General discussion

Locked

force group policy via cmd prompt syntax

By dubplate_acetate ·
hello,

can someone provide me with the syntax to force group policy refresh/updates through the domain from the domain controller?

i am looking for the syntax for a total refresh and also the syntax for a specific policy refresh aswell.

thanks,

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by voldar In reply to force group policy via cm ...

The command is the following:
secedit /refreshpolicy machine_policy /enforce
- if you want to refresh the policy at the machine level, or use the same syntax but change to user_policy instead of machine_policy if you want to refresh the policy at the user level.

Collapse -

by dubplate_acetate In reply to

i tried this already.

secedit /refreshpolicy office staff / enforce


where office staff = my policy i want to refresh

all that happens is that help opens up with info about automating security config tasks

what am i doing wrong??

please advise

Collapse -

by Ronypp In reply to force group policy via cm ...

To manually force Group Policy to refresh under Windows 2000, you use the command

secedit /refreshpolicy Microsoft has replaced this command in Windows 2003 and XP with the command

gpupdate
You can run this command without any switches to update both machine and user policies. When you run Gpupdate on Windows 2003, the machine will display the following text:

Refreshing Policy...

User Policy Refresh has completed.
Computer Policy Refresh has completed.

To check for errors in policy processing, review the event log. The last line doesn't appear on XP machines. To update only the user command components, type

gpupdate /target:user
To load only the computer command components, type

gpupdate /target:computer
The optional switches that you can use with the Gpupdate command are

/Force. This switch loads all policy settings rather than just those that have changed.
/Wait:<time>. This switch specifies the amount of time to wait for the policy processing to finish before returning to the command prompt.
/Logoff. This switch causes the user to log off after Group Policy refreshes.
/Boot. This switch causes a reboot after Group Policy refreshes.
/Sync. This switch synchronously (i.e., in the background) applies the next boot or user logon policy (the system will prompt you to log off or reboot, depending on the /target setting).


GpupdateRefreshes local Group Policy settings and Group Policy settings that are stored in Active Directory, including security settings. This command supersedes the now obsolete /refreshpolicy option for the secedit command.

Syntax
gpupdate [/target:{computer | user}] [/force] [/wait:Value] [/logoff] [/boot]

Credit: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/refrGP.asp

Collapse -

by dubplate_acetate In reply to

cheers, got it

Collapse -

by voldar In reply to force group policy via cm ...

You can't refresh or enforce a specific policy, you can refresh or enforce the policy at the machine level or/and user level.

Collapse -

by voldar In reply to

I office staff is a policy name applied to the user level, use secedit /refreshpolicy user_policy /enforce. If it is at computer level use secedit /refreshpolicy machine_level /enforce.

Collapse -

by voldar In reply to

last command - machine_policy instead of machine_level

Collapse -

by dubplate_acetate In reply to force group policy via cm ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums