Allow Cross-Forest User Policy and Roaming User Profiles

Allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.

This setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists.

When this setting is not configured:
- No user-based policy settings are applied from the user's forest
- Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted.
- Loopback Group Policy processing is applied, using the Group Policy objects (GPOs) that are scoped to the computer.
- An event log message (1109) is posted, stating that loopback was invoked in Replace mode.

When this setting is enabled, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest.

When this setting is disabled, the behavior is the same as if it is not configured.


Supported on: At least Windows Server 2003
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows\System
Value NameAllowX-ForestPolicy-and-RUP
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

grouppolicy.admx

Administrative Templates (Computers)

Administrative Templates (Users)