Computer Tip: Update group policies on domain computers remotely

In the good old days, if a of new group policy was released or needed updating, you would either have to wait the customary amount of time before the policy kicked in or [if really necessary] ask the user to do a force update to the group policies.

Now, if you are an administrator running a Windows Server 2012 domain, you don’t have to do much waiting or asking.

It is called Remote GPUpdate. It creates a task through task scheduler. The task will execute within the next 10 minutes, which runs the GPUpdate locally on the machine. This will work on Windows Vista and later.

To implement, from the GPMC, right click on an OU that contains computer objects and then click the Group Policy Update option.

This will run a gpupdate /force on all computers in the OU and any OUs under that. The computer policy will be refreshed for each computer within 10 minutes of requesting as well the user policy will be refreshed for any users currently logged into those computers requested.

The “success” and “failure” headers indicate how many computers were contacted with the request and scheduled the request – not that the GP update was successful or not. If there is a failure, check the firewall settings below on computers that failed.

This feature can also be implemented with PowerShell.

As this feature uses a remote connection, you will need the following firewall rules enabled on clients:

  • Remote Scheduled Tasks Management (RPC)
  • Remote Scheduled Tasks Management (RPC-EPMAP)
  • Windows Management Instrumentation (WMI-In)

About ebraiter
computer guy

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: