locked
run gpupdate /force RRS feed

  • Question

  • using PowerShell how do you run gpupdate /force on a remote machine and Not want for the Y/N prompt for logging off & rebooting?

    We obviously do not want any user logged off or any system to reboot.   We only want to run gpupdate /force on remote systems.

    $ComputerName = "SomePC"
    Invoke-Command -Computer $ComputerName  {
    gpupdate /force }

    This never completes since it is waiting for someone to answer the Logoff/Reboot questions.  

    Thursday, February 15, 2018 11:00 PM

Answers

  • This worked.  I found an old .cmd file that does the trick and I can mimic what the .cmd file does in PowerShell

    Invoke-Command -ComputerName "AnyPC" {
    $cmd1 = "cmd.exe"
    $arg1 = "/c"
    $arg2 = "echo y | gpupdate /force /wait:0"
    &$cmd1 $arg1 $arg2
    }
    
    

    • Marked as answer by bellmonster Friday, February 16, 2018 2:34 PM
    Friday, February 16, 2018 2:20 PM

All replies

  • Hi Bellimonster,

    How about using the cmdlet Invoke-gpupdate?

    Invoke-GPUpdate -Computer "CONTOSO\COMPUTER-02" -Target "User"

    https://docs.microsoft.com/en-us/powershell/module/grouppolicy/invoke-gpupdate?view=win10-ps

    Regards

    Simon


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. Regards Simon Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights.

    Thursday, February 15, 2018 11:19 PM
  • Thanks.  We are more concerned with computer policies.   if I run either Invoke-GPUpdate -Computer "mypc" -Target "user"   OR Invoke-GPUpdate -Computer "mypc" -Target "computer"it runs but it does Not create a new secedit.sdb.   In our overall script we clean up the local GPO settings.  One of these steps is to delete the file c:\windows\security\database\secedit.sdb.    once that is deleted running invoke-gpupdate  does not recreate it.  But running gpupdate /force does.  We need this file recreated.

    Thursday, February 15, 2018 11:26 PM
  • How about running invoke-gpupdate with -force ?

    Regards

    Simon


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. Regards Simon Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights.

    Thursday, February 15, 2018 11:30 PM
  • same issue.  using -force does not recreate the c:\windows\security\database\secedit.sdb file.  I've tried both:

    $ComputerName = "MyPC"
    Invoke-GPUpdate -Computer "$computername" -Target "User" -force
    
    $ComputerName = "MyPC"
    Invoke-GPUpdate -Computer "$computername" -Target "Computer" -force

    Only running gpupdate /force creates this file.    


    • Edited by bellmonster Friday, February 16, 2018 2:15 PM
    Friday, February 16, 2018 2:15 PM
  • This worked.  I found an old .cmd file that does the trick and I can mimic what the .cmd file does in PowerShell

    Invoke-Command -ComputerName "AnyPC" {
    $cmd1 = "cmd.exe"
    $arg1 = "/c"
    $arg2 = "echo y | gpupdate /force /wait:0"
    &$cmd1 $arg1 $arg2
    }
    
    

    • Marked as answer by bellmonster Friday, February 16, 2018 2:34 PM
    Friday, February 16, 2018 2:20 PM
  • Hi,

    Good to hear that you have solved this issue by yourself. In addition, thanks for sharing your solution in the forum as it would be helpful to anyone who encounters similar issues.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 19, 2018 1:38 PM