Using PowerShell to remotely refresh Group Policy

You can use the Invoke-GPUpdate cmdlet to refresh Group Policy settings on remote computers. This cmdlet works by scheduling the running of the Gpupdate.exe command on the remote computers. Before you can do this, however, you need to open the necessary firewall ports on the computers you will be targeting, as was explained in the previous lesson in this chapter. You can perform this preliminary step by using Windows PowerShell. For example, the following command creates and links a GPO that will open the necessary firewall ports for all computers in the corp.fabrikam.com domain:

New-GPO -Name “EnableRemoteRefresh” `
-StarterGPOName “Group Policy Remote Update Firewall Ports” | `
New-GPLink -Target “dc=corp,dc=fabrikam,dc=com”

Once this GPO has been processed, you can then perform a remote refresh of Group Policy for computers in a specific OU. For example, the following command refreshes Group Policy remotely for computers in the Desktops OU described earlier in Lesson 1 of this chapter:

Get-ADComputer -Filter * `
-SearchBase “ou=Desktops,ou=Computers,ou=HQ-NYC,dc=corp,dc=fabrikam,dc=com” | `
foreach{Invoke-GPUpdate -Computer $_.Name -force -RandomDelayInMinutes 0}

The preceding command uses the Get-ADComputer cmdlet to obtain a list of names of computers in the targeted OU. The output from this command is then piped into a foreach statement that initiates an immediate refresh of Group Policy on each computer.

The above tip was excerpted from Mitch Tulloch’s book Training Guide: Installing and Configuring Windows Server 2012 from Microsoft Press.

Mitch is a nine-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows administration, deployment and virtualization.  For more information see http://www.mtit.com.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top