1 00:00:03,070 --> 00:00:08,290 So I want to round out this chapter by talking about a utility or capability, but I showed briefly 2 00:00:08,290 --> 00:00:12,670 in the previous demo, and that's the ability to trigger manual processing. 3 00:00:13,540 --> 00:00:19,810 So outside of our normal foreground and background processing, you can actually force a manual processing 4 00:00:19,810 --> 00:00:20,920 cycle to occur. 5 00:00:21,820 --> 00:00:27,400 Now remember, way back in the first module, I talked about the fact that group policy is always pulled, 6 00:00:27,400 --> 00:00:29,170 is always pulled by the client. 7 00:00:30,070 --> 00:00:33,730 And this manual processing doesn't really change that equation. 8 00:00:34,600 --> 00:00:36,310 It's still applied by the client. 9 00:00:36,520 --> 00:00:41,890 But essentially what you're doing with this manual triggering of processing is you're telling the client 10 00:00:41,890 --> 00:00:43,570 to manually pull at that point. 11 00:00:44,440 --> 00:00:46,690 And there's really three ways to do this. 12 00:00:47,620 --> 00:00:53,110 There's the pop data XY command line utility that ships with pretty much all versions of Windows. 13 00:00:54,010 --> 00:01:00,670 There's the Invoke Update PowerShell complete that was delivered in Windows eight as part of the group 14 00:01:00,670 --> 00:01:02,350 policy PowerShell module. 15 00:01:03,280 --> 00:01:08,770 I'm not really going to go in depth on that in this module because I have a whole module later on dedicated 16 00:01:08,770 --> 00:01:10,480 to group policy and PowerShell. 17 00:01:11,350 --> 00:01:16,930 But for right now suffice to say that that invoke update can take can basically do the same thing as 18 00:01:16,930 --> 00:01:19,060 the update command line utility. 19 00:01:19,940 --> 00:01:26,600 And then finally added in server 2012 and 2012 were two and Windows eight X is the ability to do a kind 20 00:01:26,600 --> 00:01:29,490 of g UI based update from PMC. 21 00:01:30,440 --> 00:01:35,360 So this is the kind of a screenshot of the update command and you'll see there's a number of command 22 00:01:35,360 --> 00:01:36,800 line switches you can use. 23 00:01:37,700 --> 00:01:43,400 You can either target specifically computer or user policy updating, so you don't have to do both. 24 00:01:44,350 --> 00:01:51,430 The default is if I just type updated will do a normal update manual processing of both computer and 25 00:01:51,430 --> 00:01:52,720 user side policy. 26 00:01:53,620 --> 00:01:55,420 So there's a few other options here. 27 00:01:55,480 --> 00:01:57,370 I'm not going to go into all of them. 28 00:01:58,240 --> 00:01:59,650 You can read the descriptions. 29 00:01:59,770 --> 00:02:06,160 But the one that's probably most interesting and most often used is pup date slash force and pup date 30 00:02:06,160 --> 00:02:06,850 slash force. 31 00:02:06,850 --> 00:02:11,890 His job in life is to essentially ignore the rule that says don't do any processing. 32 00:02:11,890 --> 00:02:17,530 If nothing has changed and it goes ahead and acts as if everything has changed, enforces all of the 33 00:02:17,530 --> 00:02:22,780 client side extensions to reprocess all of the policies that apply to the computer of the user at that 34 00:02:22,780 --> 00:02:23,230 time. 35 00:02:24,070 --> 00:02:29,050 So it's a good sort of catch all command to issue if you're not getting the policy that you expect to 36 00:02:29,050 --> 00:02:33,700 see and you think it might be related to the fact that the computer or the user hasn't yet received 37 00:02:33,700 --> 00:02:34,540 that policy. 38 00:02:35,440 --> 00:02:39,070 So a little bit more about the switches and some of the common switches. 39 00:02:40,030 --> 00:02:46,210 So again, pup date, no command line switches performs a normal background refresh of processing for 40 00:02:46,210 --> 00:02:47,350 computer and user. 41 00:02:48,250 --> 00:02:53,530 Pop date slash force performs a full update, ignoring whether GPOs have changed. 42 00:02:54,400 --> 00:02:59,950 And as an example, if you wanted to just target, for example, all the user side of policy on user 43 00:02:59,950 --> 00:03:05,080 configuration of policy for the currently logged on user, you could just perform a normal background 44 00:03:05,080 --> 00:03:07,480 refresh using the slash target user. 45 00:03:08,380 --> 00:03:13,150 Or if you wanted to target the computer, you could just say slash target computer. 46 00:03:14,040 --> 00:03:18,120 Again, this is done at the client that you want to refresh policy on. 47 00:03:18,990 --> 00:03:21,690 It can't be run cannot be run remotely. 48 00:03:22,610 --> 00:03:25,650 I'll talk about how you can do that with the GMC. 49 00:03:26,540 --> 00:03:29,570 But essentially, this is a local command only. 50 00:03:30,440 --> 00:03:36,440 Now, I did talk about AMC having this new feature in Windows eight and Server 2012. 51 00:03:37,310 --> 00:03:43,400 And that's the ability to do a UI based update, slash force on an o u so you can actually target all 52 00:03:43,400 --> 00:03:46,820 the computers in an O you to do group policy refreshes on them. 53 00:03:47,660 --> 00:03:50,600 And this screenshot kind of shows you what that looks like. 54 00:03:51,490 --> 00:03:56,260 I've chosen the marketing for you in this case, and it's telling me that it's going to go out and detect 55 00:03:56,260 --> 00:04:02,860 all of the computers in the marketing or you and any subclass underneath it, and essentially do a update 56 00:04:02,860 --> 00:04:05,170 slash force on those computers remotely. 57 00:04:06,100 --> 00:04:10,900 So this does require some access to the remote computers, administrative access. 58 00:04:11,830 --> 00:04:18,250 It requires the ability to access the remote computer via WMI because that's the underlying protocol 59 00:04:18,250 --> 00:04:19,570 that it's using to do this. 60 00:04:20,470 --> 00:04:24,970 So there is some firewall holes you may need to poke into your client machine that you're trying to 61 00:04:24,970 --> 00:04:26,340 update to get this to work. 62 00:04:27,210 --> 00:04:32,640 But essentially it's giving you that ability to kind of remotely say, go get all of the policy that 63 00:04:32,640 --> 00:04:33,390 you need to get.