Group policies update/refresh without gpupdate.exe

  • Context

I was testing group policies, adding, removing them and using gpupdate.exe to apply changes. I messed with the Applocker gpo and set the PC in an unstable state.

I still had my PowerShell console opened but couldn’t use gpupdate.exe anymore. The Start menu wasn’t working anymore… šŸ˜¦

Here’s what it looks like:

Usually, I’d just restart the computer and the transient state is cleared: either Applocker would work normally or would be disabled.

In this case, I couldn’t restart the computer because of Bitlocker. I was remote and the next time the laptop restarts it’d ask for a PIN. I couldn’t also suspend bitlocker for the next restart or simply disable it. Bad situation actually for Bitlocker, no UI, no cmdlet, no manage-bde.exe… (maybe I could have tried WMI/CIM).

  • Question: how would you refresh group policies when you cannot use gpupdate.exe
  • Solution:

I can still type some PowerShell in the opened console but bitlocker cmdlets don’t work.

It appears that there are 2 super hidden scheduled tasks responsible for refreshing group policies in the background.

Yes, super hidden because you cannot see them in the UI as an administrator even though you’ve enabled the “show hidden tasks” option:

Fortunately, the cmdlets of the ScheduledTasks module can interact with these super hidden tasks šŸ™‚

Answer:

 Get-ScheduledTask -TaskPath '\Microsoft\Windows\GroupPolicy\' |
Where-Object { $_.Actions.Arguments -match 'computer' } |
Start-ScheduledTask
  • Conclusion

The above one-line code allowed me to run gpupdate.exe and saved me from having to restart the computer. Happy days šŸ˜Ž

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.