The command gpupdate /force
is used to force the update of group policies that are applied by your company. Changes made in the Group Policy are not applied immediately but after 90 mins by default (with a ~30 min offset to spread the load). By using the GPUpdate command we can force the update.
Group Policies are used to change security settings and for system management (like deploying printers or mapping network drives). For troubleshooting IT problems, it’s sometimes necessary to update the group policy manually.
How force group policy update
- Press Windows key + X or right-click on the start menu
- Select Windows PowerShell or Command Prompt
3. Type gpupdate /force and press enter
Wait for the Computer and User policy to update
4. Reboot your computer
A reboot is necessary to be sure that all settings are applied.
GPUpdate vs GPUpdate Force command
The gpupdate /force command is probably the most used group policy update command. When you use the /force
switch, all the policy settings are reapplied. For most use cases this is perfectly fine, but keep in mind, when you have a lot of group policies objects (GPO) or in a large environment, using the /force will put a huge load on the domain controllers.
If you have a large tenant or a lot of GPO’s, then it’s better to only run gpupdate without the /force
switch to apply new policy settings. This will get only the changes or new group policies, reducing the load on the client and domain controllers.
# Reapply all policies gpupdate /force # Get only the changed / new group policies gpupdate
Update only user or computer group policies
If you have a large environment or need to update the group policies on a lot of computers at the same time, then it can be useful to only update what is needed. This will reduce the load on the domain controllers and it’s of course faster.
To do this you can use the /target
switch. This allows you to update only the user or computer GPO’s.
# Update only the user policies gpupdate /target:user # Update only the computer policies gpupdate /target:computer
Automatically reboot or logoff after GPUpdate
Not all policy changes are applied immidiately. Due to Fast Boot, for example, are some settings only applied when the users logs in on the computer. Some settings even require a reboot to be applied.
With the use of the /logoff
or /boot
switch, we can let gpupdate figure out if a logoff or reboot is necessary. To be clear, if you run gpupdate /boot, then the computer will only reboot if a policy change requires it. Otherwise, the policy will be applied immediately without the reboot.
- GPUpdate /logoff is needed for example after policy changes in the Active Directory like folder redirections or printers. Changes in the AD are only applied when the user logs in on the computer.
- GPUpdate /boot is for example needed when you create Software Distribution changes.
Run GPUpdate on a Remote Computer
Sometimes you may need to update quickly the group policies on multiple computers because you changed the internet proxy settings or maybe to replace a printer for example. There are couple of ways to run GPUpdate on a remote computer
Using the Group Policy Management Console
You can initiate a group policy update on a whole OU with the Group Policy Management Console. It has to be an OU with only computer objects in it, so you can’t use the method on a user OU. Simply right-click on the OU where you have changed a policy and click on Group Policy Update
This will update the user and computer policies on all the computers in the given organization unit. The nice thing is that it will as for confirmation and show you how many computers are going to be updated.
After you have confirmed the update the policies will be updated and you can see the status of each computer. In this example 5 computers where turned off, so the update failed.