На одном из компьютеров перестали применяться новые параметры групповых политик. Для диагностики я вручную обновил параметров GPO с помощью команды
gpupdate /force
и увидел такую ошибку в консоли:
Не удалось успешно обновить политику компьютера. Обнаружены следующие ошибки: Ошибка при обработке групповой политики. Windows не удалось применить основанные на данных реестра параметры политики для объекта групповой политики "LocalGPO". Параметры групповой политики не могут быть применены, пока не будет исправлена эта ситуация. Сведения об имени и пути файла, вызвавшего эту ошибку, содержатся в подробностях об этом событии.
Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
При этом в журнале System появляется событие с EvetID 1096 с тем же описанием (The processing of Group Policy failed):
Log Name: System Source: Microsoft-Windows-GroupPolicy Event ID: 1096 Level: Error User: SYSTEM
Если попробовать выполнить диагностику применения GPO с помощью команды gpresult (
gpresult.exe /h c:\tempt\gpresultreport.html
), видно что не применяется только настройки из раздела Group Policy Registry —
Failed
:
Registry failed due to the following error listed below. Additional information may have been logged. Review the Policy Events tab in the console or the application event log.
Получается, что к компьютеру не применяются только GPO с настройками клиентских расширений групповых политик CSE (client-side extension), которые отвечают за управление ключами реестра через GPO.
Расширение Registry client-side не смогло прочитать файл registry.pol. Скорее всего файл это поврежден (рекомендуем проверить файловую систему на ошибки с помощью chkdsk). Чтобы пересоздать этот файл, перейдите в каталог c:\Windows\System32\GroupPolicy\Machine и переименуйте его в registry.bak.
Можно переименовать файл из командой строки:
cd "C:\Windows\System32\GroupPolicy\Machine"
ren registry.pol registry.bak
Обновите настройки групповых политик командой:
gpupdate /force
Windows должна пересоздать файл registry.pol (настройки локальных GPO будут сброшены) и успешно применить все настройки GPO.
Если в журнале вы видите событие Event ID 1096 (
The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LDAP://
) c ErrorCode 13 и описанием “
The data is invalid
”, значит проблема связана с доменной GPO, указанной в ошибке.
Скопируйте GUID политики и найдите имя GPO с помощь команды PowerShell:
Get-GPO -Guid 19022B70-0025-470E-BE99-8348E6E606C7
- Запустите консоль управления доменными GPO (gpmc.msc) и проверьте, что политика существует;
- Проверьте, что в каталоге SYSVOL политики есть файлы registry.pol и gpt.ini и они доступны на чтение (проверьте NTFS права);
- Проверьте, что версия политики на разных контроллерах домена одинакова (проверьте корректность работы домена и репликации в AD);
- Удалите файлы GPO в SYSVOL на контроллере домена, с которого получает политику клиент (
$env:LOGONSERVER
), и дождитесь ее репликации с соседнего DC - Если предыдущие способы не помогут, пересоздайте GPO или восстановите ее из бэкапа.
-
Home
-
News
- gpupdate /force Is Not Working: How to Fix It?
gpupdate /force Is Not Working: How to Fix It?
By Stella | Follow |
Last Updated
When you run gpupdate /force in Command Prompt to force update all Group Policy settings, you may discover that it is not working or stuck forever, or you may find gpupdate /force failed to apply the settings. You should not worry about this issue. You can try the methods introduced in this MiniTool post to fix the issue.
gpupdate /force is a command line that is used to force a background update of all Group Policy settings, regardless of whether they’ve changed. It is easy to use this command to update all Group Policy settings. After you run Command Prompt as administrator, you can directly type gpupdate /force into Command Prompt and press Enter to run this command.
>> Click here to find more information about gpupdate.
What to Do if gpupdate /force Is Not Working or Failed or Stuck?
When you try to run the gpupdate /force, you may encounter different kinds of problems. For example:
- gpupdate /force is not working.
- gpupdate /force is stuck.
- gpupdate /force is not completing.
