Group Policy WMI Filter Examples

During one of my demos in the "Understanding Group Policy Part 3" session I showed a text file that contained some examples of WMI Filters.  I said if anyone was interested in getting the info to email me.  Imagine my surprise that within 10 mins I was deluged with requests!!! 


To make things simple I have listed the contentof the text file in this post. 


If you need further information on filtering GPOs with WMI filters check:




WMI Filter Examples

Hardware inventory-based filtering

Goal: Deploy a new connection manager, but not on desktops without modems:

Root\CimV2;Select * from Win32_POTSModem


Resource-based filtering

Goal: Deploy software to machines that have at least 600 MG disk space available:

Root\CimV2; Select * from Win32_LogicalDisk where FreeSpace > 629145600


Machine-based filtering

Goal: Encrypt all My Documents folders on laptops used by the company:

Root\CimV2; Select * from Win32_ComputerSystem where manufacturer = "Toshiba" and Model = "Tecra 800" OR Model = "Tecra 810"


Asset tag-based filtering

Goal: Set a hardware inventory monitoring policy for all computers assigned the enterprise's asset tags with numbers between 300,000 and 355555:

Root\Cimv2 ; Select * from Win32_SystemEnclosure where SMBIOSAssetTag > '300000' AND SMBIOSAssetTag < '355555'


Hardware configuration-based filtering

Goal: Target a policy for all computers that have a network adapter on interrupt number 11:

Root\cimv2; Associators of {win32_IRQResource.IRQNumber=11} where resultclass = Win32_NetworkAdapter


Configuration-based filtering

Goal: Turn on NetMon on computers that have multicasting turned on:

Select * from Win32_NetworkProtocol where SupportsMulticasting = true


File attribute-based filtering

Goal: Disable folder-sharing on systems that have at least one My Documents directory that is not encrypted:

Root\cimv2 ; Select * from Win32_Directory where filename ='my documents' AND encrypted = false


Time zone-based filtering

Goal: Policy that targets all servers located in a time zone three hours earlier than the local time zone:

Root\cimv2 ; Select * from win32_timezone where bias =-300


Hot fix-based filtering

Goal: Apply a policy only on computers that have a particular Hotfix:

Root\cimv2 ; select * from Win32_QuickFixEngineering where HotFixID = 'q147222'


Ping-based filtering

Goal: Deploy policies based on proximity measured in round trip delays or hops from a node on the network (printer configuration for example):

Root\Cimv2 ; Select * from PingProtocolStatus where address = ' PRNServ1' AND hops < 2


Comments (1)

  1. Anonymous says:

    For various reasons, you may want to restrict certain configuration processes to a subset of your environment

Skip to main content