Using Secedit.exe to Force Group Policy to Be Applied Again

This article was previously published under Q227448
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
This article has been archived. It is offered "as is" and will no longer be updated.
When an administrator changes a Group Policy Object (GPO), the change takes place on a domain controller (typically the Windows domain controller holding the primary domain controller Flexible Single Master Operation [FSMO] role). The change is then replicated to other domain controllers through Active Directory and SYSVOL replication. At regular intervals, domain controllers and clients check for modifications to the GPOs. If any changes exist, they are applied.

If immediate re-evaluation and application of group policy is necessary, you can invoke a command that triggers this process.For additional information about the default intervals for background refresh of Group Policy, click the article number below to view the article in the Microsoft Knowledge Base:
203607 How to Modify the Default Group Policy Refresh Interval
To trigger Group Policy application for the local computer, type the following line at a command prompt:
secedit /refreshpolicy machine_policy
To trigger Group Policy application for the currently logged on user, type the following line at a command prompt:
secedit /refreshpolicy user_policy
Normally, if the GPOs that define the environment for the user have not changed from the last time Group Policy was applied, the GPO is skipped and not applied again. In either case, specifying /enforce on the command line re-applies the policy even if the GPOs that apply to the computer or user have not changed. An example of the command line in this case is:
secedit /refreshpolicy machine_policy /enforce
After Windows 2000 has accepted the request, the following text should be displayed to the user:
Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any.

For information about the new command-line utility, Gpupdate.exe, in Microsoft Windows XP and Microsoft Windows Server 2003 that replaces the /refreshpolicy switch in Secedit.exe in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
298444 A Description of the Group Policy Update Utility

Article ID: 227448 - Last Review: 12/05/2015 14:02:32 - Revision: 4.4

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows 2000 Datacenter Server

  • kbnosurvey kbarchive kbenv kbhowto KB227448