to exclude computer which are in specific computer group

Iltexanomontano 1 Reputation point
2021-03-11T04:32:29.823+00:00

I need to create WMI filter to exclude all computer names which belongs to specific computer group (e.g. 'work') on Windows 2008 R2 domain controller. I cannot move computer from OU to another ones so I need it, I tried to search but unsuccessfully. Can you help me to create this query?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,051 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,575 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Fan Fan 15,321 Reputation points Microsoft Vendor
    2021-03-11T06:26:27.45+00:00

    Hi,

    Sorry for not familiar with the query.
    If you want to exclude computers belonging to one group for the group policy , the security filter can be used to do this.
    Add all the computers in that OU into one security group, for example named group1
    Open the gpo delegation, select the authenticated users : apply the group policy ,keep the read permission only.
    Add the group1 and give it :read and apply group policy permission .
    Update the group policy , only computers in the group 1 will apply the policy.
    If i misunderstand you, please feel free to let me know.

    Best Regards,

    0 comments No comments

  2. Mark Heitbrink 96 Reputation points
    2021-03-11T10:20:15.683+00:00

    It is no recommended to query security group membership by WMI, because WMI collects ALL groups in AD to get the members and in fact it make no sense, doing it by WMI:

    If your targets, that should not get the GPO are inside a group, you can simply "deny apply" on the delegation.

    0 comments No comments