x76F70000 0x7000 C:\WINDOWS\System32\winrnr.dll

rasadhlp.dll 0x76F80000 0x5000 C:\WINDOWS\system32\rasadhlp.dll

COMRes.dll 0x77010000 0xC6000 C:\WINDOWS\system32\COMRes.dll

SETUPAPI.dll 0x770E0000 0x108000 C:\WINDOWS\system32\SETUPAPI.dll

WINSTA.dll 0x771F0000 0x11000 C:\WINDOWS\system32\WINSTA.dll

USER32.dll 0x77380000 0x91000 C:\WINDOWS\system32\USER32.dll

Comctl32.dll 0x77420000 0x103000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\Comctl32.dll

COMCTL32.dll 0x77530000 0x97000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll

ole32.dll 0x77670000 0x139000 C:\WINDOWS\system32\ole32.dll

CLBCatQ.DLL 0x777B0000 0x83000 C:\WINDOWS\system32\CLBCatQ.DLL

REGAPI.dll 0x77910000 0x11000 C:\WINDOWS\system32\REGAPI.dll

VERSION.dll 0x77B90000 0x8000 C:\WINDOWS\system32\VERSION.dll

msvcrt.dll 0x77BA0000 0x5A000 C:\WINDOWS\system32\msvcrt.dll

GDI32.dll 0x77C00000 0x48000 C:\WINDOWS\system32\GDI32.dll

RPCRT4.dll 0x77C50000 0x9F000 C:\WINDOWS\system32\RPCRT4.dll

OLEAUT32.dll 0x77D00000 0x8B000 C:\WINDOWS\system32\OLEAUT32.dll

SHLWAPI.dll 0x77DA0000 0x52000 C:\WINDOWS\system32\SHLWAPI.dll

NTMARTA.DLL 0x77E00000 0x21000 C:\WINDOWS\system32\NTMARTA.DLL

kernel32.dll 0x77E40000 0x102000 C:\WINDOWS\system32\kernel32.dll

ADVAPI32.dll 0x77F50000 0x9B000 C:\WINDOWS\system32\ADVAPI32.dll

ntdll.dll 0x7C800000 0xC0000 C:\WINDOWS\system32\ntdll.dll

shell32.dll 0x7C8D0000 0x7FF000 C:\WINDOWS\system32\shell32.dll

SAMLIB.dll 0x7E020000 0xF000 C:\WINDOWS\system32\SAMLIB.dll

The Event:

=======

Sequence: 555880

Date & Time: 05.09.2008 10:08:40

Event Class: File System

Operation: SetBasicInformationFile

Result: SUCCESS

Path: C:\Documents and Settings\%username%\Application Data\<path to folder>

TID: 34504

Duration: 0.0000461

CreationTime: 01.01.1601 02:00:00

LastAccessTime: 01.01.1601 02:00:00

LastWriteTime: 01.01.1601 02:00:00

ChangeTime: 01.01.1601 02:00:00

FileAttributes: RN