Group Policy WMI Filter Examples

During one of my demos in the "Understanding Group Policy Part 3" session I showed a text file that contained some examples of WMI Filters. I said if anyone was interested in getting the info to email me. Imagine my surprise that within 10 mins I was deluged with requests!!!

To make things simple I have l

isted the contentof the text file in this post.

If you need further information on filtering GPOs with WMI filters check:

https://technet2.microsoft.com/WindowsServer/en/Library/6237b9b2-4a21-425e-8976-2065d28b31471033.mspx

Enjoy!!!

WMI Filter Examples

Hardware inventory-based filtering

Goal: Deploy a new connection manager, but not on desktops without modems:

Root\CimV2;Select * from Win32_POTSModem

Resource-based filtering

Goal: Deploy software to machines that have at least 600 MG disk space available:

Root\CimV2; Select * from Win32_LogicalDisk where FreeSpace > 629145600

Machine-based filtering

Goal: Encrypt all My Documents folders on laptops used by the company:

Root\CimV2; Select * from Win32_ComputerSystem where manufacturer = "Toshiba" and Model = "Tecra 800" OR Model = "Tecra 810"

Asset tag-based filtering

Goal: Set a hardware inventory monitoring policy for all computers assigned the enterprise's asset tags with numbers between 300,000 and 355555:

Root\Cimv2 ; Select * from Win32_SystemEnclosure where SMBIOSAssetTag > '300000' AND SMBIOSAssetTag < '355555'

Hardware configuration-based filtering

Goal: Target a policy for all computers that have a network adapter on interrupt number 11:

Root\cimv2; Associators of {win32_IRQResource.IRQNumber=11} where resultclass = Win32_NetworkAdapter

Configuration-based filtering

Goal: Turn on NetMon on computers that have multicasting turned on:

Select * from Win32_NetworkProtocol where SupportsMulticasting = true

File attribute-based filtering

Goal: Disable folder-sharing on systems that have at least one My Documents directory that is not encrypted:

Root\cimv2 ; Select * from Win32_Directory where filename ='my documents' AND encrypted = false

Time zone-based filtering

Goal: Policy that targets all servers located in a time zone three hours earlier than the local time zone:

Root\cimv2 ; Select * from win32_timezone where bias =-300

Hot fix-based filtering

Goal: Apply a policy only on computers that have a particular Hotfix:

Root\cimv2 ; select * from Win32_QuickFixEngineering where HotFixID = 'q147222'

Ping-based filtering

Goal: Deploy policies based on proximity measured in round trip delays or hops from a node on the network (printer configuration for example):

Root\Cimv2 ; Select * from PingProtocolStatus where address = ' PRNServ1' AND hops < 2