Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Using Secedit.exe to Force Group Policy to Be Applied Again
Article ID: 227448 - View products that this article applies to.
This article was previously published under Q227448
NoticeThis article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center
(http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000)is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy
When an administrator changes a Group Policy Object (GPO), the change takes place on a domain controller (typically the Windows domain controller holding the primary domain controller Flexible Single Master Operation [FSMO] role). The change is then replicated to other domain controllers through Active Directory and SYSVOL replication. At regular intervals, domain controllers and clients check for modifications to the GPOs. If any changes exist, they are applied.
If immediate re-evaluation and application of group policy is necessary, you can invoke a command that triggers this process. For additional information about the default intervals for background refresh of Group Policy, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/203607/EN-US/ )How to Modify the Default Group Policy Refresh Interval
To trigger Group Policy application for the local computer, type the following line at a command prompt:
secedit /refreshpolicy machine_policyTo trigger Group Policy application for the currently logged on user, type the following line at a command prompt:
secedit /refreshpolicy user_policyNormally, if the GPOs that define the environment for the user have not changed from the last time Group Policy was applied, the GPO is skipped and not applied again. In either case, specifying /enforce on the command line re-applies the policy even if the GPOs that apply to the computer or user have not changed. An example of the command line in this case is:
secedit /refreshpolicy machine_policy /enforceAfter Windows 2000 has accepted the request, the following text should be displayed to the user:
Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any.
For information about the new command-line utility, Gpupdate.exe, in Microsoft Windows XP and Microsoft Windows Server 2003 that replaces the /refreshpolicy switch in Secedit.exe in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/298444/ )A Description of the Group Policy Update Utility