How to Update Group Policy on Remote Computers

Today I will show you how to force a group policy update on remote computers.

Computers will update group policy in the background every 90 minutes,  in addition, group policy is updated when the computer starts up.

There are times when you make changes or create new GPOs (Group Policy Objects) and you need the changes to go into effect immediately.

There are a few different methods for remotely updating group policy.

Let’s take a look.

Tip: Method 1 is best for older clients, Method 2 and 3 are for systems running 2012 and later.

Method 1: Using the gpupdate command with PsExec

This first method uses a built in command on the client computers called gpupdate.

To immediately force a group policy update on the local computer use this command

gpupdate /force

The /force will force all policies to update not just the new ones.

Now, if you have a bunch of computers that need updated it would be a pain to log into each one and run this command.

To run this on a remote computer you can use the PsExec command from the Sysinternals toolset.

Here is an example of using PsExec to remotely update group policy

“PsExec \\Computername Gpupdate”

Just replace Computername with the actual hostname of the computer.

Method 2: Using Group Policy Management Console

With Windows Server 2012 and later versions, you can now force a group policy update on remote computers from the Group Policy Management Console.

This method is super easy and allows you to run an update on a single OU or all OUs.

Here are the steps

Step 1: Open the Group Policy Management Console

You can open this console on a computer that has the RSAT tools installed or a server running the DHCP role.

Step 2: Right click an OU to update

You can update an individual OU or a parent OU and it will update all sub OUs.

I’m going to update my parent OU “ADPRO Computers” this OU has a few sub OUs broken out into departments. This will run a group policy update on all computers.

I’ll click yes to confirm to run the update.

Now this is pretty cool, I get a window showing me the status of group policy being updated on each computer.

There you have it, that’s how easy it is to use the group policy management console to remotely force a group policy update.

If you are a Powershell nerd then check out the next method.

Related: GPResult Tool: How To Check What Group Policy Objects are Applied

Method 3: Using Powershell Invoke-GPUpdate

In Windows 2012 you can now force an immediate update using the powershell invoke-GPUupdate cmdlet.

This command can be used to update Windows 10 and Windows 7 clients.

You will need Powershell installed as well as the Group Policy Management Console (GPMC).

Here is the command:

Invoke-GPUpdate -Computer COMPUTER02  -RandomDelayInMinutes 0

The RandomDelayInMinutes 0 specifies the delay. Setting it to 0 will update group policy right away.

The only downside to using this command is that the clients will get a CMD screen pop up like below.

It only displays for about 3 seconds then closes.

If you want to use the PowerShell command to force an update on all computers you can use these commands:

PS C:\> $computers = Get-ADComputer -Filter *
 PS C:\> $computers | ForEach-Object -Process {Invoke-GPUpdate -Computer $_.name -RandomDelayInMinutes 0 -Force}

The above commands will pull in every computer from the domain, put them into a variable and run the commands for each object in the variable.

As always I hope you find this article useful.

Recommended Tool: SolarWinds Server & Application Monitor

This utility was designed to Monitor Active Directory and other critical services like Azure, DNS, and DHCP. It will quickly spot domain controller issues, replication, performance issues with cloud services, failed logon attempts, and much more.

What I like best about this tool is its easy to use interface and instant alerting features.

16 thoughts on “How to Update Group Policy on Remote Computers”

    • When I use GPMC it tells me, “Group Policy update will be forced on all computers within and all subcontainers within the next 10 minutes. Both user and computer policy settings will be refreshed.”

      Reply
  1. The powershell command for a single computer is not correct. There are a couple of mistakes. It should be:

    Invoke-GPUpdate -Computer “computername” -RandomDelayInMinutes 0

    Reply
  2. You can use powershell and avoid the popup window if you Target the computer settings only:

    `Invoke-GPUpdate -Computer “computername” -RandomDelayInMinutes 0 -Target Computer`

    Also, the GPMC Update… dialog will cause the GPUpdate window to appear if any policies have a user settings that isn’t disabled (I think).

    Reply
  3. Hey, good article. i want to update Computer settings for a list of computers, how can i achieve that? what is the format?

    Reply
  4. Hello,
    Thank you for this article.
    What happens with computers that are off-line when the command is issued? Will they get it when they go online? If not, is there a way to ‘wait’ for computers to be online? That is, to run the update as soon as they go online.
    Thanks

    Reply
  5. What happens if the computer is not online? Will this “wait” for it to come online or do I need to run this sporadically hoping that eventually I’ll catch them all? Reason is that due to the Corona Virus all employees work from home and they may or may not open their VPN to connect to the office network. However when they do, I’d like to push a new policy.

    Reply
    • It will fail if the computer is not online. You would need a 3rd party tool or a GPO start script to accomplish this.

      Reply
  6. Invoke-GPUpdate -Computer COMPUTER02 -RandomDelayInMinutes 0

    1. If user hary log into COMPUTER02 , and my account is alex , then I run above command on my computer, it will update the computer policy settings on COMPUTER02 for sure, but the question is: it will update the user of harry’s policy settings or my account alex’s policy settings on COMPUTER02 (let’s say my account also log into COMPUTER02 before)?

    Above question comes from bellow experience:
    when I run cmd as administrator on local computer ,then run gpupdate /force in cmd, it will update computer policy setting and current user’s policy setting.

    2. how to get policy report (like gpresult /r) for a user on a remote computer ? As I just will get myself gpresult if I run gpresult/r on target computer. but I need to get the report for other online user on target computer.

    BR

    Reply
    • 1: this cmd is meant for GPO update for the entire machine policies not a users based polcies, you want to apply it for one user you can add -Target “User” at the end of cmd.
      2: Use Group policy modeling.

      Reply

Leave a Comment