How to Update GPOs on Remote Computers

How to Update GPOs on Remote Computers

Updating GPOs On Remote Computers

Group Policy Objects can be added or modified by the administrator according to the requirements of the organization. Generally, the time taken for a new Group Policy Object (GPO) to be applied is between 90 and 120 minutes. Without any updates, computers update their group policies every 90 minutes in the background. In addition to this, they are also updated every time the computer starts up.

During instances where group policies need to be updated immediately without waiting for computers to restart, there are several methods that are available. These include using the Command Prompt, PowerShell commands and the Group Policy Management Console (GPMC).

Configuring Windows Firewall

In order to force a group policy refresh on remote computers using the Group Policy Management Console (GPMC) or PowerShell commands, the Windows Firewall needs to be configured. This is essential to allow the administrators to update group policies using 'gpupdate' remotely. The Windows Firewall can be configured to support these operations, by following the steps given below.
  1. Open the Start menu and select Server Manager.
  2. In the Server Manager, select Tools > Group Policy Management.
  3. Select Starter GPOs from the left pane of the Group Policy Management Console.
  4. Click on the Create Starter GPOs from the right pane of GPMC, if the list of Starter GPOs for your domain is not displayed.
  5. Locate your AD domain from the left pane and right click on it.
  6. Select the Create a GPO in this domain and Link it here option.
  7. In the New GPO dialog box, provide the name of the GPO.
  8. From the Source Starter GPO, select Group Policy Remote Update Firewall Ports and click OK.
  9. Click on your AD domain from the left pane and switch to the Linked Group Policy Objects tab on the right pane.
  10. Click on the new firewall settings GPO and move it above the Default Domain Policy.

Updating Group Policy using the Group Policy Management Console (GPMC)

A group policy update can be forced on remote computers using the Group Policy Management Console. This allows administrators to force updates on single and multiple organizational units (OU) remotely. The Group Policy Management Console can be used by installing Remote Server Administration Tools (RSAT), if it is not present already. A group policy update can be forced on all computers in an organizational unit by following the steps given below.
  1. Open the Group Policy Management Console.
  2. Right click on the desired Organizational Unit (OU) and select the Group Policy Update option.
  3. The Force Group Policy Update dialog box appears.
  4. Click Yes in the dialog box to confirm and complete the action.
  5. In the Group Policy Update Results window, check the results.

Updating Group Policy using the Command Prompt

Group policy updates can also be forced using the gpupdate command in the Command Prompt. This method allows the group policies to be updated manually. This can be done by following the steps given below.
  1. From the Start menu, select Command Prompt and Run as administrator.
  2. In the cmd window enter the following command to force a group policy update on the local computer.
    1. gpupdate /force
  3. To force a group policy update on a remote computer, enter the following command. This command can be used only to update the policies that have been changed.
    1. gpupdate /target: computer
  4. To force a group policy update on all policies use the following command.
    1. gpupdate /target: computer /force
  5. In addition to these, there are several switches to the command that are available for different purposes. Some of these include:
    1. /logoff: This causes the computer to log off after updating the group policy settings
    2. /boot : This causes the computer to restart after updating the group policy settings
    3. /sync: This allows the next policy application to be done synchronously
    4. /wait:<VALUE>: This allows the users to set a certain period of time (in seconds) to wait for the processing to be completed.

Updating Group Policy using PowerShell

The PowerShell invoke-GPUupdate cmdlet can be used to force immediate updates on the group policy. This can also be used to force updates on remote computers. This method requires PowerShell and Group Policy Management Console to be installed.

The following command can be used to schedule a group policy refresh on your current computer.
  1.       Invoke-GPUpdate
To schedule a group policy refresh on a remote computer, the following command can be used.
  1.       Invoke-GPUpdate -Computer "ZYLKER\COMPUTER-02" -Target "User"
Other features such as specifying the delay are also available to be used with this method.
    • Related Articles

    • PowerShell Remoting: Accessing Remote Computers with Precision

      In today's interconnected IT environments, managing remote computers is an essential task for system administrators. PowerShell Remoting, a powerful feature of Windows PowerShell, allows administrators to access and control remote machines ...
    • 5. Update-Help Command in PowerShell

      Introduction PowerShell, a versatile and powerful command-line tool, provides advanced users with an extensive set of capabilities for managing and automating tasks in the Windows environment. The Update-Help command plays a crucial role in this ...
    • How to block remote network access for local user accounts in Windows

      Introduction Local user accounts accessing other computers in the Active Directory (AD) network remotely may cause huge problems due to the security risk associated with the access privilege. The most commonly cited example is that if multiple user ...
    • How to create Desktop Shortcuts on Domain Computers via GPO

      Introduction Organizations sometimes may want to add certain shortcuts to all or some of the computers in their domain. For example, there might be a set of applications that all employees in an organization would need to use. The organization may ...
    • How to Migrate Users and Computers to a New Domain

      How to Move Active Directory Users and Computers from one Domain to another   In Active Directory, users and computers can be moved or migrated from one domain to another for various purposes. In intra-forest migration, objects are migrated between ...