[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Allow Cross-Forest User Policy and Roaming User Profiles

ID: oval:org.secpod.oval:def:19616Date: (C)2014-05-29   (M)2023-07-14
Class: COMPLIANCEFamily: windows




The Allow Cross-Forest User Policy and Roaming User Profiles machine setting should be configured correctly. Allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests. This setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists. When this setting is not configured: - No user-based policy settings are applied from the user's forest - Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted. - Loopback Group Policy processing is applied, using the Group Policy objects (GPOs) that are scoped to the computer. - An event log message (1109) is posted, stating that loopback was invoked in Replace mode. When this setting is enabled, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest. When this setting is disabled, the behavior is the same as if it is not configured. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Group Policy\Allow Cross-Forest User Policy and Roaming User Profiles (2) KEY: HKLM\Software\Policies\Microsoft\Windows\System\AllowX-ForestPolicy-and-RUP

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-13723-2
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-13723-2
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2

© SecPod Technologies