GPO Force Group Policy Update

Group policy can be updated in individual devices by running the gpupdate  /Force command.
The /Force  applies all policy settings, not just those that have changed.

To remotely update Group policy, this can be done by right clicking the desired Organizational Unit in GPMC and selecting Group Policy Update from the menu, confirm the action in the Force Group Policy Update dialog by clicking Yes.

The following powershell command can be run

Invoke-GPUpdate -Computer mycompany\aghwks01


If the client has the firewall turn on, then certain ports need opened. The easiest way to do this is create a new GPO referencing the Group Policy Remote Update Firewall Port starter GPO.

Creating a GPO to open firewall ports can also be done by powershell

New-GPO -Name “GPO remote update firewall settings” -StarterGpoName “Group Policy Remote Update Firewall Ports | New-GPLink -traget “dc=company,dc=local” -linkenabled yes

The firewall rules that are enabled are:

  • Remote Scheduled Task Management (RPC)
  • Remtoe Scheduled Task Manageemnt (RPC-ERMAP)
  • Windows Management Instrumentation (WMI-IN)

Leave a Reply