GPUPDATE behavior with local user

yzgulec 1 Reputation point

I tried GPUPDATE /FORCE with local admin user on a domain-joined computer and I was expecting that neither computer policy nor user policy to be updated.

But when I tried GPUPDATE command, both policies have been updated successfully. My question is how computer & user policy updates are possible with a local account which does not exist as a domain user. How can local user get domain policies via GPUPDATE?



Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,011 questions
No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Sean Liming 4,141 Reputation points MVP
  2. Fan Fan 15,186 Reputation points


    First of all , let confirm the difference between the gpupdate and gpupdate /force
    When you run the gpupdate command without parameters, only new and changed user and computer policy settings are applied.
    GPUpdate /force command reapplies all the policies—both new and old (regardless of whether they have been changed).

    When there are changes are made from the domain and local ,both the command gpupdate and gpupdate /force with update the policies.
    But the local administrator can only get the user policy for local administrator itself . Also all the computer policies deployed to the client.

    Think that when you logon to the clients as a domain user and run the command gpupdate and gpupdate /force, gpresult /h REPORT.HTML . You can only get the user policy for itself ,but can't get the computer policies.
    Only when you run the cmd as administrator you can get the computer settings both from the local policies and the domain policies.

    Best Regards,

  3. yzgulec 1 Reputation point

    Thanks for the answers but my question is: How can a local user get group policies from a domain? As its name implies it is a "local" user. So group policies applied to users in a domain should not be applied to a "local" user.

    I understand the computer policies part (computer is domain joined) and it is ok.

    What am I missing here?


  4. Hannah Xiong 6,176 Reputation points


    Thank you so much for your kindly reply.

    Domain based Group Policy does not apply to local users. Local Group Policy applies to local users.

    When trying gpupdate /force with local admin account on a domain-joined computer, it will show that both policies have been updated successfully the same as you mentioned.



    We are wondering why we are expecting to have error like "Error No user policy applied" or something else.

    To view all the policies applied to the user account you’re currently logged in with, we would use the following command:

    gpresult /Scope User /v


    For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.