|
|
When an administrator has changed a GPO, he or she may want to refresh group policy application to verify the effect of the new settings. (Certainly, it is possible to re boot the computer or make the user re-register to the domain. However, this is not always convenient.) On computers running Windows 2000, to perform this task, you can use the SecEdit.exe command-line utility. Windows XP/.NET systems offer a new utility (which you should use) — GPupdate.exe — for that purpose.
The command syntax is very simple. To refresh user policies, enter either of the following commands (applicable to your system):
C:\>secedit /refreshPolicy user_policy — on Windows 2000 C:\>gpupdate /Target:User — on Windows .NET
The following commands refresh computer policies:
C:\>secedit /refreshPolicy machine_policy C:\>gpupdate /Target:Computer
The GPupdate command without parameters updates both user and computer policies.
If you want to re-apply policies (GPOs), even if they have not changed since the last time they were applied, add the /enforce parameter to the SecEdit command or the /Force parameter to the GPupdate command. (Normally, GPOs are applied only once; unchanged GPOs are skipped.)
Note | You may want to change the default GPO refresh interval (90 minutes for client computers and 5 minutes for domain controllers), as well as the offset (30 minutes for client computers and 0 minutes for domain controllers). For that purpose, use group policies (Computer Configuration | Administrative Templates | System | Group Policy) or modify the system registry. For more information, see Microsoft Knowledge Base article Q203607. |
|
|