Jay Paloma's Tech and Music Blog

Sometimes, this writer can no longer distinguish between the two.

Using WMI to Filter GPO’s based on Windows Version and Role

with 5 comments


I’ve encountered these scenarios repeatedly in the past couple of weeks that I have to write them down.

  • You want to implement a GPO setting for a product feature that occurs on two or more versions of the OS, however. However, the older version parameters do not work properly for the newer version, and vice versa (e.g., Bitlocker-related GPO settings that are Windows 7-specific, and do not work properly in Windows Vista)
  • You want to implement a GPO in a high-level OU hierarchy, or a Domain level, but these settings should only be enforced on a Windows Server 2008 R2 machines, not on any other versions

In these cases you need to use WMI filters in your GPO’s. My personal description of WMI filters is that they are conditions that you can enforce in your GPO’s so that they are applied to a targetted set of computers, based on what is reflected by parameters that can be extracted through Windows Management Instrumentation, or WMI.

To create a WMI filter, use Group Policy Management Console and go to WMI filters. Create a new WMI filter. In the Query portion type your WMI query. In this example, my WMI Query is all Windows Server 2008 R2 machines, whether they are Member Servers or Domain Controllers.

Then apply the WMI Query on your GPO.

An example of a WMI Filter for all Windows Server 2008 R2 machines, whether member servers or domain controllers:

select * from Win32_OperatingSystem where Version like “6.1%” and (ProductType = “2″ or ProductType = “3”)

Version options are as follows

  • Windows Server 2008 R2 or Windows 7 = 6.1%
  • Windows Server 2008 or Windows Vista = 6.0%
  • Windows Server 2003 = 5.2%
  • Windows XP = 5.1%
  • Windows 2000 = 5.0%

ProductType options are as follows:

  • Client: ProductType=”1″
  • Server: ProductType=”3″
  • Domain Controller: ProductType=”2″
Advertisements

Written by jpaloma

November 20, 2010 at 4:34 PM

5 Responses

Subscribe to comments with RSS.

  1. I like the valuable information you provide
    in your articles. I’ll bookmark your weblog and check again here regularly. I’m quite sure I’ll learn lots of new stuff right here! Best of luck for the next!

    guitar player

    November 3, 2012 at 4:13 AM

  2. […] Using WMI to Filter GPO’s based on Windows Version and Role […]

  3. Hi Jay,

    I just created a WMI filter from the query as shown below.

    SELECT * FROM Win32_ComputerSystem where Name = “SERV-04”

    The idea is that this filter must apply only for the server “SERV-04”.

    Then I configured this for my GPO as WMI filter, but not working as expected.

    Could you please tell me where the problem is?

    Thanks a lot for the wonderful info blog.

    Chennai MCSA MCSE

    Chennai MCSA MCSE

    September 1, 2013 at 6:05 PM

    • Thank you very much. I don’t have the reply to this right now, hopefully you managed to solve this. When you say “not working as expected” what do you mean? Nothing comes out, or everything in the OU comes out?

      jpaloma

      September 24, 2013 at 5:32 PM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: