How to Force Group Policy Update Remotely

There are a number of reasons you might want to force a group policy update either locally or remotely on a computer or server.

Perhaps you recently made a change to group policy that you want to test out. Maybe you have a workstation that isn’t exhibiting the right behavior for the policies it should have.

Whatever it is, you’ll be happy to know that forcing a gpupdate remotely is super simple and can be done in a variety of equally simple ways.

Force a GPUpdate with PowerShell Remotely Using Invoke-GPUpdate

Starting with Windows Server 2012, Microsoft added the command Invoke-GPUpdate to PowerShell to provide a flexible, programmatic way to force group policy updates both locally and remotely.

Only the server running the command needs to be Server 2012 or newer. The client servers and workstations can be Windows 7, Windows 8, and Windows 10 generation operating systems.

The prerequisite for running this command is that you must have the GPMC or Group Policy Management Console installed on the machine you’re running the command from. This can be enabled as part of the Remote Server Admin Tools or RSAT.

Related: RSAT

To force a gpupdate use the following command:

Invoke-GPUpdate -Force

To force a gpupdate remotely use the following command:

Invoke-GPUpdate -Computer RemoteComputerName = RandomDelayMinutes 0 -Force

By specifying 0 for the random delay you are telling the OS to refresh group policy immediately.

To force a gpupdate on all clients in your domain use the following commands:

$clients = Get-ADComputer -Filter *
$clients | ForEach-Object -Process {Invoke-GPUpdate -Computer $ -RandomDelayInMinutes 0 -Force}

The script will store every computer object in your domain in the $clients variable and then loop through the Invoke-GPUpdate -Force command for each of them.

Force a GPUpdate Remotely with Group Policy Management Console

Here is another option for forcing group policy updates that Microsoft introduced starting with Windows Server 2012 through Windows Server 2016.

When run from a 2012 or newer Server you can use the Group Policy Management Console or GPMC to push group policy updates.

  1. Launce the GPMC.
  2. Locate the OU that you need to force gpudpate on.
  3. Right click the computer or OU and click on Group Policy Update…
  4. A box will open with a summary of what you’re about to do. Click Yes to proceed.
  5. Another box should open and show you the status of the group policy update.

The only drawback to this method is you have to force the gpupdate on an entire OU (and any OUs nested in it). You cannot select just one computer. Though you can cheat a little by creating an OU and moving just one computer to it and then performing the same steps above.

Force a GPUpdate Remotely using PsExec

Finally, there is the tried and true method of doing a gpupdate /force using command line. You can use the PsExec tool from the PsTools download by Sysinternals to connect to the command line on a remote computer.

  1. Download PsTools from the link above.
  2. Extract PsExec.exe to your C:\Windows\System32 folder.
  3. Open command prompt.
  4. Enter the following command:
psexec \\remotecomputername CMD

The psexec utility will launch, opening a remote command line.

  1. Enter the following command:
gpupdate /force
  1. Type exit or close the box to leave the remote command line.

PsExec is actually a very handy tool. I’ve used it for a plethora of things over the years. I recommend you keep it around just in case.

Recommended for You: Solarwinds Hybrid Systems Monitoring Bundle

Know which applications are having issues in your environment before users complain? Know which systems are causing those problems or were recently changed by someone? How about which servers are about to have problems like running out of space or memory?

Automate collection of data and alerting on your local or cloud applications and servers with Solarwinds Hybrid Systems Bundle so you have these answers.

Get insight into Active Directory, DNS, DHCP, and your Virtual and Applications environments, both locally and cloud hosted, without needing to mess with complex templates or knowing a single line of code.

Chase Smith, CCNP

Chase Smith, CCNP is a Network Engineer III who has spent the last decade elbow deep in enterprise system administration and networking. He can usually be found trying to warm up behind the storage in the datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *