Group Policy does not refresh

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This topic describes how Group Policy refresh rules affect processing and explains how to collect refresh information using the Group Policy Management Console.

Cause

Group Policy refresh refers to the retrieval of GPOs by a client. During Group Policy refresh, the client contacts an available domain controller. If any GPOs have changed, the domain controller provides a list of all the appropriate GPOs, regardless of whether their version numbers have actually changed.

Replication and Group Policy refresh are both instances of lag-time issues: the system is working properly, but changes have not yet appeared at the client.

By default, GPOs are processed by client side extensions (CSEs) at the computer only if the version number of at least one GPO has changed on the domain controller that the computer is accessing. You can use policy settings to change this behavior.

Some CSEs process unchanged GPOs if the user’s group membership has changed. At startup, Group Policy is refreshed, and computer settings are applied. Group Policy is refreshed and computer and user settings are applied in the following instances:

  • When a user logs on

  • When gpupdate is run at the client computer

  • At the refresh interval, if one is configured at that computer (by default, domain controllers are refreshed every five minutes, and all other computers are refreshed every 90 minutes, with a random factor of up plus or minus 30 minutes)

Solution

To see the last time the GPOs from the computer’s OU were processed, on the Group Policy Results report, under Computer Configuration Summary, and then under General, click the Summary tab.

To see the last time the GPOs from the user’s OU were processed, on the Group Policy Results report, under User Configuration Summary, and then under General, click the Summary tab.

To collect Group Policy refresh information from clients and store them at a central location, use GPMonitor.exe. For more information and to download GPMonitor.exe, see Windows Server 2003 Resource Kit Tools on the Microsoft Web site (https://go.microsoft.com/fwlink/?linkid=27766).

Note

Some types of settings can only be applied when a user logs on. These include Folder Redirection, Roaming Profiles, and Software Installation settings. If these settings are received when Group Policy is refreshed, the settings are evaluated, but they are not applied until the next time the user logs on. If the computer is running Windows XP and these settings first reach the computer during logon, they might not be applied until the next time the user logs on. For some extensions, it might take two or three logons for the settings to be applied.

A simple way to troubleshoot a suspected Group Policy refresh issue is to force the refresh by running gpupdate and either restarting the computer, or by logging off and logging on again. If Folder Redirection, roaming profiles, or Software Installation is involved and the computer is running Windows XP, run gpupdate, and then log off and log back on. You might need to log off and log back on more than once.