In this guide, you will learn how to use the gpupdate command to immediately apply new group policy settings to users and computers.
I’ll also explain the difference between the gpupdate and gpupdate /force command.
Contents
- What is gpupdate
- How to use the gpupdate command
- GPUpdate vs GPUpdate /force
- Run gpupdate on remote computer
- GPUpdate examples
What is the gpupdate command
The gpupdate command is a tool built into the Windows operating system and is used to update or apply new group policy settings. The gpupdate command is often used by Windows technicians to ensure group policy settings are applied to a computer.
What are group policy settings?
Group policy settings are configurations such as password settings, lockout policy, screen lockout, restrict system changes and so on. These settings are configured in Active Directory and can be applied to specific or all users and computers.
In a Windows domain, the group policy settings automatically refresh every 90 minutes or when the computer is rebooted. There are times when you need to immediately update a computer’s policies and waiting 90 minutes is not an option. With the gpupdate command you can immediately refresh the group policy settings without a reboot.
How to use the gpupdate command
The gpupdate command is very easy to use.
There are several command line switches available with the gpupdate command, to view all the options use this command.
gpupdate /?Key Parameters
- /target:user: Specifies that only user policies are updated.
- /target:computer: Specifies that only computer policies are updated.
- /force: Reapplies all policy settings. By default, only policy settings that have changed are
applied.
To update the group policies, follow the steps below.
Step 1. Start windows PowerShell
Step 2. Type gpupdate and press enter
Step 3. Wait for the command to complete
When the gpupdate command is complete it should say completed successfully for both user and computer policies.
To update only the user policy settings run this command.
gpupdate /target:userTo update only the computer policy settings run this command.
gpupdate /target:computerGPUpdate VS GPUpdate /force
What is the difference between gpupdate and gpupdate /force command?
- GPUpdate – This command performs an increment update. This means it only applies policies that have changed or new settings since the last update. For example, you update the GPO policy that enabled the Windows lock screen. This command will only apply that one policy that changed.
- GPUpdate /force – This command forces all group policies to be reapplied to the computer. If you have 20 group policies, then all 20 will get reapplied.
Here is a table showing the difference between gpupdate and gpupdate /force.
| Feature | gpupdate | gpupdate /force |
|---|---|---|
| Purpose | Updates only policy settings that have changed. | Reapplies all policy settings. |
| When to Use | Refresh existing GPO policies or apply new GPOs. | Troubleshooting or to download and reapply ALL GPOs. |
| Impact | Low – minimal impact as only changes are applied. | High – Can be high if running on multiple computers at the same time. |
| Use Case | You need to immediately apply a new GPO setting such as locking down the control panel or password settings. | The gpupdate command is not applying new GPO changes. |
So which command should you use?
It’s best to start with the GPUpdate command, this should work most of the time. If the gpupdate command didn’t work, then try gpupdate /force.
I would not run gpupdate /force on several devices at one time. If you have a lot of group policies this can be resource intensive on domain controllers.
With that said I’ve not seen any issues running gpupdate /force as the first option. I’ve also seen no reason to run it as the first option. Most of the time I’m able to run gpupdate and everything works. As I mentioned above the main concern with gpupdate /force is running it on multiple computers at once, this could put a major load on your domain controllers.
I often see helpdesk technicians run gpupdate /force as the first option, and again I see no issues with this on a one to one basis.
How to use the gpupdate force command
Only use the gpupdate /force command if you want to reapply all group policy settings.
Step 1. Start windows PowerShell
Step 2. Type gpupdate force and press enter
Step 3. Wait for command to complete
Run gpupdate on a remote computer
There are multiple ways to run gpupdate on remote computers.
Option 1. PowerShell
If you have PowerShell remoting enabled, you can run gpupdate using the command below.
Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { gpupdate }In this example, I’m updating the policies on the remote computer pc2.
To update on multiple remote computers using PowerShell use this command. The below command will update all computers in my Accounting OU. Just change the search base path to the distinguishedName of your OU.
PS C:\> $computers = Get-ADComputer -Filter * -SearchBase "OU=Accounting,OU=ADPRO Computers,DC=ad,DC=activedirectorypro,DC=com"
PS C:\> $computers | ForEach-Object -Process {Invoke-GPUpdate -Computer $_.name -RandomDelayInMinutes 0 -Force}Option 2. Group Policy Management Console
You can force a group policy update on all computers using the group policy management console.
Step 1. Open the Group Policy Management Console
Step 2. Right click an OU and select “Group Policy Update”
This will force an update on all the computers in the selected OU.
GPUpdate Examples
Here are some real-world examples of using the gpupdate command.
Example 1: Add shortcut to users desktop
A user puts in a high priority ticket and says I need the timesheet program installed on my computer ASAP. In this example, the user just needs a desktop shortcut added to the desktop. Ok, no problem.
You go into the group policy management console and apply the GPO to the user. You then remote to the user’s computer and run the gpupdate command.
Here is a before picture.
After running gpupdate you can see the desktop shortcut added to the desktop.
The group policy immediately applies, and the shortcut is added to the desktop. A reboot would also refresh the group policies but sometimes that is inconvenient for your users.
The nice thing about the gpupdate command is it can be run as a user with non admin rights. In the example above you can see I ran the command with the user logged in. Depending on the GPO settings this may not always work. In some cases, you may need to reboot a computer for settings to apply.
Example 2: Your Boss requests for software to be installed
In this example, your boss needs Acrobat Pro installed right away. Sure thing boss. Open the group policy management console and add the user to the GPO that installs Acrobat Pro.
Next, issue the gpupdate command. But this time you get the message below.
I wanted to show this example because not all policies can be applied immediately. Deploying software through group policy can only occur during a restart.
Sorry, boss you need to reboot. 🙂