Return to site

Gpupdate Force

broken image


I would also try logging into the device as another user and run the gpupdate /force and see if you get the same issues. This will also allow you to see if it is a user issue, device issue or server issue. Please let me know how you go with this so I can provide more solutions for you to try. How To GPUpdate on Remote Computers - Tips & Tricks. This might be an old trick but I just recently had a need doing it and thought it might be a good idea sharing.

When I first started learning about Active Directory, Group Policy always seemed very fickle. Sometimes I could run GPUpdate, other times I had to run /force.

As it turned out, Group Policy was always working – I just didn't understand it. So what's the difference between GPUpdate and GPUpdate /force? Well –

GPUpdate: Applies any policies that is new or modified

GPUpdate /force: Reapplies every policy, new and old.

So which one should I use? 99% of the time, you should only run gpupdate. If you just edited a GPO and want to see results immediately, running gpupdate will do the trick. In fact, running GPUPdate /force on a large number of computers can be damaging to your career. This is because these machines will hit a domain controller and reevaluate every GPO applicable to them.

Note: If you are looking for the remote version of GPUpdate in Active Directory Users and Computers, see this guide.

Anything else?

Gpupdate /force Windows 7

Since you asked, why yes there is! GPUpdate has a few other options for you to use.

Gpupdate force/force

/LogOff: Certain GPOS, such as Folder Redirection, can't apply in the background. If a logoff is required, this switch will initiate it.

/Boot: If a policy, such as software installation, needs to be applied – the boot command will reboot the machine.

/Sync: Useful for changing the foreground (startup/logon) processing to synchronous.

…Enlightening…

Sarcasm aside, yes it is! You probably noticed a lack of remote support with GPUpdate. To address this, Microsoft introduced the Invoke-GPUpdate cmdlet. Here is an example:

Invoke-GPUpdate -Computer COMPUTERNAME -Force

or

$Computers = Get-AdComputer -SearchBase 'OU=Brunswick, DC=Test,DC=local' -Filter *

Foreach ($Computer in $Computers) {invoke-gpupdate -Computer $Computers.Name}

Got an easier way to GPUpdate?

The example above might not be the most practical way of initiating a GPUpdate. Knowing this, Microsoft included the ability to start a GPUpdate remotely in the Server 2012/Windows 8 version of Group Policy Management Console.

As you can see in the picture above, right clicking on any OU will allow you to trigger a remote GPUpdate. Microsoft provided a little security with this tool by not allowing a GPUpdate at the domain level. However, this only works within Group Policy Management. Because a good bit of my work is done within Active Directory Users and Computer, I prefer this method of running a remote GPUpdate.

GPUpdate seemed like such a simple tool. As you now know, it is very powerful and completely customizable to your situation and environment. So the next time you see an administrator running an unwarranted gpupdate /force, explain the differences and let your domain controllers take a breather! And now that GPUpdate has been straightened out, have you been running GPResult remotely?

Finally, if you want to learn more about Group Policy and how it will make your life easier, then subscribe to DeployHappiness and get great weekly tips (plus your free guide to the Windows 8 Administrative Start Menu)!

Today I will show you how to force a group policy update on remote computers.

Computers will update group policy in the background every 90 minutes, in addition, group policy is updated when the computer starts up.

There are times when you make changes or create new GPOs (Group Policy Objects) and you need the changes to go into effect immediately.

There are a few different methods for remotely updating group policy.

Let's take a look.

Tip: Method 1 is best for older clients, Method 2 and 3 are for systems running 2012 and later.

Method 1: Using the gpupdate command with PsExec

This first method uses a built in command on the client computers called gpupdate.

To immediately force a group policy update on the local computer use this command

Now, if you have a bunch of computers that need updated it would be a pain to log into each one and run this command.

To run this on a remote computer you can use the PsExec command from the Sysinternals toolset.

Here is an example of using PsExec to remotely update group policy

Just replace Computername with the actual hostname of the computer.

Method 2: Using Group Policy Management Console

With Windows Server 2012 and later versions, you can now force a group policy update on remote computers from the Group Policy Management Console.

This method is super easy and allows you to run an update on a single OU or all OUs.

User Aduc To Force Gpupdate

Here are the steps

Step 1: Open the Group Policy Management Console

You can open this console on a computer that has the RSAT tools installed or a server running the DHCP role.

Step 2: Right click an OU to update

You can update an individual OU or a parent OU and it will update all sub OUs.

I'm going to update my parent OU 'ADPRO Computers' this OU has a few sub OUs broken out into departments. This will run a group policy update on all computers.

I'll click yes to confirm to run the update.

Now this is pretty cool, I get a window showing me the status of group policy being updated on each computer.

There you have it, that's how easy it is to use the group policy management console to remotely force a group policy update.

If you are a Powershell nerd then check out the next method.

Related: GPResult Tool: How To Check What Group Policy Objects are Applied

Method 3: Using Powershell Invoke-GPUpdate

In Windows 2012 you can now force an immediate update using the powershell invoke-GPUupdate cmdlet.

This command can be used to update Windows 10 and Windows 7 clients.

You will need Powershell installed as well as the Group Policy Management Console (GPMC).

Here is the command:

The RandomDelayInMinutes 0 specifies the delay. Setting it to 0 will update group policy right away.

The only downside to using this command is that the clients will get a CMD screen pop up like below.

Gpupdate Force Remote Computer

It only displays for about 3 seconds then closes.

If you want to use the PowerShell command to force an update on all computers you can use these commands:

The above commands will pull in every computer from the domain, put them into a variable and run the commands for each object in the variable.

As always I hope you find this article useful.

Recommended Tool: SolarWinds Server & Application Monitor

This utility was designed to Monitor Active Directory and other critical services like DNS & DHCP. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.

What I like best about SAM is it's easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.





broken image