Policy
Allow cross-forest user policy and roaming user profiles
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests. This policy setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists. If you do not configure this policy setting: - No user-based policy settings are applied from the user's forest. - Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted. - Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer. - An event log message (1109) is posted, stating that loopback was invoked in Replace mode. If you enable this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest. If you disable this policy setting, the behavior is the same as if it is not configured.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\System\AllowX-ForestPolicy-and-RUP | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAlways use local ADM files for Group Policy Object EditorWindows Server 2003 and Windows XP only
- ComputerChange Group Policy processing to run asynchronously when a slow network connection is detected.At least Windows Vista
- ComputerConfigure Direct Access connections as a fast network connectionAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerConfigure disk quota policy processingAt least Windows 2000
- ComputerConfigure EFS recovery policy processingAt least Windows 2000
- ComputerConfigure folder redirection policy processingAt least Windows 2000
- ComputerConfigure Group Policy CachingAt least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
- UserConfigure Group Policy domain controller selectionAt least Windows 2000
- ComputerConfigure Group Policy slow link detectionAt least Windows 2000
- UserConfigure Group Policy slow link detectionAt least Windows 2000
- ComputerConfigure Internet Explorer Maintenance policy processingAt least Windows 2000
- ComputerConfigure IP security policy processingAt least Windows 2000