By default, Group Policy automatically refreshes every 90 minutes. Sometimes waiting is not an option. The gpupdate /force command immediately reapplies all Group Policy settings without waiting for the next refresh cycle. In this guide you will learn the syntax, available switches and real world examples.
Table of contents
- What does the gpupdate /force command do
- GPUpdate vs GPUpdate /force
- GPUpdate Command Syntax
- How to run the gpupdate command
- Run gpupdate on remote computer
- GPUpdate Command Examples
What does the gpupdate /force command do
When you run gpupdate /force, it immediately reapplies all Group Policy settings to the computer without waiting for the next refresh cycle.
By default, Windows refreshes group policy settings every 90 minutes, but there are times when you need changes applied immediately without waiting for the next refresh cycle. The gpupdate /force command bypasses the refresh interval and reapplies all policies instantly.
GPUpdate VS GPUpdate /force
What is the difference between gpupdate and gpupdate /force command?
- GPUpdate – This command performs an increment update. This means it only applies policies that have changed or new settings since the last update. For example, you update the GPO policy that enabled the Windows lock screen. This command will only apply that one policy that changed.
- GPUpdate /force – This command forces all group policies to be reapplied to the computer. If you have 20 group policies, then all 20 will get reapplied.
Here is a table showing the difference between gpupdate and gpupdate /force.
| Feature | gpupdate | gpupdate /force |
|---|---|---|
| What it does | Applies only new or changed policies. | Reapplies all policies regardless of changes. |
| When to use | After making a GPO change that needs to be applied immediately. | When gpupdate isn’t applying changes correctly or for troubleshooting. |
| Impact on DCs | Low – only changed policies are processed. | High – avoid running on multiple computers at the same time. |
| Best practice | Use this as your default command. | Only use when gpupdate alone is not working. |
Gpupdate Command Syntax
Full list of gpupdate command switches.
| Switch | Syntax | Description |
|---|---|---|
| None | gpupdate |
Applies only new or changed Group Policy settings |
| /force | gpupdate /force |
Forces all Group Policy settings to be reapplied regardless of changes |
| /target:user | gpupdate /target:user |
Updates only user Group Policy settings |
| /target:computer | gpupdate /target:computer |
Updates only computer Group Policy settings |
| /logoff | gpupdate /logoff |
Forces a logoff after Group Policy settings have been refreshed |
| /boot | gpupdate /boot |
Restarts the computer after Group Policy settings have been refreshed |
| /sync | gpupdate /sync |
Forces a synchronous policy refresh on the next logon or restart |
| /wait | gpupdate /wait:value |
Sets the number of seconds to wait for policy processing to finish |
How to run the gpupdate command
The gpupdate command is very easy to use.
To update the group policies, follow the steps below.
Step 1. Open cmd or PowerShell
Step 2. Type gpupdate and press enter
Step 3. Wait for the command to complete
When the gpupdate command is complete it should say completed successfully for both user and computer policies.
To update only the user policy settings run this command.
gpupdate /target:userTo update only the computer policy settings run this command.
gpupdate /target:computerHow to run the gpupdate /force command
Only use the gpupdate /force command if you want to reapply all group policy settings.
Step 1. Open cmd or PowerShell
Step 2. Type gpupdate /force and press enter
Step 3. Wait for command to complete
Depending on the policy you may be asked to reboot the computer before the policy takes effect.
Run gpupdate on a remote computer
There are multiple ways to run gpupdate on remote computers.
Option 1. PowerShell
If you have PowerShell remoting enabled, you can run gpupdate using the command below.
Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { gpupdate }In this example, I’m updating the policies on the remote computer pc2.
To update on multiple remote computers using PowerShell use this command. The below command will update all computers in my Accounting OU. Just change the search base path to the distinguishedName of your OU.
PS C:\> $computers = Get-ADComputer -Filter * -SearchBase "OU=Accounting,OU=ADPRO Computers,DC=ad,DC=activedirectorypro,DC=com"
PS C:\> $computers | ForEach-Object -Process {Invoke-GPUpdate -Computer $_.name -RandomDelayInMinutes 0 -Force}Option 2. Group Policy Management Console
You can force a group policy update on all computers using the group policy management console.
Step 1. Open the Group Policy Management Console
Step 2. Right click an OU and select “Group Policy Update”
This will force an update on all the computers in the selected OU.
Option 3. Remotely run gpupdate using PsExec
PsExec is a lightweight command line tool that allows you to execute processes on remote computers without installing client software. For example, you can execute the gpupdate command on a remote computer using the command below.
“PsExec \\ComputerName Gpupdate”
- To run this on a remote computer you will need to install the PsExec command from the Sysinternals toolset.
- Then open the command prompt and use the command above.
- Replace ComputerName with the actual hostname of the computer.
GPUpdate Command Examples
Here are some real-world examples of using the gpupdate command.
Example 1: Add shortcut to users desktop
A user puts in a high priority ticket and says I need the timesheet program installed on my computer ASAP. In this example, the user just needs a desktop shortcut added to the desktop. Ok, no problem.
You go into the group policy management console and apply the GPO to the user. You then remote to the user’s computer and run the gpupdate command.
Here is a before picture.
After running gpupdate you can see the desktop shortcut added to the desktop.
The group policy immediately applies, and the shortcut is added to the desktop. A reboot would also refresh the group policies but sometimes that is inconvenient for your users.
The nice thing about the gpupdate command is it can be run as a user with non admin rights. In the example above you can see I ran the command with the user logged in. Depending on the GPO settings this may not always work. In some cases, you may need to reboot a computer for settings to apply.
Example 2: Your Boss requests for software to be installed
In this example, your boss needs Acrobat Pro installed right away. Sure thing boss. Open the group policy management console and add the user to the GPO that installs Acrobat Pro.
Next, issue the gpupdate command. But this time you get the message below.
I wanted to show this example because not all policies can be applied immediately. Deploying software through group policy can only occur during a restart.
Sorry, boss you need to reboot. 🙂
Frequently Asked Questions
Does gpupdate /force require admin rights?
Short answer, it depends on the policy.
User based policies typically do not require admin rights but computer based policies do require admin rights. If you run gpupdate without admin rights you will only see results for the current user and computer policy settings will be skipped.
Does gpupdate /force require a reboot?
In most cases gpupdate /force does not require a reboot. However, some Group Policy settings such as software installation and folder redirection can only be applied during startup or logon. In these cases, gpupdate /force will prompt you to restart or log off to complete the update.
How long does gpupdate /force take?
The gpupdate /force command typically completes within a few seconds on a local computer. If you have a lot of group policy objects and a slow network connection it can cause the command to run much slower. Running gpupdate /force on multiple computers simultaneously can put a heavy load on the domain controller and take significantly longer.
Can gpupdate /force be run remotely
Yes gpupdate can be run on remote computers. The easiest way is to use PowerShell remoting with the Invoke-Command cmdlet or the Invoke-GPUpdate cmdlet.