Event Id | 1109 |
Source | Userenv |
Description | %1 from a different forest logged onto this machine. Cross Forest Group Policy processing is disabled and loopback processing has been enforced in this forest for this user account. |
Event Information | Explanation : A user from a different forest is logged into this computer and the users account does not reside in the computers Active Directory forest. Because of this, Group Policy loopback mode has been enabled for this account. This means that only the user policy settings from the computers forest will be applied and policy settings from the user accounts forest will not be applied during this logon session. Some corporations have strict legal requirements that mandate that computer systems and administrative boundaries be kept completely separate. User Action : No user action is required if the computers domain administrator does not require the user account to retrieve the policy settings from the user accounts forest. If this behavior is not desired, the computers domain administrator can override the default secure behavior by using a Group Policy setting if the administrators from the user accounts forest and computers forest are trusted. Note: If Group Policy processing is not disabled in a forest trust scenario, this might expose some security vulnerabilities. Forests are considered to be security boundaries. An administrator in one forest should not be able to alter a computers behavior if that computer is in a different forest. Group Policy loopback processing is enforced so that if a user logs on to a computer in a forest different from the forest in which the users user object resides, the users administratively assigned settings are not applied to the user on that computer. |
Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.