Solved

Force GP Update from Server to all clients

Posted on 2006-10-19
15
11,392 Views
1 Endorsement
Last Modified: 2012-06-22
How can I from the server push Group Policy updates right away on all client machines?
1
Comment
Question by:LeviDaily
15 Comments
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 250 total points
ID: 17771430
As far as I know, there is no ways to do that from the DC (server) side.
Gpupdate on 2003 and secedit in 2000 can force it from the client-side.
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 17771749
So the only way clients can update is by restarting the computer twice right? Where is the time interval for how often group policy updates clients?
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17771843
0
ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

 
LVL 2

Expert Comment

by:geoffcashmoney
ID: 17772207
If you want to update a client, as DireOrbAnt says, then you just go to the command prompt on a client and type in gpupdate /force (for Windows XP) or use Secedit if its a Windows 2000 machine. To see if the policy has updated type gpresult. This will show you all the policies being applied to the computer. Note that for some policy changes to take effect the client pc will have to be restarted.

GCM.
0
 
LVL 2

Expert Comment

by:richencoo
ID: 17772378
I agree with previous comments that GPO refresh can only be forced manually from the Client side.

By default GPOs for computers are refreshed every 90 minutes, with random offset of 0-30 minutes. So in theory default seetings should see the GPO refreshed at most 2 hours after it is saved on the DC (assuming client machines are running).

You can set the refresh interval in the GPO itself:
Computer Configuration\Adminstrative Templates\System\Gorup Policy
Group Policy refresh interval for Computers

Be careful with setting this interval too short in case it increases network traffic and slows down PCs etc.
0
 
LVL 9

Assisted Solution

by:Krompton
Krompton earned 250 total points
ID: 17773040
Sysinternals.com provides a free tool called PSEXEC.exe that can be run from the server and would allow you to execute the "gpupdate /force" command (or any other command) to be executed on one or more remote clients. Very useful tool as are many others from sysinternals. (It will occasionally flag your virus software since it could be used for less than legit purposes if someone wanted.)

Before you do this consider the effects on your network of having all your clients updating policy at once. Depending on the number of policies and clients you have can cause serious bandwidth issues at minimum. That is why the there is a default refresh and offset rate as richencoo mentioned.

But if you really need it refreshed NOW this tool will accomplish for you.

Cheers
Krompton
0
 

Expert Comment

by:ericthyred
ID: 17774416
Depending if the GPO affects the Computer Configuration of the User Configuration you will have to restart or just logoff.

0
 
LVL 1

Expert Comment

by:uthistha
ID: 17774876
I am assume that you are running the windows 2003 server and need assistance to know more about the GPO replication.

Once you create a GPO on the server you can expect it to be automatically updated to all the servers. If you want to perform the force replication there are a few steps you can perform if the replication is within the site then try repadmin/syncall & repadmin/kcc.

If its across the site then you can open the replmon and force to all DC's across the site.

You can go through the weblink.
http://support.microsoft.com/kb/203607/en-us
http://support.microsoft.com/kb/283312/en-us 

Best of luck :)
0
 
LVL 2

Expert Comment

by:sphbecker
ID: 17775055
In general AD works by the clients requesting a configuration from the server, not the other way around.  You cannot force the client to do anything until it checks in to get its Group Policy updates.  By default the GP background refresh will run on all computers, so as of now your new policy is probably on your workstations.  Some policies do not take effect until reboot/logon, so you may just need write batch script to reboot all the computers tonight.
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 17777706
How would I write a batch script to restart all computers tonight?
0
 
LVL 2

Expert Comment

by:sphbecker
ID: 17777819
The easist way is to do a brute force batch, not a true script.  The command is very easy:
shutdown -r -f -t 180 -m computername

You can use Excel to copy/paste the first part of that command (everything but the computer name) into column A and a list of your computers into column B.  Then do save as and choose Text (Tab delimited) and name the file whatever.bat.

If you need a list of computers you could type
dsquery computer domainroot -o samid -limit 1000 > c:\computers.txt
and open that file with Excel (do a find/replace to remove all $).  Make sure you remove any servers you don’t want restarted and whatever workstation/server will be running the script.

The batch file needs to be run on a computer logged in with Domain Admin rights, and make sure the script doesn’t try to restart the computer it is running on :-)

This batch file will take a long time to run because when it hits a computer which is not on the network it will have to wait and time-out.  Like I said, this isn’t a real script, it is more a down and dirty mass spaming batch file.  You could come up with a more sophisticated VBS script, but its Friday, that’s too much to ask.
0
 
LVL 2

Expert Comment

by:sphbecker
ID: 17777837
Edit:   If you add the word start before each shutdown command it will allow each line to start before the pervious finishes.  This will allow the script to run more quickly and will create a nice show of flashing command prompt windows as it runs.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question