Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
During one of my demos in the "Understanding Group Policy Part 3" session I showed a text file that contained some examples of WMI Filters. I said if anyone was interested in getting the info to email me. Imagine my surprise that within 10 mins I was deluged with requests!!!
To make things simple I have l
isted the contentof the text file in this post.
If you need further information on filtering GPOs with WMI filters check:
Enjoy!!!
WMI Filter Examples
Hardware inventory-based filtering
Goal: Deploy a new connection manager, but not on desktops without modems:
Root\CimV2;Select * from Win32_POTSModem
Resource-based filtering
Goal: Deploy software to machines that have at least 600 MG disk space available:
Root\CimV2; Select * from Win32_LogicalDisk where FreeSpace > 629145600
Machine-based filtering
Goal: Encrypt all My Documents folders on laptops used by the company:
Root\CimV2; Select * from Win32_ComputerSystem where manufacturer = "Toshiba" and Model = "Tecra 800" OR Model = "Tecra 810"
Asset tag-based filtering
Goal: Set a hardware inventory monitoring policy for all computers assigned the enterprise's asset tags with numbers between 300,000 and 355555:
Root\Cimv2 ; Select * from Win32_SystemEnclosure where SMBIOSAssetTag > '300000' AND SMBIOSAssetTag < '355555'
Hardware configuration-based filtering
Goal: Target a policy for all computers that have a network adapter on interrupt number 11:
Root\cimv2; Associators of {win32_IRQResource.IRQNumber=11} where resultclass = Win32_NetworkAdapter
Configuration-based filtering
Goal: Turn on NetMon on computers that have multicasting turned on:
Select * from Win32_NetworkProtocol where SupportsMulticasting = true
File attribute-based filtering
Goal: Disable folder-sharing on systems that have at least one My Documents directory that is not encrypted:
Root\cimv2 ; Select * from Win32_Directory where filename ='my documents' AND encrypted = false
Time zone-based filtering
Goal: Policy that targets all servers located in a time zone three hours earlier than the local time zone:
Root\cimv2 ; Select * from win32_timezone where bias =-300
Hot fix-based filtering
Goal: Apply a policy only on computers that have a particular Hotfix:
Root\cimv2 ; select * from Win32_QuickFixEngineering where HotFixID = 'q147222'
Ping-based filtering
Goal: Deploy policies based on proximity measured in round trip delays or hops from a node on the network (printer configuration for example):
Root\Cimv2 ; Select * from PingProtocolStatus where address = ' PRNServ1' AND hops < 2
Comments
- Anonymous
January 01, 2003
For various reasons, you may want to restrict certain configuration processes to a subset of your environment