TL;DR: The PowerShell equivalent of the GPUpdate command is Invoke-GPUpdate. It lets sysadmins manually refresh Group Policy on local or remote domain-joined computers without waiting for the default background refresh interval.
GPUpdate is a command-line utility used to manually refresh Group Policy on a domain-joined computer. By default, Windows refreshes Group Policy every 90 minutes with a randomized 30-minute offset, which is forever in sysadmin time. Even then, some group policies only refresh after a reboot. Since sysadmins don’t have all day to stand around waiting for group policy to refresh automatically and system reboots, it’s easy to see why GPUpdate is such an appealing alternative. That's why if someone were to ask me which CMD commands I used the most, GPUpdate would probably be in the top five.
With PowerShell as the default CLI (command-line interface), it’s essential for sysadmins to start learning how to use their favorite CMD commands and utilities in PowerShell. Microsoft has been kind enough to make the transition from CMD to PowerShell as easy as possible. In fact, most of our CMD commands and utilities continue to work in PowerShell. If you run the command GPUdate/force in PowerShell, the command still works, and Group Policy refreshes.
Now that we know that our old commands will continue to work and we can safely transition to PowerShell, it’s time for us old dogs to learn new tricks. To take advantage of PowerShell’s added functionality, we need to start using the proper PowerShell commands. Let’s take a deep dive into the PowerShell equivalent of GPUpdate.
Want to increase your PowerShell knowledge?
Tune into The PowerShell Podcast, where PowerShell experts share their tips, tricks, and best practices.
The PowerShell equivalent of GPUpdate: Invoke-GPUpdate
NAME
Invoke-GPUpdate
SYNOPSIS
Schedules a remote Group Policy refresh on the specified computer.
SYNTAX
Invoke-GPUpdate [[-Computer] <String>] [[-RandomDelayInMinutes] <Int32>] [-AsJob] [-Boot] [-Force] [-LogOff] [-Target <String>] [<CommonParameters>]
Invoke-GPUpdate [[-Computer] <String>] [[-RandomDelayInMinutes] <Int32>] [-AsJob] [-Boot] [-LogOff] [-Sync] [-Target <String>] [<CommonParameters>]
DESCRIPTION
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.Note: If you get an error when you try to run Invoke-GPUpdate, make sure you are running PowerShell as an administrator. Most commands in PowerShell require administrative privileges to run. Also, RSAT: Group Policy Management Tools need to be installed.
How to use Invoke-GPUpdate in PowerShell
Now that we know the proper PowerShell command for GPUpdate, let’s look at a few examples of how to use it.
Invoke-GPUpdate example 1
Invoke-GPUpdate -Force
This is the standard GPUpdate command we are all familiar with. This command initiates a Group Policy refresh on the localhost.
Invoke-GPUpdate example 2
Invoke-GPUpdate -Computer “computer-name” -Force
This example is similar to the first one, with one exception. This command initiates a Group Policy refresh on a remote host instead of locally. What’s that, you want to target more remote devices? You got it!
Invoke-GPUpdate example 3
$list = "computer1", "computer2"
Foreach ($Machine in $list){
Invoke-GPUpdate -Computer $Machine -Target “Computer”
}
If you’re new to PowerShell, this example may seem a little daunting at first. Let’s unpack it and highlight what’s going on.
$list is creating a variable that can contain multiple values. In this case, it contains multiple computer names, “computer1” and “computer2." In the screenshot, the computer names I used are “Michael-Scott.pdqdemo.net” and “Jim-Halper.pdqdemo.net."
Foreach is a command that loops through multiple items, running commands against each item in a list.
$Machine is a placeholder variable that represents the current item from the list. $Machine takes a value from the $list variable and holds onto it while it runs through the loop. Once the loop has finished, $Machine is assigned the next value from the $list variable.
The Invoke-GPUpdate command is similar to our previous examples, though instead of using the computer name, we use the $Machine placeholder variable to identify which machine we are targeting.
-Target allows us to target a specific scope within Group Policy. In this case, -Target “Computer” targets the computer policy specifically and does not update the user policy.
Wrapping up
Invoke-GPUpdate makes it easy to refresh Group Policy across multiple machines using PowerShell automation.
Hopefully, example three gives you a taste of what’s possible with PowerShell. If you wanted to, you could easily query entire OUs and run this cmdlet against each of the computers in the OUs. With PowerShell, you could automate this and many more administrative tasks making you look like a rockstar while PowerShell does all the work.
If automating your manual administrative tasks sounds like something you need in your life, consider combining PowerShell with PDQ Connect or PDQ Deploy & Inventory. Start a free trial to give see how easy automation can be.
With PDQ Connect or PDQ Deploy, you can deploy PowerShell scripts to hundreds of computers in seconds. With PDQ Inventory, you can use the PowerShell Scanner and create custom PowerShell tools to run against your network. Learn more about custom tools in PDQ Inventory and deploying PowerShell scripts with PDQ Deploy.
Have you finally decided to dive headfirst into PowerShell? Subscribe to the PDQ Blog, and we’ll help you on your journey to PowerShell greatness!
