As an IT Administrator, there are many times when I make a change to Group Policy in Active Directory and need to manually refresh the policy on a client machine. Depending on which OS you are running, the command to refresh group policy is different.
Also, there is a difference between refreshing a policy and forcing a policy refresh. A default policy refresh will only download the settings that have changed. A forced refresh will reapply all settings.
Group Policy Update in Windows 2000
To update Group Policy in Windows 2000, you have to use the secedit command. To refresh the computer policies, use this command:
SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
To refresh the user policies in Windows 2000, use the following command:
SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE
Note that the /enforce will ensure that all settings in the policy are reapplied, even if nothing has changed since the last time the policy was applied.
Group Policy Update in Windows XP, Vista, Server 2003 & 2008
For all other operating systems including Windows XP, Vista, Windows Server 2003 & 2008, the secedit command has been replaced with the gpupdate command. To refresh the computer policies only, use this command:
gpupdate /target:computer /force
To refresh the user policies in Windows XP and Server 2003, use the following command:
gpupdate /target:user /force
So that’s all pretty easy, but what if you want to refresh Group Policy remotely? What do I mean by that? Well what if you are sitting on your computer and you want to run the gpupdate /force command on 5 Windows XP computers in the Accounting department?
You could remote desktop into each one and run the command, but that’s a pain, especially if you need to do it for a lot of computers. Here’s a nifty script you can use to remotely refresh Group Policy settings on Windows XP and Windows 2000 computers:
@echo off XPGPORef1=gpupdate.exe /Target:User /force XPGPORef2=gpupdate.exe /Target:Computer /force Win2kGPORef1=secedit.exe /refreshpolicy user_policy Win2kGPORef2=secedit.exe /refreshpolicy machine_policy For /f “Tokens=*” %%a in (ComputerList.txt) Do ( SET Comp_name=%%a Ver.exe \\%comp_name% > Hostver.txt Find /I “XP” < Hostver.txt > CheckCC.txt IF %errorlevel% == 0 ( Psexec.exe \\%comp_name% Gpupdate.exe /Target:User /force Psexec.exe \\%comp_name% Gpupdate.exe /Target:Computer /force ) ELSE ( Psexec.exe \\%comp_name% secedit.exe /refreshpolicy user_policy Psexec.exe \\%comp_name% secedit.exe /refreshpolicy machine_policy )
The script will check the operating system for each computer name that is in a list called ComputerList.txt and will run the appropriate group policy update command. Just add all the computer names into that text line, one on each line.
Any issues with the script or about Group Policy refresh, post a comment and I will try to help! Enjoy!
Thank you for the script. My issues seems to only be with XP Pro machines. GPOL does not update on them. Attempted this script and still no updates. Any other ideas, or help you can offer?