I get this question a lot so I decided to write down everything I know about when Group Policies are updated when in use.
The short answer: GPOs are, by default, refreshed every 90 minutes plus a random period of 0-30 minutes – but only if the GPO has changed. However, settings under Security Settings (like File System) is only refreshed every 16 hours even though the GPO hasn’t changed.
More details: You can also control the GPO refresh interval for both users and computers by using – yes, you’ve guessed right – a GPO 🙂
User Configuration\Administrative Templates\System\Group Policy Group Policy refresh interval for users [more info]
Computer Configuration\Administrative Templates\System\Group Policy Group Policy refresh interval for computers [more info]
Screenshot:
If the GPO doesn’t update, it might be disabled in the GPO. Then the system waits until the current user logs off the system before updating the computer and user policies
Computer Configuration\Administrative Templates\System\Group Policy Disable background refresh of Group Policy [more info]
Domain Controllers are refreshed every 5 minutes and this can also be changed using a GPO:
Computer Configuration\Administrative Templates\System\Group Policy Group Policy refresh interval for domain controllers [more info]
Also, there are some other nice settings where these are that might be useful if you have some specific needs. For example, you might want to make sure GPOs are refreshed when the user is logged in but you might not want to background processing and refresh of specific GPOs (like some Internet Explorer settings) like below. Or you might want different settings if the computer is wired or wireless. There are many possibilities and I’m sure you can test them out in your lab. Feel free to comment on your experiences and scenarios where you have changed these settings.