If someone were to ask me which CMD commands I used the most, GPUpdate would probably be in the top 5. GPUpdate is a command-line utility that will manually update group policies on a domain-joined computer. By default, Windows refreshes group policy every 90 minutes with a randomized 30-minute offset, which is forever in sysadmin time. Even then, some group policies will only refresh after a reboot. Since sysadmins don’t have all day to stand around waiting for group policy to refresh automatically and system reboots, it’s easy to see why GPUpdate is such an appealing alternative.
With PowerShell now being the default CLI (command line interface), it’s essential for sysadmins to start learning how to use their favorite CMD commands and utilities in PowerShell. Microsoft has been kind enough to make the transition from CMD to PowerShell as easy as possible. In fact, most of our CMD commands and utilities continue to work in PowerShell. If you run the command GPUdate/force in PowerShell, the command will still work, and group policy will refresh.
Now that we know that our old commands will continue to work and we can safely transition to PowerShell, it’s time for us old dogs to learn new tricks. To take advantage of PowerShell’s added functionality, we need to start using the proper PowerShell commands. Let’s take a deep dive into the PowerShell equivalent of GPUpdate.
The PowerShell Equivalent of GPUpdate is Invoke-GPUpdate
NAME
Invoke-GPUpdate
SYNOPSIS
Schedules a remote Group Policy refresh on the specified computer.
SYNTAX
Invoke-GPUpdate [[-Computer] <String>] [[-RandomDelayInMinutes] <Int32>] [-AsJob] [-Boot] [-Force] [-LogOff] [-Target <String>] [<CommonParameters>]
Invoke-GPUpdate [[-Computer] <String>] [[-RandomDelayInMinutes] <Int32>] [-AsJob] [-Boot] [-LogOff] [-Sync] [-Target <String>] [<CommonParameters>]
DESCRIPTION
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.
NOTE: If you get an error when you try to run Invoke-GPUpdate, make sure you are running PowerShell as an administrator. Most commands in PowerShell require administrative privileges to run. Also, RSAT: Group Policy Management Tools will need to be installed If you are running these commands from a Windows 10 computer.
Examples of Invoke-GPUpdate
Now that we know the proper PowerShell command for GPUpdate let’s look at a few examples of how to use it.
Invoke-GPUpdate Example 1:
Invoke-GPUpdate -Force
This is the standard gpupdate command we are all familiar with. This command will initiate a group policy refresh on the localhost.
Invoke-GPUpdate Example 2:
Invoke-GPUpdate -Computer “computer-name” -Force
This example is similar to the first one, with one exception. This command initiates a group policy refresh on a remote host instead of locally. What’s that, you want to target more remote devices? You got it!
Invoke-GPUpdate Example 3:
$list = "computer1", "computer2"
Foreach ($Machine in $list){
Invoke-GPUpdate -Computer $Machine -Target “Computer”
}
If you’re new to PowerShell, this example may seem a little daunting at first. Let’s unpack it and highlight what’s going on.
$list is creating a variable that can contain multiple values. In this case, it contains multiple computer names, “computer1” and “computer2”. In the screenshot, the computer names I used are “Michael-Scott.pdqdemo.net” and “Jim-Halper.pdqdemo.net”.
Foreach is a command that will loop through multiple items, running commands against each item in a list.
$Machine is a placeholder variable that will represent the current item from the list. $Machine will take a value from the $list variable and hold onto it while it runs through the loop. Once the loop has finished, $Machine will be assigned the next value from the $list variable.
The Invoke-GPUpdate command is similar to our previous examples, though instead of using the computer name, we use the $Machine placeholder variable to identify which machine we are targeting.
-Target allows us to target a specific scope within group policy. In this case, -Target “Computer” targets the computer policy specifically and will not update the user policy.
Wrapping Up
Hopefully, example three gives you a taste of what’s possible with PowerShell. If you wanted to, you could easily query entire OU’s and run this cmdlet against each of the computers in the OU’s. With PowerShell, you could automate this and many more administrative tasks making you look like a rockstar while PowerShell does all the work.
If automating your manual administrative tasks sounds like something you need in your life, consider combining PowerShell with PDQ Inventory and PDQ Deploy. With PDQ Inventory, you can use the PowerShell scanner and create custom PowerShell tools to run against your network. With PDQ Deploy, you can deploy PowerShell scripts to hundreds of computers in seconds. Learn more about custom tools in PDQ Inventory and learn more about deploying PowerShell scripts with PDQ Deploy here.
Have you finally decided to dive headfirst into PowerShell? Subscribe to the PDQ Blog, and we’ll help you on your journey to PowerShell greatness!