In this article, I will show you how to update group policy on remote computers using different methods. You can use any of these methods for remotely updating group policy.
Every 90 minutes, the domain-joined PCs will update group policies in the background. In addition, when the computer starts up, group policy is updated. Learn how to modify the group policy refresh interval for Windows computers.
The command gpupdate /force is used to force the update of group policies that are applied by your company. It will be difficult to update group policy on a remote computer, though.
If you are a system administrator, you may have experienced that not all users are tech-savvy. Explaining to the users how to run a gpupdate on their computers is challenging and time-consuming.
There are instances when you make adjustments or add new Group Policy Objects (GPOs) and you require the changes to take effect right away. In such situations, you should know how to run the gpupdate on remote computers without relying on users to do that.
What happens with computers that are offline when you run the group policy update? The computers would be skipped because they are offline however when the computer is back online, the group policy will auto-refresh.
In the next section, we’ll discuss different methods that you can use to update the group policy on remote computers. There are many tools that you can use to run a gpupdate on computers.
Method 1: Manually Update Group Policy on a Computer
All versions of the Windows operating system include the Microsoft command-line tool gpupdate. Group policy objects (GPOs) are applied on designated Active Directory computers under the management of this utility.
You can use this procedure to manually refresh Group Policy on the local computer. Launch the command prompt as an administrator and run the gpupdate /force command to manually update group policy on a local computer.
C:\Windows\system32>gpupdate /force Updating policy... Computer Policy update has completed successfully. User Policy update has completed successfully.
Both user and computer policy settings will be refreshed.
Method 2: Using the Group Policy Management Console to Run GPUpdate
You can run gpupdate on remote computers using the Group Policy Management console. This method works on Windows Server 2012 and later versions. You can run a group policy update on a single OU or even multiple OUs.
Launch the Group Policy Management Console. Right-click an OU on which you want to perform the group policy update and, from the list of options, select Group Policy Update.
You should now see a Force Group Policy update window. If you click Yes, both the User and Computer policy settings will be updated. Are you sure you want to update the policy for these computers? Click “Yes” to force a group policy update.
Note that the GPUpdate will be run on all the computers that are part of this organizational unit. The machines have to be online to run the gpupdate remotely.
In this step, the group policy update will be forced on all computers within the selected OU and subcontainers within the next 10 minutes. Both user and computer policy settings will be refreshed. The computers that have updated the GPOs successfully are displayed in the Remote Group Policy update results window.
Method 3: Using PowerShell to Invoke-GPUpdate
You can trigger a GPUpdate on remote computers using the PowerShell command Invoke-GPUpdate. This command schedules a remote Group Policy refresh on the specified computer. To run the Invoke-GPUpdate command, you will need PowerShell installed along with Group Policy Management Console (GPMC).
Invoke-GPUpdate -Computer corpm1 -RandomDelayInMinutes 0
In the above command you must replace the name of the computer with the remote computer name and run it. The RandomDelayInMinutes 0 specifies the delay. Setting it to value 0 will update group policy immediately without any delay.
Note: When you run this command, the remote clients will get a CMD screen pop-up notifying you that there is a group policy update.
You can run Invoke-GPUpdate on multiple computers using PowerShell using the below command. The below commands will contact every computer in the AD domain, put them into a variable, and run the commands for each object in the variable.
$computers = Get-ADComputer -Filter *
$computers | ForEach-Object -Process {Invoke-GPUpdate -Computer $_.name -RandomDelayInMinutes 0 -Force}
Method 4: Run Group Policy Update using Right Click Tools
Right Click Tools by Recast Software is a popular console extension for Configuration Manager. RCT provides security and compliance dashboards, client tools, console tools, a remote software center and numerous utilities that can save IT admins countless hours.
In a separate article, I have covered the steps for installing RCT console extension for Configuration Manager. Once you install the RCT console extension, you get access to several tools within the SCCM console based on the edition that you are licensed for.
One such feature or option in Right Click Tools is the ability to perform Group Policy Update on remote computers from the Configuration Manager console. You can refresh group policies on a single device or even for the entire device collection.
To perform Group Policy update using Right Click Tools, launch the Configuration Manager console. Right-click a device or a device collection and select Right Click Tools > Console Tools on Collection > Group Policy Update.
A new Group Policy Update window pops up and here you can select which policies to update. You have two options: Update Machine Policy and Update User Policy. Click Start to begin the group policy update.
The machines have to be online for the group policy refresh to occur successfully. The RCT group policy update tool will attempt to run the gpupdate on every machine and succeeds when the remote computer is online.
The RCT Gpupdate tool’s best feature is its ability to display the computer names for both those on which the group policy update was successful and those on which it failed or was unsuccessful. You can rerun the group policy update tool if you believe the machines are back online.
Method 5: Using SCCM to Update Group Policy on Remote Computers
Configuration Manager has an integrated ability to run PowerShell scripts. You can run a simple script from the SCCM console and update the group policy on remote computers. Learn how to create and run scripts in Configuration Manager.
To run PowerShell scripts, the client must be running PowerShell version 3.0 or later. The Configuration Manager clients must be running the client from the 1706 release, or later in order to run scripts.
Go to Software Library > Overview > Scripts and create a new script. On the Script Details window, specify the name of the script, a brief description and enter the script as gpupdate /force. Click Next and complete the Create Script wizard.
When you add a new script in SCCM, you must approve it. Select the GPupdate script and Approve it. The approval state now changes from waiting for approval to Approved.
Right-click a device collection or a single device and select Run Script.
In the Run Script window, select the Group Policy Update script and click Next to complete the wizard. The script now runs the group policy refresh on every computer that is online, and the results are displayed in the Script Status Monitoring window.
Still Need Help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.