This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I tried GPUPDATE /FORCE with local admin user on a domain-joined computer and I was expecting that neither computer policy nor user policy to be updated.
But when I tried GPUPDATE command, both policies have been updated successfully. My question is how computer & user policy updates are possible with a local account which does not exist as a domain user. How can local user get domain policies via GPUPDATE?
Thanks.
You can set Group Policy both local and domain. Here is a previous answer: https://social.technet.microsoft.com/Forums/lync/en-US/964f17e7-f9c9-4ed3-83bb-59d60cb03688/local-policies-vs-group-policies-will-it-make-conflict-
Hi,
First of all , let confirm the difference between the gpupdate and gpupdate /force
When you run the gpupdate command without parameters, only new and changed user and computer policy settings are applied.
GPUpdate /force command reapplies all the policies—both new and old (regardless of whether they have been changed).
When there are changes are made from the domain and local ,both the command gpupdate and gpupdate /force with update the policies.
But the local administrator can only get the user policy for local administrator itself . Also all the computer policies deployed to the client.
Think that when you logon to the clients as a domain user and run the command gpupdate and gpupdate /force, gpresult /h REPORT.HTML . You can only get the user policy for itself ,but can't get the computer policies.
Only when you run the cmd as administrator you can get the computer settings both from the local policies and the domain policies.
Best Regards,
Thanks for the answers but my question is: How can a local user get group policies from a domain? As its name implies it is a "local" user. So group policies applied to users in a domain should not be applied to a "local" user.
I understand the computer policies part (computer is domain joined) and it is ok.
What am I missing here?
Thanks.
Hi,
Local Group Policy applies to local users.
Based on my understanding ,Domain based Group Policy does not apply to local users.
If possible ,would you share a screenshot for the user settings of the gpresult /h report.html .(Please hide the private information )
Best Regards,
Hello,
Thank you so much for your kindly reply.
Domain based Group Policy does not apply to local users. Local Group Policy applies to local users.
When trying gpupdate /force with local admin account on a domain-joined computer, it will show that both policies have been updated successfully the same as you mentioned.
We are wondering why we are expecting to have error like "Error No user policy applied" or something else.
To view all the policies applied to the user account you’re currently logged in with, we would use the following command:
gpresult /Scope User /v
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Please find screenshot below. As you said, no gpo seems to be applied to local user as expected. Actually I was expecting to have an error like "Error No user policy applied" or something when I ran "gpupudate" command when I logon with a local user.
Hi,
Actually there will no error messages display if there are not GPOs failed.
And for a local administrator, it will only received the computer configuration from both the domain and local and the user configuration from the local.
Best Regards,