One of the feature I like on Windows 2012 and Windows 2012 R2 is the starter GPO for allowing the Power Shell cmdlet Invoke-GPUpdate to remotely schedule so as to update GPO settings at a time of our choosing.

updating group policy immediately-23

To configure the Windows Firewall we start first by creating all the Starter GPOs from the Group Policy Management console expanding the domain, selecting Starters GPOs and clicking on Create Starter GPOs Folder.

Once create we can use Power Shell to create a new GPO based on the Group Policy Remote Update Firewall Ports starter GPO and link the GPO to the OU or domain we want to apply this rule to.

For technical information, type: "get-help Invoke-GPUpdate -full".

For online help, type: "get-help Invoke-GPUpdate -online" There are other parameters to specify the target to update (Computer or User) and to also loggoff users or reboot the machine.

To avoid putting a load on the network, the refresh times will be offset by a random delay. linkid=287723 REMARKS To see the examples, type: "get-help Invoke-GPUpdate -examples".

For more information, type: "get-help Invoke-GPUpdate -detailed".

GPMC allows you to update the GPO settings on multiple computers, but there are a few disadvantages associated with this approach.

First, GPMC will process GPO updates on all the computers in the selected organizational unit.

If you are like me you probably had a bash script with Ps Exec from Sysinternals, a Power Shell script that created a process with WMI or use Invoke-Command with Power Shell remoting.