- gpupdate /force failed to apply the settings.
At the same time, you may see an error message like:
- Computer policy could not be updated successfully.
- User policy could not be updated successfully.
These issues can happen due to the following reasons:
- No GPOs are applied.
- The Registry entry is missing or not correct.
- Your system is infected by virus or malware.
- Your user profile is corrupt.
- Your computer is not connected to the domain.
- The current user account does not have sufficient privileges to run the command.
We will introduce useful solutions to fix gpupdate /force stuck or not working.
Fix 1: Delete the registry.pol file
Step 1: Press Windows + E to open File Explorer.
Step 2: Go to this path: C:\Windows\System32\GroupPolicy\Machine.
Step 3: Find Registry.pol, right-click it, and select Delete.
Step 4: Restart your computer.
After these steps, you can run gpupdate /force in Command Prompt again and see if the command can run successfully.
Fix 2: Run DISM and SFC Scans
Step 1: Press Windows + S to open the search box.
Step 2: Type cmd into the search box, then right-click Command Prompt and select Run as administrator.
Step 3: Type DISM /Online /Cleanup-Image /RestoreHealth into Command Prompt and press Enter.
Step 4: Type sfc /scannow into Command Prompt and press Enter.
Step 5: Close Command Prompt and restart your computer.
After these steps, you can run gpupdate /force in Command Prompt again and see if the command can run successfully.
Fix 3: Restart Group Policy Client
Step 1: Press Windows + R to open the Run dialog.
Step 2: Type services.msc into the Run dialog and press Enter to open Services.
Step 3: Scroll down to find Group Policy Client, right-click it, and select Properties.
Step 4: Select Automatic for Startup type.
Step 5: Click Apply.
Step 6: Click OK.
Fix 4: Create a New User Profile
If the user account you use doesn’t have the privilege to run gpupdate /force in Command Prompt as administrator, you can create a new user profile. Then, you need to assign administrative privileges to the newly created user profile.
Fix 5: Reset Group Policy
Step 1: Use the method mentioned in Fix 2 to run Command Prompt as administrator.
Step 2: Run the following commands one by one:
- RD /S /Q “%WinDir%\System32\GroupPolicyUsers” && RD /S /Q
- “%WinDir%\System32\GroupPolicy”
- gpupdate /force
Step 3: Restart your computer.
Bottom Line
Those are the methods to fix gpupdate /force is not working, gpupdate /force stuck, gpupdate /force is not completing, or gpupdate /force failed to apply the settings. We hope you can find a proper method to help you solve the problem. Should you have other related issues that need to be fixed, you can let us know in the comments.
About The Author
Position: Columnist
Stella has been working in MiniTool Software as an English Editor for more than 8 years. Her articles mainly cover the fields of data recovery including storage media data recovery, phone data recovery, and photo recovery, videos download, partition management, and video & audio format conversions.
Many times we configure Group Policy and need to reboot the machine to make changes effective. In some cases, we only need to update the Group Policy and the changes are applied then. To update Group Policy engine, we need to run gpupdate /force command. This should update the Group Policy engine and thus settings are applied, without reboot or sign-out from user side.
However, sometimes you may find that the Group Policy is stuck on Updating policy screen and never proceeds. In this way, the changes you’ve made no longer reflects immediately, as the Group Policy hangs on updating the engine.
This might be the issue occurring, if the background refresh on the Group Policy is disabled. You can follow the below mentioned steps to fix this problem.
FIX: Group Policy Update Hangs In Windows 10
FYI: GPO snap-in is not available in Windows 10 Home editions. If you’re on Windows 10 Home and want to use Group Policy, go here and upgrade to Pro edition.
1. Press + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.
2. Next, in the GPO snap-in window, navigate here:
Computer Configuration > Administrative Templates > System > Group Policy
3. In the right pane of above shown window, look for the Turn off background refresh of Group Policy setting.
The policy explanation says, “This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers“.
If this setting is set to Enabled, this is the root cause for this issue. Double click on it and set the policy status to Disabled. Click Apply followed by OK.
