How to Update Group Policy on Remote Computers

Today I will show you how to force a group policy update on remote computers.

Computers will update group policy in the background every 90 minutes,  in addition, group policy is updated when the computer starts up.

There are times when you make changes or create new GPOs (Group Policy Objects) and you need the changes to go into effect immediately.

There are a few different methods for remotely updating group policy.

Let’s take a look.

Tip: Method 1 is best for older clients, Method 2 and 3 are for systems running 2012 and later.

Method 1: Using the gpupdate command with PsExec

This first method uses a built in command on the client computers called gpupdate.

To immediately force a group policy update on the local computer use this command

gpupdate /force

The /force will force all policies to update not just the new ones.

Now, if you have a bunch of computers that need updated it would be a pain to log into each one and run this command.

To run this on a remote computer you can use the PsExec command from the Sysinternals tool set.

Here is an example of using PsExec to remotely update group policy

“PsExec \\Computername Gpupdate”

Just replace Computername with the actual hostname of the computer.

Method 2: Using Group Policy Management Console

With Windows Server 2012 and later versions, you can now force a group policy update on remote computers from the Group Policy Management Console.

This method is super easy and allows you to run an update on a single OU or all OUs.

Here are the steps

Step 1: Open the Group Policy Management Console

You can open this console on a computer that has the RSAT tools installed or a server running the DHCP role.

Step 2: Right click an OU to update

You can update an individual OU or a parent OU and it will update all sub OUs.

I’m going to update my parent OU “ADPRO Computers” this OU has a few sub OUs broken out into departments. This will run a group policy update on all computers.

I’ll click yes to confirm to run the update.

Now this is pretty cool, I get a window showing me the status of group policy being updated on each computer.

There you have it, that’s how easy it is to use the group policy management console to remotely force a group policy update.

If you are a Powershell nerd then check out the next method.

Related: GPResult Tool: How To Check What Group Policy Objects are Applied

Method 3: Using Powershell Invoke-GPUpdate

In Windows 2012 you can now force an immediate update using the powershell invoke-GPUupdate cmdlet.

This command can be used to update Windows 10 and Windows 7 clients.

You will need Powershell installed as well as the Group Policy Management Console (GPMC).

Here is the command:

Invoke-GPUpdate -Computer COMPUTER-02 = RandomDelayMinutes 0

The RandomDelayMinutes 0 ensure that the policy is updated right away rather..

The only downside to using this command is that the clients will get a CMD screen pop up like below.

It only displays for about 3 seconds then closes.

If you want to use the PowerShell command to force an update on all computers you can use these commands:

PS C:\> $computers = Get-ADComputer -Filter *
 PS C:\> $computers | ForEach-Object -Process {Invoke-GPUpdate -Computer $_.name -RandomDelayInMinutes 0 -Force}

The above commands will pull in every computer from the domain, put them into a variable and run the commands for each object in the variable.

As always I hope you find this article useful.

Recommended Tool: SolarWinds Server & Application Monitor (SAM)

This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.

What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.

Download Your Free Trial of SolarWinds Server & Application Monitor. 

Leave a Comment