How to Force Remote Group Policy Processing?

Introduction

Updating Microsoft Windows Group Policy settings on the local machine is not so hard with a tool such as Gpupdate, but updating these policies on remote domain computers is not possible from within any Microsoft Management Console (MMC) by default or with any Microsoft tool available so far.

The problem...

Most administrators know the problem of forcing Group Policy (GP) processing on remote computers. After configuring an important policy of some kind, we would sometimes like GP processing to occur immediately on client computers. The problem is that by default, the so called background processing “only” happens every 90 to 120 minutes (randomized) – if we want to force updates to occur right away we are on our own.

...and the solution

Why invent something that has already been invented, right? PsExec is developed by Mark Russinovich, the former owner of Sysinternals which was acquired by Microsoft in July 2006. It is currently available in version 1.73 and can be downloaded from Microsoft Technet here.

PsExec is ‘Heaven’ when talking remote execution, first of all because it does not require any agents installed on the remote computers. You need to specify a computer name and the command that should be executed as switches in a command prompt – that’s basically it! Behind the scenes a service is being installed ‘ad hoc’ remotely and removed again when the command has been executed.

A small tip is to place the PsExec.exe file in the “%windir%” directory, because then we don’t have to specify the complete path to this file when executing it from a command line etc.
To update group policies on the remote computer ‘Computername’ all we have to write is the following command:

PsExec \\Computername Gpupdate

The user logged on to the remote computer will not see anything happening, but in the background Gpupdate will ‘refresh’ both user and computer policies and apply any missing settings. You would think that PsExec should run with the “-i" switch (interactive) to update the remote users specific user policies, but testing shows that this is not the case.