As an IT Administrator, there are many times when I make a change to Group Policy in Active Directory and need to manually refresh the policy on a client machine. Depending on which OS you are running, the command to refresh group policy is different.
Also, there is a difference between refreshing a policy and forcing a policy refresh. A default policy refresh will only download the settings that have changed. A forced refresh will re-apply all settings.
Group Policy Update in Windows 2000
To update Group Policy in Windows 2000, you have to use the secedit command. To refresh the computer policies, use this command:
To refresh the user policies in Windows 2000, use the following command:
Note that the /enforce will ensure that all settings in the policy are reapplied, even if nothing has changed since the last time the policy was applied.
Group Policy Update in Windows XP, Vista, 7, and 10
For all other operating systems including Windows XP, Vista, 7, 8, 10, Windows Server 2003 & 2008, the secedit command has been replaced with the gpupdate command. To refresh the computer policies only, use this command:
To refresh the user policies in Windows XP and Server 2003, use the following command:
So that’s all simple and good, but what if you want to refresh Group Policy remotely? Well, there are a couple of ways you can do this, but one method is to use the Group Policy Management Console on your Windows Server 2012 or 2016 machine. You also have to open some inbound ports on each computer for this to occur. Microsoft has an KB article on how to setup remote GP updates , but it’s quite involved.
A simpler method would probably be to set the computers to restart at an off peak time, which will automatically update Group Policy settings. You can also adjust the Group Policy refresh interval for computers to be longer or shorter than the default. If you have any questions, feel free to comment. Enjoy!