So i try to run gpupdate as an executable command on a script. However when i run it on a client it says successful run.
It doesnt actually do anything though. What is the problem?
I'm not clear what you are looking at to determine that it is not doing anything, because with this particular script there are no outwardly visible indicators within Kaseya or on the machine itself that anything changed. To see if anything happened/changed you really need to use a tool like the Resultant Set Of Policies snap-in (RSOP.MSC) or GPRESULT.EXE before and after running the script, comparing the outputs of before and after. However to see changes in the applied policies, there actually needs to be something to change in the first place within the Group Policy Objects (GPO) on the domain that and in affect for the machine. GPUPDATE /FORCE simply causes a domain member computer to contact a domain controller for the domain it is a member of and then to update the cached Group Policy settings from the most current versions of the various Group Policy Objects present on the domain controller. If in fact there are domain GPO changes and the GPUPDATE /FORCE runs but fails to update the local policies, there could be a number of things at play including but not limited to:
- Multiple Domain Controllers with different versions of the GPO(s) because AD replication has not yet synchronized the GPO(s) aross all DCs.
- The machine running the script cannot contact the domain for some reason
- The machine running the script is not a member of a domain.
- The machine running the script does not have a valid trust relationship with the domain any more.
- The machine is having some issue processing the GPO and related errors are being logged to the Windows Event Log.
- Conflicting GPO settings in affect simultaneously.
If you have other information that you can add on how you are looking at this particular issue please post an update.
I hope this helps you figure out what is happening.
What security context are you running the command under? You will need to run this under a domain account, which has privileges to access and update Group Policy.
Yes, good point...It is probably best to execute the GPUPDATE /FORCE step as the currently logged on user since any User specific GPO settings may need to be applied to the user profile of the current user on the machine. Machine specific settings can be applied locally using any user account that can authenticate to the domain.
Looks like i got it to work. had to: do first step:c:\windows\system32\gpupdate.exe /force. and second step: c:\windows\syswow64\gpupdate.exe /force