You can now close the Group Policy snap-in and check if you can update Group Policy engine now, using gpupdate /force command. This time the update should work as expected.
Hope this helps!
RELATED ARTICLES
Добрый день.
Имеется проблема с применением ГП на некоторых компьютерах.
При вводе gpupdate /force —
Не удалось успешно обновить политику компьютера. Обнаружены следующие ошибки:
Ошибка при обработке групповой политики. Попытка чтения файла «\\Имя_домени\SysVol\Имя_домени\Policies\{53733511-0850-4424-B6A4-50A4FCE279D2}\gpt.ini» с контроллера домена была неудачной. Параметры групповой политики не могут быть применены, пока не будет исправлена эта ситуация. Это может быть временным явлением, его возможные причины:
a) Ошибка разрешения имен или проблемы сетевого подключения к текущему контроллеру домена.
b) Запаздывание репликации Active Directory (созданный на другом контроллере домена файл еще не реплицирован на текущий контроллер домена).
c) Отключен клиент распределенной файловой системы (DFS).
Чтобы диагностировать сбой, просмотрите журнал событий или запустите GPRESULT /H GPReport.html из командной строки для просмотра сведений о результатах групповой политики.
GPRESULT /H GPReport.html — делал, результате скриншоте
Этот политика в другом компьютере работает.
Уважаемые, подскажите какую сторону копать?
Group Policies in Windows control the computer’s environment by implementing policies configured by administrators. Normally used within enterprises on devices connected with a domain, these policies control how a system will behave, what will be allowed, and what will be restricted.
Group Policy Objects (GPOs) are a set of policies governed by a Domain Controller. However, in case your computer is not connected to a domain, it can still be managed through the Group Policy Editor (Run >> gpedit.msc).
If you or our administrator have recently made changes to the policies, then you can run the following cmdlet in Command Prompt to implement those changes without having to restart the computer:
GPUpdate /ForceThis cmdlet fetches fresh policies from the server and applies them to your PC. However, we have found users have trouble implementing the policies and can often encounter an error.
If you find yourself in a similar situation, then this is where you’ll find all the possible solutions to the problem.
Table of Contents
Why GPUpdate /Force isn’t Working
Sometimes you may encounter either one of the following (or similar) errors while running the “GPUpdate /Force” cmdlet:
User policy update failed. Computer policy could not be updated successfully.
At other times, you may find that the command has been executed successfully, but no changes have been made from the implemented policies.
This can happen due to multiple reasons:
- Windows Registries have been corrupted.
- Insufficient privileges to run the command.
- Due to malware.
- The computer is not connected to the domain.
- The user profile is corrupted.
For whatever reason, the following given solutions should mitigate the issue, after which you can try rerunning the “GPUpdate /Force” cmdlet.
Fix GPUpdate /Force Not Working
Restart the Computer
If running the “GPUpdate /Force” cmdlet is not throwing any errors inside the Command Prompt and is running successfully, then it probably means that there aren’t any significant corruptions inside the system.
In this case, restart your computer so it can fetch new policy settings from the server. This usually resolves the issue.
Use an Administrator Account
There are 2 types of user accounts in a Windows computer; a standard user and an administrative user account. If the PC is joined to a domain, then you will also get a third account type, which is a domain administrator. This last account type is different from the local administrator account.
If you are an administrator, then we suggest that you try running the “GPUpdate /Force” command from the domain administrator account. If you are a regular user, then try running the account from the local administrator account.
Learn how to change account types in Windows.
Fix Corrupted Files with DISM and SFC
Deployment Image Servicing and Management (DISM) and System File Checker (SFC) are built-in tools in Windows that can scan and repair system files. Use the following steps to run the DISM and SFC scans in an attempt to repair any corrupted system files that may be affecting the Group Policies:
-
Launch an elevated Command Prompt.
