GPUpdate vs GPUpdate /force

Joseph MoodyBlogger and wearer of all hats.
CERTIFIED EXPERT
Published:
When I first started learning about Active Directory, Group Policy always seemed very fickle. Sometimes I could run GPUpdate, other times I had to run /force.          

Clearly, GPUpdate will work!
As it turned out, Group Policy was always working -  I just didn't understand it. So what's the difference between GPUpdate and GPUpdate /force?

Well -

GPUpdate: Applies any policies that is new or modified

GPUpdate /force: Reapplies every policy, new and old.


So which one should I use?

99% of the time, you should only run gpupdate. If you just edited a GPO and want to see results immediately, running gpupdate will do the trick. In fact, running GPUPdate /force on a large number of computers can be damaging to your career. This is because these machines will hit a domain controller and revaluate every GPO applicable to them.


Anything else?

Since you asked, why yes there is! GPUpdate has a few other options for you to use.

/LogOff: Certain GPOS, such as Folder Redirection, can't apply in the background. If a logoff is required, this switch will initiate it.

/Boot: If a policy, such as software installation, needs to be applied - the boot command will reboot the machine.

/Sync: Useful for changing the foreground (startup/logon) processing to synchronous.


...Enlightening...

Sarcasm aside, yes it is! You probably noticed a lack of remote support with GPUpdate. To address this, Microsoft introduced the Invoke-GPUpdate cmdlet in Server 2012/Windows 8.

Here is an example show a remote GPUpdate.

Invoke-GPUpdate -Computer COMPUTERNAME -Force

Open in new window


or

$Computers  = Get-AdComputer -SearchBase "OU=Brunswick, DC=Test,DC=local" -Filter *
                      
                      Foreach ($Computer in $Computers) {invoke-gpupdate -Computer $Computers.Name}

Open in new window



Got an easier way?

The example above might not be the most practical way of initiating a GPUpdate. Knowing this, Microsoft included the ability to start a GPUpdate remotely in the Server 2012/Windows 8 version of Group Policy Management Console.

The Remote GPUpdate Command
As you can see in the picture above, right clicking on any OU will allow you to trigger a remote GPUpdate. Microsoft provided a little security with this tool by not allowing a GPUpdate at the domain level.


GPUpdate seemed like such a simple tool. As you now know, it is very powerful and completely customizable to your situation and environment. So the next time you see an administrator running an unwarranted gpupdate /force, explain the differences and let your domain controllers take a breather!

This article first appeared on my blog, DeployHappiness If this article helped you, be sure to vote it helpful (and, there are more Articles on my blog.)
2
12,697 Views
Joseph MoodyBlogger and wearer of all hats.
CERTIFIED EXPERT

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.