Refreshing Group Policy | Windows .NET Server 2003 Domains & Active Directory

When an administrator has changed a GPO, he or she may want to refresh group policy application to verify the effect of the new settings. (Certainly, it is possible to re boot the computer or make the user re-register to the domain. However, this is not always convenient.) On computers running Windows 2000, to perform this task, you can use the SecEdit.exe command-line utility. Windows XP/.NET systems offer a new utility (which you should use) — GPupdate.exe — for that purpose.

The command syntax is very simple. To refresh user policies, enter either of the following commands (applicable to your system):

    C:\>secedit /refreshPolicy user_policy — on Windows 2000    C:\>gpupdate /Target:User — on Windows .NET

The following commands refresh computer policies:

    C:\>secedit /refreshPolicy machine_policy    C:\>gpupdate /Target:Computer

The GPupdate command without parameters updates both user and computer policies.

If you want to re-apply policies (GPOs), even if they have not changed since the last time they were applied, add the /enforce parameter to the SecEdit command or the /Force parameter to the GPupdate command. (Normally, GPOs are applied only once; unchanged GPOs are skipped.)

Note

You may want to change the default GPO refresh interval (90 minutes for client computers and 5 minutes for domain controllers), as well as the offset (30 minutes for client computers and 0 minutes for domain controllers). For that purpose, use group policies (Computer Configuration | Administrative Templates | System | Group Policy) or modify the system registry. For more information, see Microsoft Knowledge Base article Q203607.