I’ve recently come across some PC’s failing to apply Group Policy updates when running GPupdate /Force giving the following error message
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
When checking the Group Policy Results Report as mentioned, there doesn’t appear to be any issues or indication to what is causing the machine to not receive Group Policy Updates.
To investigate further, open up the the event logs (eventvwr.msc) on the affected machine and navigate to Windows Logs > System and look for the group policy error Event ID 1096
Under the general tab you’ll see the same message as above when you run GPUpdate, however on the details tab you get a bit more information, albeit not very helpful but does point us in the direction of the Registry.pol file.
I am yet to find the cause of this issue as its only affecting certain machines however the fix is fairly straight forward.
Navigate to the following path on the target PC
C:\Windows\System32\GroupPolicy\Machine
Note: you may need to enable hidden folders by clicking View Tab > Check Hidden Folders
You should see a Registry.Pol File and chances are its not recently been updated.
You can now delete or rename this file, I’ve opted to rename it to Registry.pol.BAK
Once deleted or renamed, run GPupdate again and the computer should now successfully apply all Group Policies
gpupdate /force
Automate This
If this is happening on more machines than one, you can automate this process by creating a simple batch script with the following contents and deploying to the affected devices. Note: it will need to be run as admin to work.
Auto Escalates to admin
@echo off
call :isAdmin
if %errorlevel% == 0 (
goto :run
) else (
echo Requesting administrative privileges...
goto :UACPrompt
)
exit /b
:isAdmin
fsutil dirty query %systemdrive% >nul
exit /b
:run
cd "C:\Windows\System32\GroupPolicy\Machine"
ren registry.pol registry.pol.BAK
gpupdate /force /boot
exit /b
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %~1", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B`
Run as Admin Manually
@echo off
cd "C:\Windows\System32\GroupPolicy\Machine"
ren registry.pol registry.pol.BAK
gpupdate /force /boot
#EdTech Network Manager, experienced in Microsoft 365, Server 2019, Intune, SCCM and anything inbetween.