Windows Server 2012

Forcing a Remote Group Policy Update with GPMC

How do I force a remote Group Policy update in Windows Server 2012?

Group Policy settings refresh automatically every 90 minutes, with a random offset of 0 to 30 minutes so that not all computers in the domain refresh their Group Policy settings at the same time. If you want to apply new Group Policy settings without waiting for the next scheduled refresh, you can force an update by running the gpupdate command line tool locally.

Windows Server 2012 Group Policy Management Console (GPMC) has a new feature that allows administrators to remotely force a Group Policy refresh on all computers in an Active Directory (AD) Organizational Unit (OU). Additionally, there’s also a new PowerShell cmdlet (Invoke-GPUpdate) that allows you to do the same thing programmatically, with the advantage of being able to target the default Computers container.

Configure Windows Firewall to allow a remote Group Policy update

First we need to configure Windows Firewall across our network to support the ability to remotely refresh Group Policy.

  1. Logon to Windows Server 2012, or Windows 8 if you have the Windows Server 2012 Remote Server Administration Tools (RSAT) installed.
  2. Open Server Manager from the desktop Task Bar or Start screen.
  3. Open Group Policy Management from the Tools menu in Server Manager.
  4. In the left pane of GPMC, expand your AD forest, domain, and select Starter GPOs.
  5. In the right pane of GPMC, if you don’t see a list of Starter GPOs for your domain, click Create Starter GPOs Folder.
  6. Now in the left pane of GPMC, right click your AD domain and select Create a GPO in this domain, and Link it here… from the menu.
  7. In the New GPO dialog, name the GPO GPO remote update Windows Firewall settings, select Group Policy Remote Update Firewall Ports under Source Starter GPO and click OK.
  8. In the left pane of GPMC, click on your AD domain. In the right pane, switch to the Linked Group Policy Objects tab. Click the new firewall settings GPO in the list and using the arrows on the left, move it up in the link order above the Default Domain Policy.

GPO link order in GPMC

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Force a remote Group Policy update

Once the new GPO is linked to your domain, you’ll need to wait for Group Policy to refresh on all devices to which it applies before you can reliably force a remote update using GPMC.

To force a Group Policy update on all computers in an Organizational Unit (OU) using GPMC:

  1. Right-click the desired OU in GPMC and select Group Policy Update from the menu.
  2. Confirm the action in the Force Group Policy Update dialog by clicking Yes.

Check the results in the Remote Group Policy update results window.

Remote Group Policy Update Results

Related Topics:

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: