On 2/18/2013 7:11 AM, Lars Schimmer wrote: > If I remove the system:anyuser ACL, windows 8 denies my access to the > profile path and logs in with local cached profile and does not write > back on logout any data to OpenAFS path. > If I set system:anyuser rl on my profile path, Windows 8 does load > profile from OpenAFS path and saves back data on logout to that path, > and all files do have the correct UserID. > > I do use Windows 8 64bit, OpenAFS 1.7.2119 and "obtain tokens on login". > It looks like windows tries to lookup profile ahead of obtaining tokens.
What this means is that some process on the system is attempting to access the data without credentials. This could be an anti-malware product attempting to read data in a system worker thread and failing the access by windows. It could be a Windows process that is running without impersonation or a Windows process running with impersonation but started independently of the winlogon.exe session that establishes the AFS Authentication Group. The Process Monitor log will tell you which process is making the failed request and which user context it is in. Process Monitor knows nothing about AFS Authentication Groups but the timing of the requests can imply many things. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
