What Is A Wmi Filter
WMI filters in Group Policy (GPO) allow you to more flexibly utilise policies to clients by using unlike rules. A WMI filter is a set of WMI queries (the WMI Query Linguistic communication / WQL is used) that you can utilise to target computers to which a specific group policy should be applied. For example, using the WMI GPO filter, yous tin can apply a policy linked to an OU simply to computers running Windows x (a policy with such a WMI filter won't apply to computers with other Windows versions).
Contents:
- What are the WMI GPO filters used for?
- Create a New WMI Filter and Link it to a GPO
- GPO WMI Filtering Examples
- Test GPO WMI Filters using PowerShell
What are the WMI GPO filters used for?
Typically, grouping policy filtering using WMI (Windows Management Instrumentation) can be used when multiple domain objects (users or computers) are located in the flat AD construction instead of the separate OU, or if you need to apply grouping policies, according to the OS version, network settings, installed software or whatever other criteria that tin exist selected using WMI. When the client processes such a grouping policy, Windows will bank check its state for compliance with the specified WMI query, and if the filter conditions are met, the GPO volition exist applied to this computer.
WMI group policy filters first appeared in Windows XP/Server 2003, and are available in the latest Windows versions (Windows Server 2019, 2016 and Windows 10, 8.ane).
Create a New WMI Filter and Link it to a GPO
To create a new WMI filter, open the Group Policy Management console (gpmc.msc and go to Wood -> Domains -> woshub.com -> WMI Filters. This section contains all WMI filters in the Advert domain. Create a new WMI filter (New).
Blazon the filter name and its clarification (optional). To add together a WMI query code to the filter, click the Add button, specify the name of the WMI namespace (by default, root\CIMv2) and specify the WMI lawmaking.
The following WMI query format is used:
Select * from <WMI Class> WHERE <Property> = <Value>
In this example, I want to create a WMI filter that allows to use GPO only to computers running Windows 10. The WMI query may look similar this:
Select * from Win32_OperatingSystem where Version like "ten.%" and ProductType="one"
The created WMI filters are stored in the msWMI-Som class objects of the Active Directory domain in the department DC=…, CN=Organisation, CN=WMIPolicy, CN=SOM, yous can find and edit them using the adsiedit.msc.
After you lot have created a WMI filter, you can link it to a specific GPO. Find the desired policy in the GPMC console and on the Scope tab, in the WMI Filtering section drop-down list, select your WMI filter. In this example, I want to apply the printer consignment policy just to computers running Windows 10.
Wait for this policy to apply to clients, or update information technology manually with the control gpupdate /force
. When analyzing the applied policies on the client, utilize the gpresult /r command. If the policy affects the client, but doesn't employ due to the WMI filter restrictions, such a policy will have the status Filtering: Denied (WMI Filter) in the gpresult written report.
GPO WMI Filtering Examples
Let's accept a wait at the diverse examples of WMI GPO filters that are virtually commonly used.
With the help of the WMI filter, you can choose the OS type:
- ProductType=1 – whatever desktop Windows edition;
- ProductType=2 – Active Directory domain controller;
- ProductType=three – Windows Server.
Windows versions:
- Windows Server 2016 and Windows 10 — 10.%
- Windows Server 2012 R2 and Windows viii.ane — 6.3%
- Windows Server 2012 and Windows 8 — half dozen.2%
- Windows Server 2008 R2 and Windows 7 — 6.1%
- Windows Server 2008 and Windows Vista — 6.0%
- Windows Server 2003 — 5.2%
- Windows XP — 5.1%
- Windows 2000 — v.0%
You can combine conditions in a WMI query using the logical operators AND and OR. To apply the policy only to servers running Windows Server 2016, the WMI query code will be as follows:
select * from Win32_OperatingSystem WHERE Version Similar "10.%" AND (ProductType = "2" or ProductType = "3" )
To select 32-bit versions of Windows eight.ane:
select * from Win32_OperatingSystem WHERE Version similar "six.three%" AND ProductType="one" AND OSArchitecture = "32-bit"
To apply the GPO to 64-flake Os only:
Select * from Win32_Processor where AddressWidth = "64"
Yous can select Windows x with a specific build number, for instance Windows 10 1803:
select Version from Win32_OperatingSystem WHERE Version like "10.0.17134" AND ProductType="1″
Apply policy to VMWare virtual machines simply:
SELECT Model FROM Win32_ComputerSystem WHERE Model = "VMWare Virtual Platform"
Apply policy just to laptops (see the article WMI Query to Notice Laptops in SCCM):
select * from Win32_SystemEnclosure where ChassisTypes = "8" or ChassisTypes = "9" or ChassisTypes = "10" or ChassisTypes = "11" or ChassisTypes = "12" or ChassisTypes = "fourteen" or ChassisTypes = "18" or ChassisTypes = "21"
WMI filter, which applies only to computers whose names begin with "lon-pc"(for instance, to disable USB drives on these devices):
SELECT Name FROM Win32_ComputerSystem WHERE Name LIKE 'lon-pc%'
Another example of using a WMI filter for targeting GPO to IP subnets is described in the article Utilize WMI Filter to Utilise GPO to IP Subnet. For example, to apply a policy to clients in the multiple IP subnets, use the WMI query:
Select * FROM Win32_IP4RouteTable WHERE (Mask='255.255.255.255' AND (Destination Like ten.1.one.%' OR Destination Similar 'x.ane.ii.%'))
To select only devices with the RAM over 1 GB:
Select * from WIN32_ComputerSystem where TotalPhysicalMemory >= 1073741824
WMI filter to verify that Net Explorer 11 is installed:
SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Cyberspace Explorer\\" AND filename="iexplore" AND extension="exe" AND version>"11.0"
Test GPO WMI Filters using PowerShell
When creating WMI queries, sometimes you need to get the values of various WMI parameters on the computer. Y'all tin can get this info using the Get-WMIObject cmdlet. For example, I demand to display the WMI attributes and values of the Win32_OperatingSystem class:
Go-WMIObject Win32_OperatingSystem
SystemDirectory : C:\WINDOWS\system32
Organization :
BuildNumber : 17134
RegisteredUser : Windows User
SerialNumber : 00331-10000-00001-AA146
Version : x.0.17134
To brandish all available class properties:
Get-WMIObject Win32_OperatingSystem| Select *
You can use the PowerShell to test WMI filters on a figurer. Suppose you take written a complex WMI query and want to bank check if the figurer matches this query or non. For example, you created a WMI filter to check for the IE 11 on a computer. You tin exam this WMI query on the target computer using the become-wmiobject cmdlet:
get-wmiobject -query 'SELECT * FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version LIKE "11.%"'
If this control returns something, then the computer meets the query conditions. If the get-wmiobject control returns nix, the computer doesn't lucifer the WMI filter query.
For example, when running the specified command on a computer with Windows 10 and IE xi, the control volition return:
Compressed : Faux
Encrypted : False
Size :
Subconscious : Faux
Name : c:\program files\internet explorer\iexplore.exe
Readable : True
System : False
Version : 11.0.17134.1
Writeable : True
This means that IE eleven is installed on the computer and a GPO with such a WMI filter will exist applied to this computer.
So, we looked at how to utilize WMI filters to apply GPOs simply to computers that meet the unlike WMI queries. It is necessary to take into business relationship the presence of WMI filters when analyzing the reasons for which the certain GPO is not applied on the calculator.
What Is A Wmi Filter,
Source: http://woshub.com/group-policy-filtering-using-wmi-filters/
Posted by: pagelfarge1999.blogspot.com
0 Response to "What Is A Wmi Filter"
Post a Comment