If we do not have such a system on the network, we must try to be creative - because the alternative is to log on to all computers using tools like Remote Assistance, or sending an email to all users, to execute the Gpupdate command... Before we get into more detail I just have to mention one common issue people have when trying to implement the methods mentioned in this article.
Firewall trouble: Like with any other communication that is initiated from the network, packets that try to update policy settings on remote computers' will fail if the remote computers local firewall (like the one built in to Windows operating system from Windows XP Service Pack 2 and up) is not configured to allow such incoming traffic (from a given subnet, IP or whatever).
The load on Domain Controllers and the network would simply be too much to handle in most environments.But, if a very important security setting at some point needs to be pushed to a large number of clients “right away”, it’s nice to be prepared for such a situation.The built in Windows firewall must be configured to allow the incoming traffic we want by using a Group Policy Object (GPO), so ironically, such a policy is the only one we definitely cannot force to firewall-enabled remote computers.The policy settings that need to be enabled for all the mentioned methods in this article, is the following: Other firewall devices between the central computer and the remote computers must be configured to comply with the above setting (see Help text on the mentioned policy in GPEDIT. Administrator rights: The user that initiates the processes on the remote computers must be a local administrator on those machines – or else it’s simply not going to work as expected.
Most administrators know the problem of forcing Group Policy (GP) processing on remote computers.
After configuring an important policy of some kind, we would sometimes like GP processing to occur immediately on client computers.