ARCHIVED: Using Microsoft Windows 2000, how do I force a group policy to be applied?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

When you make a change to a Group Policy Object (GPO), the change takes place on a Windows 2000 domain controller. The change then replicates to all other domain controllers in the Active Directory. All Windows 2000 computers in Active Directory check for modifications to GPOs at regular intervals. If there are changes, then they are applied during the next interval.

If you need to apply the change immediately, you can use one of the following commands to trigger the process:

  • To refresh the group policy for the local computer, enter: 
      secedit /refreshpolicy machine_policy
  • To refresh the group policy for the user currently logged in, enter: 
      secedit /refreshpolicy user_policy

These commands compare the currently applied GPO to the GPO located on the domain controllers. If nothing has changed since the last time the GPO was applied, then the GPO is skipped.

To force a GPO to be reapplied, whether or not changes have been made to the GPO, use the /enforce switch: 

  secedit /refreshpolicy machine_policy /enforce

Once Windows 2000 accepts the request, it will display the following message:

"Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any."

This information was adapted from article 227448 at the Microsoft Help and Support web site.

Related documents

Group policies in Microsoft Active Directory Group policy conflicts in Active Directory at IU Why your Windows group policy doesn't take effect immediately

This is document ajjt in the Knowledge Base.
Last modified on 2021-09-07 17:08:01.