Updating Group Policies with GPUpdate and GPUpdate /Force

Home > Blogs > Windows Server 2012 > Updating Group Policies with GPUpdate and GPUpdate /Force

Updating Group Policies with GPUpdate and GPUpdate /Force

Like This Blog 1 Mike Danseglio
Added by November 10, 2014

I teach several classes that cover Windows deployment, operations, and troubleshooting. Most of the content I teach is focused on enterprise environments – that is, generally, more than 5,000 systems. At that scale centralized IT management is a requirement, not an option. And the cornerstone of centralized computer configuration management in Windows are Active Directory and Group Policy.

Many of my students relate stories of making changes to Group Policy settings. Usually the story goes something like, “We needed to change the screensaver timeout period to kick in after 5 minutes for the HR department. So I edited the Group Policy and under User Configuration, Administrative Templates, Control Panel, Personalization, I set the ‘Screen saver timeout’ to 600 seconds. Then I ran GPUpdate /force on the HR computers to get the setting.” A common alternate ending to that story is replacing the GPUpdate /force command with rebooting the computer.

Neither rebooting the computer nor running GPUpdate /force are necessary.

Group Policy Updates Itself

Yup, the Group Policy service on all domain-joined client computers regularly checks with Active Directory to see if anything has changed. If new or changed policies exist, they are applied to the computer. By default, Group Policy updates every 60 to 120 minutes, as well as during system startup. This is a configurable setting, but in my experience most IT shops don’t need it to be any shorter or longer. Background refresh can also be disabled, but this is also rarely done in an organization that actively uses Group Policy for configuration management.

That means the changed screen saver timeout setting, like all other Group Policy changes, will apply to all target computers within 2 hours without any further action. If the setting isn’t mission-critical (and most aren’t) you should not do anything further with the client computers.

Forcing Group Policy to Update Immediately

When considering how to make the Group Policy changes to apply immediately you should consider these points:

  • Please don’t do this. You’re causing unnecessary overhead to client computers and domain controllers. Group Policy is designed to do it for you automagically.
  • If you must, just use GPUpdate. GPUpdate scans for new and changed settings and applies only those changes.
  • Don’t use GPUpdate /force. Adding the /force switch causes the Group Policy service to reprocess all policies, not just the changes. This is more taxing to the domain controllers and the client computers, and is only required when you believe there’s a problem with Group Policy applying correctly. No problem = no /force.
  • You don’t need to reboot the computer to have Group Policy apply unless you’ve made a change that can only be applied on startup.

To be clear, using GPUpdate /force is quite helpful as a troubleshooting tool when there’s a problem downloading or applying policy. But it’s the wrong tool for its most common use: immediately applying a setting change.

Videos You May Like

A Simple Introduction to Cisco CML2

0 3852 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Cable Testers and How to Use them in Network Environments

0 713 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments

Government Edition – Encrypting a USB Flash Drive in Windows 10

0 272 2

In this video, Security Instructor Mike Danseglio demonstrates how to use BitLocker in Window 10 to secure files on a USB Flash drive that adhere to stricter data protection requirements as found inside Government entities. BitLocker 2-day instructor-led training is now available at Interface: BITLOCK: Planning and Deploying BitLocker Drive Encryption Training Video Transcription: Hi. … Continue reading Government Edition – Encrypting a USB Flash Drive in Windows 10

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.