group policy wmi filter...



I am adding a site based group policy for SUS since we are implementing SUS on a location basis

I do not have any OUs at the moment, but I want to achieve something in particular with regard t
SUS: I do not want any server class machines to be updated by the group policy (since they are handled by separate patch management software)

My idea is to apply a WMI filter to the group policy with the following WQL filter

"SELECT * from Win32_ComputerSystem WHERE DomainRole < 2

Since the Win32_ComputerSystem.DomainRole attribute is defined as follows

0,1 = Workstation type
2,3,4,5 = Standalone server, member server, PDC, BD

Here's my problem

What will the return result from the WMI query if the machine it is evaluated on does no
have WMI running or installed ? Say, a server with WMI service turned off -- is that going t
return a value less than 2 to the query ? And as a result, apply the group policy ?


Have you considered just adding the servers to a security group, and then setting Deny for Read and Apply Group Policy in the security of the group policy object you are configuring?

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question