Solved

Group Policy Update question

Posted on 2013-10-25
5
330 Views
Last Modified: 2013-11-16
I need users to have their computer's updated by a central AD group policy setting. Would you be able to force a GP update on all user computers via a script or your software? I'd rather not have users typing gpupdate /force etc.

Please let me know if anyone has any ideas on this?
0
Comment
Question by:CRL ltd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39599976
Group policies auto-refresh. You can use gpupdate to force a refresh, and that is helpful during testing, but usually it isn't required to script it or force end users to refresh. Just let it happen as it was meant to.
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39599995
I use SpecOps GP Update; the free version can do so also:
http://www.specopssoft.com/products/specops-gpupdate-professional
Since I need to run gpupdate on demand (I think you need that too), select the necessary computers in active directory users and computers MSC, right click and run it from context  menu.
It can also do WOL, shutdowns and WSUS updates in the free version- really handy.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39600055
GPOs are updated every 90 minutes with a random offset of up to 30 minutes.  If this is not acceptable in your environment then you could lower it (I wouldn't lower it less than 60).

If you want on-demand GPO updates then use the freeware from SpecOps.
0
 
LVL 3

Expert Comment

by:violageek
ID: 39602682
If you are using Server 2012 (R2), GP refresh is buit-in to the Group Policy Management console. Just right click on the OU where your users/computers reside and you will see the option to send the group policy refresh.

For earlier versions you can also force it by using GPUPDATE itself with switches like:

gpupdate /targer:ComputerName /force

You can also use powershell to automate it for all machines under a certain OU by something like:

Get-ADComputer –filter * -Searchbase "OU=Workstations, DC=YOURDOMAIN,dc=COM" | foreach{ Invoke-GPUpdate –computer $_.name -force}

Another alternate is PsExec which is used to invoke any command on a remote machine (with proper firewall settings applied). Specops will be the best option if you want something software based.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39606348
By default, computer Group Policy is updated in the background every 90 minutes.see this for more details:http://technet.microsoft.com/en-us/library/cc940895.aspx.

There are certain gpo which requires reboot of client computer if the policy is applied at computer level or relogin if the policy is applied at user level.Sometimes just running gpupdate will not work.

What policy you have applied?Are the policy not working kindly provide more info.

Also suggested by violageek Win2012 has new feature where gpupdate can be excuted from GPMC but it seems you dont have Win2012 server.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question