WMI filtering GPO for applying

R

RJ

Hi

All PCs in our company are called PC00000 - PC99999 and laptop
LAP00000-LAP99999

I see there is an option for WMI filtering, so I assume I can have a
global group policy applied to all PCs, and then one filtered by
computer name for the laptops.

HTF to I write a WMI filter by computername!?!!?!?

From my books its something like:-

Root\CimV2;select * from win32_ComputerSystem where computer.name like
"%LAP%"

!? How warm am I?
 
M

MadDHatteR

I'm not sure about GPOs, but the WMI query
select * from Win32_ComputerSystem where Name = 'blah'
works fine on my Win2k Pro box.

\\ MadDHatteR
 
R

Ryan Rinehart

And it should. The problem here is that Win2k can't see the WMI
filters(new feature for 2003 server). So policies with WMI filters will be
applied to 2k boxes wether they meet the WMI filter criteria or not... It
seems the best use is for checking the amount of disk space or memory etc
before applying a software policy. There are probably some other good
applications of the new WMI filters, can someone from MS give us some
creative suggestions?


-Ryan
 
M

MadDHatteR

Ryan - thanks for the explanation - I hadn't yet heard of that feature of
2003. Sounds very cool.

I obviously don't know, but it sounds like the following would be possible:
You could install color profiles based on printers installed (assuming the
WMI filters work on a per-user basis). You can check
OS/hotfixes/memory/installed software/almost anything you want. You could
apply policies (change IPsec policy) on the basis of whether a given service
was running (IIS, for example).

\\ MadDHatteR
 
R

RJ

So are you saying if I apply the filter to all PCs begining with "LAP"
- then this "laptop" policy will only apply to XP "laptop" clients,
and all w2k machines that are on the network too...?

erm........ we've only got 3 w2k so that may not be the end of the
world as the laptop policy only has "offline files enabled" unlike the
desktops - so we could live with it.

But clarification from anyone who has tried such a thing would be
great!
 
R

Ryan Rinehart

Yes, the policy will apply to all 2000 clients that are in the OU or a
child OU where the policy is applied (depending on options specified). It
works just the same as a normal GPO except that XP clients see if your
filter evaluates "True" or not. If it does evaluate "True" the GPO is
applied, if it evalutates "False" then the policy is not applied. Since
2000 clients do not see the filter, they always apply the policy unless you
use GPO filtering via security groups to restrict 2000 clients from seeing
the GPO.

Ryan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WMI Filtering and GPO's 1
WMI Filter for OUs 0
WMI Issue? 1
OU's and GPO vs. WMI Filtering 1
"Access denied." for (WMI) wmiprvse.exe -Embedding, on LINQ installation 0
WMI filtering for GPO Firewall settings 0
Win2k3 AD OU/GPO Design Discussion 1
Huge WMI / DCOM / Security problem.. 1

Top