Bobcares
Client Area
Emergency Support
Latest | Server Management

Updating Group Policy Settings on Windows Domain Computers

by | May 23, 2021

Updating Group Policy Settings on Windows Domain Computers is a good practice.

As part of our Server Management Services, we assist our customers with several GPO queries.

Today, let us see how to update Group Policy (GPO) settings on Windows computers in an Active Directory domain.

 

Updating Group Policy Settings on Windows Domain Computers

Moving ahead, let us have a look at how our Support Techs update Group Policy settings.

Change Group Policy Refresh Interval

Before we apply the new settings in a local or domain Group Policy (GPO)  to Windows clients, the Group Policy Client service must read the policies and make changes to the Windows settings. This process is a Group Policy Update.

GPO settings update when the computer boots and the user logs on. It refreshes automatically in the background every 90 minutes + a random time offset of 0–30 minutes.

We can change the GPO update interval via Computer Configuration -> Administrative Templates -> System -> Group Policy section of the GPO.

Then we enable the policy and set the time (in minutes) for the following options:

  • This setting allows you to customize how often Group Policy is applied to computers (0 to 44640 minutes). If we set 0 here, the policies will update every 7 seconds;
  • This is a random time added to the refresh interval to prevent all clients from requesting Group Policy at the same time (0 to 1440 minutes).

 

GPUpdate.exe Command to Force Refresh GPO Settings

Almost all administrators use the gpupdate /force command to update Group Policy settings on a computer.

The command forces the computer to read all GPOs from the domain controller and reapply all settings. Hence, when we use the force key, the client connects to the domain controller to retrieve the files for ALL policies targeting it.

A simple gpudate command without any parameters only applies new and changed GPO settings.

A successful update will show a message like this:

Updating policy...
Computer Policy update has completed successfully.
User Policy update has completed successfully.

We can update only the user’s GPO settings:

gpupdate /target:user

Or only the computer’s policy settings:

gpupdate /target:computer /force

However, if we cannot update some policies in the background, gpupdate can log off the current user:

gpupdate /target:user /logoff

Or restart a computer:

gpupdate /Boot

 

A Remote GPO Update from the Group Policy Management Console (GPMC)

In Windows Server 2012 and newer, we can update Group Policy settings on domain computers remotely using the GPMC.msc.

Then after any alter in settings, or creating and linking a new GPO, we need to right-click the Organizational Unit (OU) we want in the GPMC and select Group Policy Update in the context menu.

In a new window, we can see the number of computers with GPO. Confirm the force update of the policies by clicking Yes.

Then the GPO will remotely update on each computer in the OU one by one. Hence, we will get the result with the group policy update status on the computers.

This feature creates a task in the Task Scheduler with the GPUpdate.exe /force command for each logged-on user on the remote computer.

We see the message, ‘The remote procedure call was canceled. Error Code 8007071a’ if the computer is turned off or a firewall blocks access to it.

 

Invoke-GPUpdate: Force Remote Group Policy Update via PowerShell

In addition, we can call the remote GPO update on computers using the Invoke-GPUpdate PowerShell cmdlet.

For example, to remotely update user policy settings on a specific computer, we can run:

Invoke-GPUpdate -Computer "frparsrv12" -Target "User"

If we run this cmdlet without any parameters, it will update the GPO settings on the current computer.

Together with the Get-ADComputer cmdlet, we can update GPO on all computers in a specific OU:

Get-ADComputer –filter * -Searchbase "OU=Computes,OU=Mun,OU=DE,dc=woshub,dc=com" | foreach{ Invoke-GPUpdate –computer $_.name -force}

Or on all computers meeting the specific requirement:

Get-ADComputer -Filter {enabled -eq "true" -and OperatingSystem -Like '*Windows Server*' }| foreach{ Invoke-GPUpdate –computer $_.name –RandomDelayInMinutes 10 -force}

If we run the Invoke-GPUpdate cmdlet remotely or update GPO from the GPMC, we may find a console window with the running gpupdate command on a user desktop for a while.

[Finding it hard to figure? We’d be happy to assist]

 

Conclusion

In short, we saw how our Support Techs update Group Policy Settings on Windows Domain Computers.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Copy Files or Folders via GPO
  2. Disable NetBIOS and LLMNR Protocols in Windows Using GPO
  3. Hardening Windows Using Microsoft Security Baseline
  4. Rsync from Linux to Windows share – How to transfer

Never again lose customers to poor
server speed! Let us help you.

GET STARTED