Group Policy Update

IT administrators have been working with and around Active Directory since the introduction of the technology in Windows 2000 Server. Windows 2000 Server was released on February 17, 2000 but many administrators began working with Active Directory in late 1999 when it was released to manufacturing (RTM) on December 15, 1999.

How to Update Group Policy?

GPOs that modify computer settings are applied at computer startup.

Settings that are for users are applied at the time that the user logs on. By default, GPOs are processed synchronously. Synchronous processing ensures that all settings are applied before the user completes the log on process.

Alternatively, asynchronous processing can be configured, to allow multiple operations to be performed. However, asynchronous processing can cause undesired effects.

For example, if a policy is configured to remove Start Menu options for a user, the user could log on (and have access to the start menu) before the policy is applied.

By default, GPOs are also reapplied every 90 minutes, with a randomized offset of up to 30 minutes.

For domain controllers, the policies are refreshed every 5 minutes.

Both of these refresh settings can be configured by using Group Policy.

Group Policy Force Update

If you do not wish to wait for a policy to refresh automatically, the gpupdate.exe command can be used locally, or with switches, remotely. The gpupdate.exe command processes the policies and applies only the settings that have been changed since the last refresh.

Additionally, other command switches can be used to force applying all settings, specifying only user or computer settings, logging off, or restarting a computer after applying the settings.

To troubleshoot or view the applied policies, the gpresult.exe command can be used. The gpresult.exe command also has switches, allowing you to view the final applied policy in HTML format. The gpresult.exe command can also be ran remotely against target computers by name or by IP address.

You can also specify specific user accounts to see the settings that would be applied if that user were to log on.

More information about Active Directory basisc you will find in our AD tutorial for begginners.