About UPHClean v2.0 events 1630, 1631 and 1632

UPHClean v2.0 tries to assist when the security descriptor prevents access to a file or directory.  This often prevents the system from completing the profile reconciliation process.  This can happen because the inherited permissions are set incorrectly or possibly because the user sets to prevent administrative and/or system access.

UPHClean attempts to deal with that by changing the security descriptor.  This is done for access to file or directory access that result in access denied.  In the case where the file or directory is local it is likely that UPHClean will be able to change the security descriptor since it can use the take ownership right to do so.  In the remote case it is possible that UPHClean will fail to change the permissions.  So this correction UPHClean may not always succeed.

Here are relevant events that can occur:

  • Event 1630: Access to %1 was granted after updating the security descriptor of the file.
    • This event indicates that UPHClean changed the security descriptor for the file/directory named %1 and was successful.  Access permissions necessary to proceed with profile work were granted.  Access to the file or directory was successful.
  • Event  1631: Access to %1 failed after updating the security descriptor of the file.
    • This event indicates that UPHClean changed the security descriptor and was successful.  Even though UPHClean granted the access permissions necessary to perform the profile work the requested access was denied.  This can happen if the source of the access denied is not security descriptor permission related.  The interference could be coming from a background process (i.e. a virus scanner) or other unknown source.
  • Event 1632: Security descriptor for file %1 could not be updated.  Error %2 %3.
    • This event indicates that UPHClean failed in its attempt to change the security descriptor.  %2 is replaced with the text of the error and %3 is the error number.  Access to the file or directory failed.

Note that the name logged with the event may contain an unfamiliar drive letter.  This drive letter represents the roaming profile location.  It exists only during the profile reconciliation process.

These events are logged so that you can know that UPHClean took these actions.  This is critical if auditing. 

If the user profile is reconciling properly you can ignore these.  If the profile is not reconciling properly and you are logging events 1631 or 1632 you should review the security descriptor hierarchy to insure that the permissions are as intended and allow system/administrative access.