<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

GPUpdate vs GPUpdate /force

Published on
15,770 Points
9,570 Views
2 Endorsements
Last Modified:
Approved
When I first started learning about Active Directory, Group Policy always seemed very fickle. Sometimes I could run GPUpdate, other times I had to run /force.          

Clearly, GPUpdate will work!
As it turned out, Group Policy was always working -  I just didn't understand it. So what's the difference between GPUpdate and GPUpdate /force?

Well -

GPUpdate: Applies any policies that is new or modified

GPUpdate /force: Reapplies every policy, new and old.


So which one should I use?

99% of the time, you should only run gpupdate. If you just edited a GPO and want to see results immediately, running gpupdate will do the trick. In fact, running GPUPdate /force on a large number of computers can be damaging to your career. This is because these machines will hit a domain controller and revaluate every GPO applicable to them.


Anything else?

Since you asked, why yes there is! GPUpdate has a few other options for you to use.

/LogOff: Certain GPOS, such as Folder Redirection, can't apply in the background. If a logoff is required, this switch will initiate it.

/Boot: If a policy, such as software installation, needs to be applied - the boot command will reboot the machine.

/Sync: Useful for changing the foreground (startup/logon) processing to synchronous.


...Enlightening...

Sarcasm aside, yes it is! You probably noticed a lack of remote support with GPUpdate. To address this, Microsoft introduced the Invoke-GPUpdate cmdlet in Server 2012/Windows 8.

Here is an example show a remote GPUpdate.

Invoke-GPUpdate -Computer COMPUTERNAME -Force

Open in new window


or

$Computers  = Get-AdComputer -SearchBase "OU=Brunswick, DC=Test,DC=local" -Filter *

Foreach ($Computer in $Computers) {invoke-gpupdate -Computer $Computers.Name}

Open in new window



Got an easier way?

The example above might not be the most practical way of initiating a GPUpdate. Knowing this, Microsoft included the ability to start a GPUpdate remotely in the Server 2012/Windows 8 version of Group Policy Management Console.

The Remote GPUpdate Command
As you can see in the picture above, right clicking on any OU will allow you to trigger a remote GPUpdate. Microsoft provided a little security with this tool by not allowing a GPUpdate at the domain level.


GPUpdate seemed like such a simple tool. As you now know, it is very powerful and completely customizable to your situation and environment. So the next time you see an administrator running an unwarranted gpupdate /force, explain the differences and let your domain controllers take a breather!

This article first appeared on my blog, DeployHappiness If this article helped you, be sure to vote it helpful (and, there are more Articles on my blog.)
2
Comment
0 Comments

Featured Post

Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Join & Write a Comment

This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month