WMI filter woes

  • Article

Hi all,

    I just thought that I would finally post a little something about WQL (WMI Query Language) queries for Group Policies.  It is regularly observed by most of my customers that examples of WMI queries for GPOs are found here: https://technet.microsoft.com/en-us/library/cc758471(v=ws.10).aspx#CommunityContent . 

 

It is important to note that these are examples and are not optimized by any means, they are there to provide the various options to filter policies from machines/users that match certain criteria.  If you are looking to implement a WMI query, the first thing I would suggest is to ask yourself this "Can we use preferences and item level targeting instead?" If the answer is no, then implementing WMI filters are not an issue, as long as you stick to these simple guidelines:

  1. WMI queries are not saved in the GPC or GPT and are not backed up using the Group Policy management console by default
  2. The first WMI query that your client executes as part of GPOs, will add approximately 1 second onto the boot up time, although this will get slightly faster with each GPO with a WMI query.
  3. WMI queries should be optimized to select the exact content that you want, for example:  Select * from Win32_POTSModem Where Name = " MyModem" could be made more efficient by changing the query to Select Name from Win32_POTSModem Where Name = " MyModem"
  4. Windows XP and beyond (at least to Win 8), the default answer from a WMI failure is negative.  So if you are asking " are you Windows 7" and the WMI engine has an issue on that machine, it will respond "No"
  5. Make sure that WMI is functional on your client machines  by monitoring them.  WMI services can be damaged by rogue code/applications/Hardware drivers.  I have to spend a lot of my time fixing WMI issues on customer sites.

Just a few thoughts and ramblings to get you started :)