Gpupdate command is used to update Group policies in Windows operating system Domain. There are different options to use with the gpupdate but one of the most used option is /force which will reapply all policy settings. This command will give you a snapshot of the most important data when troubleshooting group policy such as applied group policy objects for both the computer and user accounts, OU info, security groups, domain controllers serving the policies, last time policy was applied, etc A typical output for the above command looks like this.
Introduction
In this option this batch file will be scheduled and not gpupdate and shutdown/restart will not start until gpupdate is done Option 2 Create this in a batch file Rem GP-Update.Bat:gpupdate /force Shutdown -f -r -t 120 Now create a scheduled task to run this batch file. Via Command Prompt: For other switches as displayed on the image above, here are some descriptions. Gpupdate /force /LogOff: Here, certain GPOS, such as Folder Redirection, can’t apply in the background. If a logoff is required, this switch will initiate it.
I needed to script a gpupdate /force and target a group of machines in an OU. The reason I wanted to script this is because I wanted to run the force in real time and also wanted to be sure that it ran successfully on the target machines. This seemed like the best idea and seemed a better option than waiting for the policy to update and hoping it applied the updated policy registry on all systems and worse yet, needing to run reports and troll through the results.
Over the last several years, I have been lucky enough to not rely on Group Policy all that much. With tools like RES ONE and AppSense at my disposal and the fact I have been pretty application focused, Group Policy has been last resort in most environments.
Imagine my delight when I realized I didn’t need to script this!! I found a helpful article and thought I found the holy grail. An option within the Group Policy Management Console within Server 2012 that not only can force the update but also return the results! Eureka!!
In this post I will go through how to remotely execute gpupdate on all systems in an OU using Group Policy Management but importantly, in my conclusion, I will detail why you should use caution when leveraging this feature!
How to Force GPUpdate on an OU from Group Policy Management Console
On Server 2012 or with newer versions of RSAT on your desktop, open Group Policy Management
Browse to the OU which you would like to force the gpupdate for, right click and click on Group Policy Update…
If you are deploying to one or two machines, you’ll just receive a confirmation message. When deploying to several machines you will receiving a warning about possibly straining network resources. If you are daring enough to proceed, click Yes. (I wouldn’t be worried about running it for a few hundred machines but again, check my conclusion at the bottom of this post before proceeding)
As the update runs on the machines, the results will populate. If you get any failures, you will want to investigate on that failed machine.
Cmd Gpupdate Force
Conclusion
But Yarrrrrr….let this be a cautionary tale…and also a brain dump for myself to serve as a reminder to never ever do this on machines in a production environment! I got pretty lucky, I ran this against some systems in a non-production environment.
On machines that got the update, the gpupdate ran interactive so the users on the machines at the time saw this prompt which could look like an issue. It’s not in this instance, my updated policy did successfully take hold but the fact this didn’t run silently makes the feature pretty useless for my future use and I would suggest that you only use it in your own home lab or sandbox environment.
If you would like to ensure that the gpupdate run silently, you could change to refresh interval or script this using vbscript, PowerShell and even use PSEXEC.
I think this feature could be pretty useful, if you could be assured the update would run silently on the endpoints. Of course, in most situations you can likely just wait for the refresh interval but sometimes you may want an update to run before you can progress your work. What do you think? If you agree, please up vote this feature request on UserVoice here: User Voice for Group Policy Update Feature in Server 2016.
Cmd Gpupdate Silent
Get the App-V Decison Matrix and Interactive Tool.
See what the right deployment option for your applications is.