-
Execute the following commands one after the other:
DISM.exe /Online /Cleanup-image /Checkhealth DISM.exe /Online /Cleanup-image /Scanhealth DISM.exe /Online /Cleanup-image /Restorehealth -
Then run the SFC scan using this cmdlet:
SFC /ScanNow
Execute DISM and SFC cmdlets to repair system files
Once the scans have run successfully, check to see if the problem has gone away. If it persists, we recommend that you continue to perform the solutions given below.
Restart Group Policy Service
The Windows “Group Policy Client” service is responsible for applying the policies implemented by the administrators. It is possible that the service isn’t functioning as it should, and needs a restart.
However, upon attempting to restart the service, you will find that the options are greyed out, and you encounter an “Access is denied” error in the Command Prompt.
This happens because the Group Policy Client service can only be managed by the System account. Therefore, you will need to use the psexec.exe tool from SysInternals to restart the service.
Follow these steps to learn how to restart the “Group Policy Client” service (or any other greyed-out service):
-
Download Sysinternals Suite.
Download Sysinternals Suite -
Extract the downloaded compressed file.
-
Open an elevated Command Prompt and change the directory to the extracted Sysinternals Suite folder.
CD /d [PathToSysinternalsSuiteFolder]
Change the directory to Sysinternals Suite -
Run the following cmdlet to run the Command Prompt from the System account:
psexec.exe -s -i cmd.exe
Run CMD from System account -
If prompted for an agreement, click Agree.
Agree to license terms -
In the new Command Prompt window, run the following cmdlet to stop the “Group Policy Client” service:
Net Stop gpsvc
Stop Group Policy Client service -
Now run this cmdlet to restart it:
Net Start gpsvc
Restart Group Policy Client service
Once the Group Policy Client service restarts, check to see if the new policies have been implemented, or whether the “GPUpdate /Force” cmdlet now has any effect.
Rename the Group Policy “Machine” Folder
A subdirectory on your local computer stores the Group Policy files applied to your PC, which may have been corrupted that caused the error in the first place. This is the “Machine” folder, which can be found at the following path:
C:\Windows\System32\GroupPolicy\Machine
You can simply rename this folder and allow a new folder to be created so that fresh files are created.
Follow these steps to successfully rename the “Machine” folder:
-
Navigate to the following using File Explorer:
C:\Windows\System32\GroupPolicy
-
Right-click the “Machine” folder and click Rename.
Rename the folder -
Change its name to “Machine.old”.
Rename Machine folder to Machine.old -
Restart the computer and then try rerunning the “GPUpdate /Force” cmdlet.
Reset Group Policy
If the solution above did not work for you, then the issue might be with the Group Policy configurations. Reset all Group Policy settings and bring them to their default settings by performing these steps:
-
Launch an elevated Command Prompt.
-
Run the following commands one after the other to reset the Group Policy:
RD /S /Q "%WinDir%\System32\GroupPolicy" RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
Reset all Group Policies -
Rerun the following cmdlet to check if the issue has been resolved:
GPUpdate /Force
Run GPUpdate /Force
Recreate the Registry.pol File
The “registry.pol” file exists inside the “Machine” folder which we had discussed earlier. It stores the Group Policies for your computer. If this file is corrupted or missing, then any policies pushed to your PC will have no effect.
Follow the steps below to get rid of the existing file and create a new one:
Note: Before proceeding, we recommend that you create a system restore point so that you can revert to your old settings in case things don’t go as planned.
You can also use our top selection of disk imaging and backup software so you never lose your data or operating system again.
-
Navigate to the following using File Explorer:
C:\Windows\System32\GroupPolicy\Machine
-
Select “registry.pol” and press Shift + Delete to delete the file permanently.
-
Now run the following cmdlet in an elevated Command Prompt to recreate the registry.pol file:
GPUpdate /Force
Closing Thoughts
If you implemented all of the given solutions in this post, then your issue should have been resolved by now.
That said, it is always recommended that you execute the “GPUpdate /Force” cmdlet using an administrative account and inside an elevated Command Prompt so you do not face any privilege issues.