2021 Annual Petri Reader Survey - We want to know what's important to you! 2021 Annual Petri Reader Survey - We want to know what's important to you!
Windows Server 2012

Forcing a Remote Group Policy Update with GPMC

How do I force a remote Group Policy update in Windows Server 2012?

Group Policy settings refresh automatically every 90 minutes, with a random offset of 0 to 30 minutes so that not all computers in the domain refresh their Group Policy settings at the same time. If you want to apply new Group Policy settings without waiting for the next scheduled refresh, you can force an update by running the gpupdate command line tool locally.

Windows Server 2012 Group Policy Management Console (GPMC) has a new feature that allows administrators to remotely force a Group Policy refresh on all computers in an Active Directory (AD) Organizational Unit (OU). Additionally, there’s also a new PowerShell cmdlet (Invoke-GPUpdate) that allows you to do the same thing programmatically, with the advantage of being able to target the default Computers container.

Configure Windows Firewall to allow a remote Group Policy update

First we need to configure Windows Firewall across our network to support the ability to remotely refresh Group Policy.

  1. Logon to Windows Server 2012, or Windows 8 if you have the Windows Server 2012 Remote Server Administration Tools (RSAT) installed.
  2. Open Server Manager from the desktop Task Bar or Start screen.
  3. Open Group Policy Management from the Tools menu in Server Manager.
  4. In the left pane of GPMC, expand your AD forest, domain, and select Starter GPOs.
  5. In the right pane of GPMC, if you don’t see a list of Starter GPOs for your domain, click Create Starter GPOs Folder.
  6. Now in the left pane of GPMC, right click your AD domain and select Create a GPO in this domain, and Link it here… from the menu.
  7. In the New GPO dialog, name the GPO GPO remote update Windows Firewall settings, select Group Policy Remote Update Firewall Ports under Source Starter GPO and click OK.
  8. In the left pane of GPMC, click on your AD domain. In the right pane, switch to the Linked Group Policy Objects tab. Click the new firewall settings GPO in the list and using the arrows on the left, move it up in the link order above the Default Domain Policy.

GPO link order in GPMC

Force a remote Group Policy update

Once the new GPO is linked to your domain, you’ll need to wait for Group Policy to refresh on all devices to which it applies before you can reliably force a remote update using GPMC.

To force a Group Policy update on all computers in an Organizational Unit (OU) using GPMC:

  1. Right-click the desired OU in GPMC and select Group Policy Update from the menu.
  2. Confirm the action in the Force Group Policy Update dialog by clicking Yes.

Check the results in the Remote Group Policy update results window.

Remote Group Policy Update Results

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (2)

2 responses to “Forcing a Remote Group Policy Update with GPMC”

  1. Group Policy Changes: Windows Server 2012, Windows 8 Part 1-2-3 | Hany Abd El-Wahab | let's Try

    [...] https://petri.com/force-remote-group-policy-update-gpmc.htm# Share this:TwitterFacebookLike this:Like Loading... Categories: Active Directory, Windows 8, Windows Server 2012 Tags: active directory, AD, Backup EXEC, event viewer, Group ploicy, hany AbdElwahab, Microsoft. print server, symantec, Win2k12 AD, windows server, Windows Server 2012 Active Directory Comments (0) Trackbacks (0) Leave a comment Trackback [...]
  2. Lucas Gustavo

    Now, it only is important to buy that on a reliable store, like Buysoft (http://www.buysoft.com.br) or Best Soft.

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.