Using GPUpdate command

Using GPUpdate to Update Group Policy Settings


After changing any Group Policy setting using the local GPO editor (gpedit.msc) or domain policy editor (gpmc.msc), the new policy setting is not immediately applied to the user/computer. You can wait for automatic updating of GPO (up to 90 minutes), or you can update and apply policies manually using the GPUpdate command. The GPUpdate command is used to force the update of the computer and/or user group policy settings.

Note. The secedit/refreshpolicy command was used in Windows 2000 to manually refresh group policies. In the following versions of Windows, it was replaced by the GPUpdate utility.

The full syntax of the gpupdate tools looks like this:

Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:<value>] [/Logoff] [/Boot] [/Sync]

gpupdate

When you run the gpupdate command without parameters, only new and changed user and computer policy settings are applied.

gpupdate command

Updating policy…

Computer Policy update has completed successfully.

User Policy update has completed successfully.

You can only update user or computer policies using the /target option. For example,

  • gpudate /target:user
  • gpupdate /target:computer

To enforce the update of group policy settings you can use the GPUpdate /force command.

What is the Difference Between GPUpdate and GPUpdate /force?

The gpupdate command applies only changed policies, and the GPUpdate /force command reapplies all client policies—both new and old (regardless of whether they have been changed).

In most cases, you need to use gpupdate to update the policies on the computer. In large Active Directory domains, frequent use of the /force switch when updating GPOs places a heavy load on domain controllers (because computers re-request all policies targeted at them or users).

As we said earlier, group policies are updated automatically every 90 minutes or during computer startup. Therefore, in most cases you shouldn‘t use the gpupdate /force command (especially in various scenarios) due to the high load on client computers and domain controllers.

You can add a delay (up to 600 seconds) before updating policies using the /wait parameter:

Gpupdate /wait:30

Because some user policies cannot be updated in the background, but only at a user logon (installation of programs, folder redirection, etc.), you can log off for the current user with the command:

gpupdate /logoff

Some computer policy settings can only be applied at startup, so you can initiate a computer reboot using the /Boot parameter:

gpupdate /Boot

The /Sync parameter specifies that the next policy application should be performed synchronously. Active policy enforcement occurs when a computer is restarted or when a user logs on.

Invoke-GPUpdate cmdlet has been added to PowerShell 3.0, which can be used to update policies on remote computers. For example, the following command will launch a remote group policy update of on the computer PC1:

Invoke-GPUpdate -Computer PC1 -Force

You can force policy updates on all computers in the specified Active Directory OU using the commands:

$Comps = Get-AdComputer -SearchBase "OU=Computers,OU=Mun,OU=DE,DC=theitbros,DC=com" -Filter *

Foreach ($Comp in $Comps) {invoke-gpupdate -Computer $Comp.Name}

You may also like:

Time Configuration for a Virtualized Domain Contro... Today we will talk about some of the features of time configuration on a virtualized domain controllers. Typically, the time synchronization scheme in...
Removing Old and Unused Drivers from Driver Store ... Each time you install or update your device driver, Windows OS (since Vista) continues to store the old version of the driver in the system Driver Sto...
How to transfer FSMO Roles From a Failed Domain Co... In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic ha...
Installing WebDAV client on Windows Server 2016 WebDAV (Web Distributed Authoring and Versioning) is an extension of the HTTP/1.1 protocol. The WebDAV protocol allows to access files on the remote s...
Get-service: Checking the Status of Windows Servic... Using the Get-Service cmdlet you can get a list of all the services installed on the operating system, its status and startup type. This one and other...

Add Your Comment