This option has no effect if there are no extensions called that require a logoff.
Causes a reboot after the Group Policy settings are refreshed, which is required for those Group Policy client-side extensions that do not process policy on a background refresh cycle but do process policy at computer startup.
Foreground policy applications occur at computer boot and user logon.
You can specify this for the user, computer or both using the /Target parameter.
Performing a GPUPDATE *MIGHT* make the policy settings applied if the Kerberos token on the computer/user has updated since the last Group Policy Update.
One of the recommendations I always give people who ask my opinion on updating to new versions of Windows is that if you do upgrade or deploy new servers to always do your Active Directory Domain Controllers first.
Even trying to force a GPUPDATE still does not trigger the change but then the next day the policy has applied as expected. This is a situation that is commonly caused if you are using security group filtering for applying policy settings.
The problem is that the Group Policy object you have applied to the user or computer requires security group membership to evaluate that it can apply to that computer.
This works all version of windows starting with Windows 2008 and Windows 7 and above from a Windows 2012 or Windows 8 host with the latest Remote Administration Tools.
If you are like me you probably had a bash script with Ps Exec from Sysinternals, a Power Shell script that created a process with WMI or use Invoke-Command with Power Shell remoting.
We will need to enable the following firewall rules: Thankfully for this Windows 2012 and Windows 2012 R2 come with a started GPO to server as a base for the configuration.
To configure the Windows Firewall we start first by creating all the Starter GPOs from the Group Policy Management console expanding the domain, selecting Starters GPOs and clicking on Create Starter GPOs Folder.
By updating the DCs first one can start implementing stronger authentication as clients are migrated and also start implementing policies that address the new versions of Windows as they start joining the domain.