Group Policy WMI Filter Examples




During one of my demos in the “Understanding Group Policy Part 3” session I showed a text file that contained some examples of WMI Filters.  I said if anyone was interested in getting the info to email me.  Imagine my surprise that within 10 mins I was deluged with requests!!! 


 


To make things simple I have listed the contentof the text file in this post. 


 


If you need further information on filtering GPOs with WMI filters check:


 


http://technet2.microsoft.com/WindowsServer/en/Library/6237b9b2-4a21-425e-8976-2065d28b31471033.mspx


 


Enjoy!!!


 


WMI Filter Examples


Hardware inventory-based filtering


Goal: Deploy a new connection manager, but not on desktops without modems:


Root\CimV2;Select * from Win32_POTSModem


 


Resource-based filtering


Goal: Deploy software to machines that have at least 600 MG disk space available:


Root\CimV2; Select * from Win32_LogicalDisk where FreeSpace > 629145600


 


Machine-based filtering


Goal: Encrypt all My Documents folders on laptops used by the company:


Root\CimV2; Select * from Win32_ComputerSystem where manufacturer = “Toshiba” and Model = “Tecra 800” OR Model = “Tecra 810”


 


Asset tag-based filtering


Goal: Set a hardware inventory monitoring policy for all computers assigned the enterprise’s asset tags with numbers between 300,000 and 355555:


Root\Cimv2 ; Select * from Win32_SystemEnclosure where SMBIOSAssetTag > ‘300000’ AND SMBIOSAssetTag < ‘355555’


 


Hardware configuration-based filtering


Goal: Target a policy for all computers that have a network adapter on interrupt number 11:


Root\cimv2; Associators of {win32_IRQResource.IRQNumber=11} where resultclass = Win32_NetworkAdapter


 


Configuration-based filtering


Goal: Turn on NetMon on computers that have multicasting turned on:


Select * from Win32_NetworkProtocol where SupportsMulticasting = true


 


File attribute-based filtering


Goal: Disable folder-sharing on systems that have at least one My Documents directory that is not encrypted:


Root\cimv2 ; Select * from Win32_Directory where filename =’my documents’ AND encrypted = false


 


Time zone-based filtering


Goal: Policy that targets all servers located in a time zone three hours earlier than the local time zone:


Root\cimv2 ; Select * from win32_timezone where bias =-300


 


Hot fix-based filtering


Goal: Apply a policy only on computers that have a particular Hotfix:


Root\cimv2 ; select * from Win32_QuickFixEngineering where HotFixID = ‘q147222’


 


Ping-based filtering


Goal: Deploy policies based on proximity measured in round trip delays or hops from a node on the network (printer configuration for example):


Root\Cimv2 ; Select * from PingProtocolStatus where address = ‘ PRNServ1’ AND hops < 2


 


Comments (1)

  1. Anonymous says:

    For various reasons, you may want to restrict certain configuration processes to a subset of your environment