Solved

GPUdate /force

Posted on 2013-06-14
11
613 Views
Last Modified: 2013-07-15
I have about 50 machines so far (actually over 1200 in total) in an OU.  I need a way to run gpupdate /force remotely so I can refresh the policy.  I tried Psexec and although it looks like it works, when I run Group Policy Results the new policy isn't showing up.
0
Comment
Question by:WellingtonIS
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 23

Expert Comment

by:ComputerTechie
ID: 39249642
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39250044
Bear in mind that Gpupdate only reapplies any group policy objects and ensures they're up to date.  It does not check to see if the computer account or user account have recently moved and therefore now come under the influence of a different set of group policies.  Don't let this catch you out!
I'm not sure which OS process governs the workstation discovering the GPO list.  I imagine it's the initial Logon process itself.

PSExec ought to work if you're expecting existing GPOs to have their newest settings deployed to PCs.  What syntax did you use?  The assumption of course is that your AD replication infrastructure is healthy and therefore all the DCs have copies of the updated GPOs.  MS have an excellent new AD Replication Status Tool you can download.

There's also the issue of parts of policy not applying over slow links to think about and whether you've taken into account your security and WMI filtering config, blocked inheritance, loopback processing etc etc!
0
 
LVL 10

Expert Comment

by:Tony Barkdull
ID: 39250472
There should be 2 logins until a new Group Policy is applied, after first, policy is downloaded (after login) and applied after second login. Both can be just a logoff and login again or reboots.
0
 
LVL 4

Expert Comment

by:TechOps07
ID: 39250780
You can use PowerShell to Invoke the Gpupdate command.

Invoke-Command -ComputerName "ComputerName" {gpupdate /force}

You obviously want to create it as a script for the numerous machines.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 39251482
In a way if all machines are restarted they would automatically at next user login GroupPolicy will be updated

- Rancy
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:WellingtonIS
ID: 39271609
1st:
Bear in mind that Gpupdate only reapplies any group policy objects and ensures they're up to date.  It does not check to see if the computer account or user account have recently moved and therefore now come under the influence of a different set of group policies.  Don't let this catch you out!
I'm not sure which OS process governs the workstation discovering the GPO list.  I imagine it's the initial Logon process itself.

Usually when I do a GPupdate /force via the machine it does fill in the new gpo's I'm seen this myself.
I tried the powershell but that's doesn't seem to be working.
Here's the error
PS C:\> Invoke-Command-wrmdegy01 "wrmdegy01" {gpupdate /force}
The term 'Invoke-Command-wrmdegy01' is not recognized as the name of a cmdlet, function, script file, or operable progr
am. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:25
+ Invoke-Command-computername <<<<  "comutername" {gpupdate /force}
    + CategoryInfo          : ObjectNotFound: (Invoke-Command-wrmdegy01:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
0
 
LVL 23

Expert Comment

by:ComputerTechie
ID: 39271642
I update our machines as needed by using psexec and the following command. Psexec -i -s \\* gpupdate.exe / force

 This works well and when I need one machine I just change the * as needed.

You can get psexec from Microsoft download site.

CT
0
 

Author Comment

by:WellingtonIS
ID: 39271657
Psexec -i -s \\*?  does the star represent everyone on the domain? I can't do that since I'm part of an OU in a bigger domain.  Unless there's someway of designating the OU only.
0
 
LVL 10

Expert Comment

by:Tony Barkdull
ID: 39288359
Check in the Event log for any WMI errors. If you do find them, you will need to run a repair on the WMI subsystem. I'd use option 3 on this page. You will need a CD or an accessible network location with the Install files.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 39288672
Filling in some gaps from above:

Your PowerShell didn't work as you missed a space.  I'll add extras here for clarity:
Invoke-Command   -ComputerName   wrmdegy01   -ScriptBlock   {gpupdate}

BUT, the above will only work if all your PCs have PowerShell 2 or above and are enabled for PSremoting.  If you do have this sort of infrastructure, then there is more PowerShell stuff you can use to get the computers in an OU and pass them all to Invoke-Command.

Server 2012 lets you force a policy refresh against an entire OU natively within GUI tools.

With PSExec, "*" does indeed mean all computers in the domain!
0
 

Author Closing Comment

by:WellingtonIS
ID: 39327466
this worked thanks
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Computer crashes on daily bases need help to find the cusses 24 92
Windows Update 22 144
forgot pst password 2 40
IE11 Crashing - Appears Company Wide 7 21
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now