Need to run gpupdate on a remote computer without physically sitting at it? As a Windows administrator, pushing Group Policy updates to remote machines saves hours of work. This guide covers 3 reliable methods to run gpupdate remotely in 2026 — using PowerShell, GPMC, and PsExec.
Method 1: Invoke-GPUpdate via PowerShell (Recommended)
The Invoke-GPUpdate PowerShell cmdlet is the easiest and most powerful way to run gpupdate on remote computers. It requires Windows Server 2012 or later and WinRM enabled on target machines.
Update a Single Remote Computer
Invoke-GPUpdate -Computer "ComputerName" -RandomDelayInMinutes 0 -Force-Computer— name of the target computer-RandomDelayInMinutes 0— run immediately with no delay-Force— reapply all policies, not just changed ones
Update Only User or Computer Policies Remotely
# User policies only
Invoke-GPUpdate -Computer "ComputerName" -Target User -Force
# Computer policies only
Invoke-GPUpdate -Computer "ComputerName" -Target Computer -ForceUpdate All Computers in an OU via PowerShell
$computers = Get-ADComputer -Filter * -SearchBase "OU=Workstations,DC=yourdomain,DC=com"
foreach ($computer in $computers) {
Invoke-GPUpdate -Computer $computer.Name -RandomDelayInMinutes 0 -Force
Write-Host "Updated: $($computer.Name)"
}This script loops through every computer in a specified OU and forces a Group Policy update on each one.
Enable WinRM on Remote Computers First
If Invoke-GPUpdate fails, WinRM may not be enabled. Enable it remotely via GPO or run this on the target machine:
Enable-PSRemoting -ForceAlso verify firewall allows port 5985 (HTTP) or 5986 (HTTPS) for WinRM traffic.
Method 2: Group Policy Management Console (GPMC)
The GPMC gives you a graphical interface to push Group Policy updates to entire OUs at once — no scripting required.
- Open Group Policy Management Console (gpmc.msc)
- Expand your domain and navigate to the target OU
- Right-click the OU → select Group Policy Update
- A confirmation dialog shows how many computers will be updated
- Click Yes to confirm
- A results window shows success or failure per computer
Note: GPMC’s Group Policy Update only works on OUs containing computer objects, not user OUs.
Method 3: PsExec (For Non-WinRM Environments)
If WinRM is not available, PsExec from Microsoft Sysinternals lets you run gpupdate remotely via admin shares.
- Download PsExec from Microsoft Sysinternals
- Open Command Prompt as Administrator
- Run:
psexec \ComputerName -s gpupdate /forceThe -s flag runs the command as SYSTEM, ensuring full permissions for both computer and user policy updates.
Run on Multiple Computers with PsExec
psexec \PC1,PC2,PC3 -s gpupdate /forceHow to Verify Remote GPUpdate Worked
After pushing the remote update, verify policies applied on the remote machine:
# Run gpresult remotely
Invoke-Command -ComputerName "PCName" -ScriptBlock { gpresult /r }Or generate a remote HTML report:
Invoke-Command -ComputerName "PCName" -ScriptBlock { gpresult /h C:GPReport.html }Troubleshooting Remote GPUpdate Failures
| Problem | Cause | Fix |
|---|---|---|
| Invoke-GPUpdate fails | WinRM not enabled | Run Enable-PSRemoting -Force on remote PC |
| Access Denied | No admin rights on remote PC | Use domain admin account |
| PC not found | DNS/network issue | Ping the PC by name first; use IP if DNS fails |
| Firewall blocking | WinRM ports closed | Allow ports 5985/5986 in Windows Firewall |
Key Takeaways
- PowerShell
Invoke-GPUpdateis the best method for most environments - GPMC gives a GUI option for updating entire OUs at once
- PsExec works when WinRM is unavailable
- Always verify with
gpresult /rafter remote update - WinRM must be enabled on target computers for Invoke-GPUpdate to work
For more Windows administration guides, visit PGUpdate.in. Also see our full gpupdate /force command guide and how to update Windows apps via PowerShell.
Frequently Asked Questions
Can I run gpupdate on a remote computer without PowerShell?
Yes — use PsExec: psexec ComputerName -s gpupdate /force. Or use GPMC to push updates to an entire OU graphically.
Does Invoke-GPUpdate require admin rights?
Yes. You need administrative access on the remote computer and the account must be a Domain Admin or have delegated rights.
How do I run gpupdate on all computers in a domain?
Use PowerShell with Get-ADComputer to get all PCs, then loop through with Invoke-GPUpdate. See the script in Method 1 above.
What port does Invoke-GPUpdate use?
It uses WinRM over port 5985 (HTTP) or 5986 (HTTPS). Ensure these ports are open in Windows Firewall on the remote machine.
Can I schedule gpupdate to run automatically on remote computers?
Yes — use a GPO to configure the Group Policy refresh interval, or create a scheduled task via Group Policy that runs gpupdate at set intervals.
