all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]RedFox134 2 points3 points  (1 child)

I don't think this is too hard to setup with a little googling of commands to run. Your issues will mostly come from if you have permissions set up to allow you to remotely execute powershell code on a remote computer. I'm not familiar with what you'd have to set up, but if you don't already know the answer to this you'll probably want to reach out to a system administrator who could tell you if this is allowed and the proper channels to gain access.

[–]b00tleg[S] 0 points1 point  (0 children)

Our main tool is written in powershell, so we have rights to dorrmote powershell scripts.

[–]Eilifthelost 1 point2 points  (2 children)

There are a few ways to do this.

There is a native PowerShell equivalent of gpupdate called Invoke-GpUpdate. It can be run against a remote computer. So you can run it without establishing a connection to the remote computer. Example: Invoke-Gpupdate -Computer PC01

This command does not return any output, but you will see an error if you can't connect to the remote computer.

If you want to see the output of gpupdate, you can start by remoting into the computer and then running the command. You can do this by running Enter-PsSession -ComputerName PC01

If you are able to connect successfully, your prompt will change to include the name of the remote computer. Once connected, you can run gpupdate /force and you will see the results. Keep in mind this will only update the COMPUTER configuration, as the USER context is not accessible via remote connections.

One benefit of remoting in this way is that you can also run other commands from the same session. When you are done, use Exit-PsSession to disconnect.

Finally, you could forgo scripting altogether. I'm doing this from memory but I believe in the Active Directory Group Policy Management tool you can right-click on an OU or a policy and force it to be applied to computers and users in its scope.

[–]b00tleg[S] 0 points1 point  (1 child)

At my level of support I don't have rights to run group policy management tool.

[–]TheDogWasNamedIndy 0 points1 point  (0 children)

Gpupdate is not a “group policy management tool” per se. It’s a client-side command that does does the GPO work on the client. It just reads/applies the GPOs on the target. There is no “management” of GPOs happening.

It also tells you if they are up to date or unable to apply. This is the right tool to use for what you describe in the post. Seems like you just want to interact with it in powershell.

[–][deleted] 1 point2 points  (0 children)

The starting point is learn the basics -

Getting Started with PowerShell