Policy
Add the Administrators security group to roaming user profiles
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
This policy setting adds the Administrator security group to the roaming user profile share. Once an administrator has configured a user's roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator. For the Windows XP Professional and Windows 2000 Professional operating systems, the default file permissions for the newly generated profile are full control, or read and write access for the user, and no file access for the administrators group. By configuring this policy setting, you can alter this behavior. If you enable this policy setting, the administrator group is also given full control to the user's profile folder. If you disable or do not configure this policy setting, only the user is given full control of their user profile, and the administrators group has no file system access to this folder. Note: If the policy setting is enabled after the profile is created, the policy setting has no effect. Note: The policy setting must be configured on the client computer, not the server, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time. Note: In the default case, administrators have no file access to the user's profile, but they may still take ownership of this folder to grant themselves file permissions. Note: The behavior when this policy setting is enabled is exactly the same behavior as in Windows NT 4.0.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\System\AddAdminGroupToRUP | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- UserConnect home directory to root of the shareWindows Server 2003, Windows XP, and Windows 2000 only
- ComputerControl slow network connection timeout for user profilesAt least Windows 2000
- ComputerDelete cached copies of roaming profilesAt least Windows 2000
- ComputerDelete user profiles older than a specified number of days on system restartAt least Windows Vista
- ComputerDisable detection of slow network connectionsAt least Windows 2000
- ComputerDo not check for user ownership of Roaming Profile FoldersAt least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Service Pack 4
- ComputerDo not forcefully unload the users registry at user logoffAt least Windows Vista
- ComputerDo not log users on with temporary profilesAt least Windows 2000
- ComputerDownload roaming profiles on primary computers onlyAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerEstablish timeout value for dialog boxesWindows Server 2003, Windows XP, and Windows 2000 only
- UserExclude directories in roaming profileAt least Windows 2000
- ComputerLeave Windows Installer and Group Policy Software Installation DataAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2