Microsoft KB Archive/227448

From BetaArchive Wiki
Knowledge Base


Using Secedit.exe to Force Group Policy to Be Applied Again

Article ID: 227448

Article Last Modified on 2/27/2007



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Datacenter Server



This article was previously published under Q227448

SUMMARY

When an administrator changes a Group Policy Object (GPO), the change takes place on a domain controller (typically the Windows domain controller holding the primary domain controller Flexible Single Master Operation [FSMO] role). The change is then replicated to other domain controllers through Active Directory and SYSVOL replication. At regular intervals, domain controllers and clients check for modifications to the GPOs. If any changes exist, they are applied.

If immediate re-evaluation and application of group policy is necessary, you can invoke a command that triggers this process. For additional information about the default intervals for background refresh of Group Policy, click the article number below to view the article in the Microsoft Knowledge Base:

203607 How to Modify the Default Group Policy Refresh Interval


MORE INFORMATION

To trigger Group Policy application for the local computer, type the following line at a command prompt:

secedit /refreshpolicy machine_policy


To trigger Group Policy application for the currently logged on user, type the following line at a command prompt:

secedit /refreshpolicy user_policy


Normally, if the GPOs that define the environment for the user have not changed from the last time Group Policy was applied, the GPO is skipped and not applied again. In either case, specifying /enforce on the command line re-applies the policy even if the GPOs that apply to the computer or user have not changed. An example of the command line in this case is:

secedit /refreshpolicy machine_policy /enforce


After Windows 2000 has accepted the request, the following text should be displayed to the user:

Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any.




For information about the new command-line utility, Gpupdate.exe, in Microsoft Windows XP and Microsoft Windows Server 2003 that replaces the /refreshpolicy switch in Secedit.exe in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

298444 A Description of the Group Policy Update Utility


Keywords: kbenv kbhowto KB227448