In this guide, you will learn how to use the gpupdate /force command to immediately apply new GPO settings. I’ll also show you how to force an update on multiple remote computers.
The gpupdate command is built into all versions of the Windows operating system, client, and server.
By default, Windows will update group policy settings every 90 minutes or when during a computer reboot. There are times when you need to immediately update a computer’s policies and waiting 90 minutes is not an option. By using the gpupdate command you can force a policy update.
GPUpdate VS GPUpdate /force
What is the difference between gpupdate and gpupdate /force command?
- GPUpdate – Applies only policies that have changed. For example, you update the policy that enabled the Windows lock screen. This command will only apply that one policy that changed.
- GPUpdate /force – This command reapplies all policy settings. If you have 20 group policies all 20 will get reapplied.
So which command should you use? It’s best to start with the GPUpdate command, this should work most of the time. If the gpupdate command didn’t work then try gpupdate /force.
I would not run gpupdate /force on several devices at one time. If you have a lot of group policies this can be resource intensive on domain controllers.
Video Tutorial
GPUpdate Command Examples
To run gpupdate open the windows command prompt and type the following command.
gpupdateYou should get a message back that it was completed successfully.
To reapply all policies use the /force switch.
gpupdate /force
Let’s take a look at some real world examples of when to use the gpupdate command.
Example 1: Add shortcut to users desktop
A user puts in a high priority ticket and says I need the timesheet program installed on my computer ASAP. In this example, the user just needs a desktop shortcut added to the desktop. Ok, no problem.
You go into the group policy management console and apply the GPO to the user. You then remote to the user’s computer and run the gpupdate command.
Here is a before picture.
After running gpupdate you can see the desktop shortcut added to the desktop.
The group policy immediately applies and the shortcut is added to the desktop. A reboot would also refresh the group policies but sometimes that is inconvenient for your users.
The nice thing about the gpupdate command is it can be run as a user with non admin rights. In the example above you can see I ran the command with the user logged in. Depending on the GPO settings this may not always work. In some cases, you may need to reboot a computer for settings to apply.
Example 2: Your Boss requests for software to be installed
In this example, your boss needs Acrobat Pro installed right away. Sure thing boss. Open the group policy management console and add the user to the GPO that installs Acrobat Pro.
Next, issue the gpupdate command. But this time you get the message below.
I wanted to show this example because not all policies can be applied immediately. Deploying software through group policy can only occur during a restart.
Sorry, boss you need to reboot. 🙂
When do I use the GPUpdate /force command?
The two examples I provided only required the gpupdate command to be run. You should only use the /force option for troubleshooting or when there is an issue applying a policy.
With that said I’ve not seen any issues running gpupdate /force as the first option. I’ve also seen no reason to run it as the first option. Most of the time I’m able to run gpupdate and everything works. As I mentioned above the main concern with gpupdate /force is running it on multiple computers at once, this could put a major load on your domain controllers.
Run GPUpdate on Multiple Computers
If you need to force a group policy update on remote computers or multiple computers you can use these examples.
Method 1: Using the Group Policy Management Console
Did you know you can use the group policy management console to update remote and multiple computers?
In the GPM console just right click an OU and click group policy update.
You will get a progress bar showing you the status.
Method 2: Using Invoke-GPupdate PowerShell command
There is a PowerShell command to refresh group policies. To update on a single computer use this command
Invoke-GPUpdateTo update on multiple computers using PowerShell use this command. The below command will update all computers in my Accounting OU. Just change the search base path to the distinguishedName of your OU.
PS C:\> $computers = Get-ADComputer -Filter * -SearchBase "OU=Accounting,OU=ADPRO Computers,DC=ad,DC=activedirectorypro,DC=com"
PS C:\> $computers | ForEach-Object -Process {Invoke-GPUpdate -Computer $_.name -RandomDelayInMinutes 0 -Force}GPUpdate Syntax
To see all command line options run gpupdate /? There are several command line switches but in all my years as a sysadmin I’ve only used gpupdate and gpupdate /force.
I hope you found this guide useful. Feel free to leave a comment or question below.