How to Use WMI Filtering to Improve Group Policy Administration

Group policy is one of the most versatile and powerful ways to manage your workstations in your domain. However, using just basic Group Policy to object relationship links you can limit the customization that is possible with group policy. Today I will show you how to add WMI (Windows Management Interface) Filtering to your group policy. This will allow you to build a kind of rule, and allow you to pick and choose which workstations get the policy and which don’t. My goal today is to apply my group policy to only workstations that start with the name of shs-exam. This is basically all the workstations that reside in our exam rooms and I would like them to have a special set of settings, however I want them to co-exist in my Active Directory structure in the proper ‘departmental’ organizational units that I already have.
Requirementswmi-query

Configuration

  1. Open your Group Policy Management Console and browse to WMI Filters in your Domain.
  2. Go ahead and Right Click on WMI Filters and select New
  3. Give the WMI Filter a nice descriptive name and give more detailed text in the Description if needed.
  4. To build your actual query for WMI you need to think of this as a question to ask the PC and if it returns any result then the Group Policy will be applied to it. The query I have built asks it to return name for the computer and if the name contains “SHS-EXAM” then it will return the name and get the group policy applied, if not then nothing happens and the group policy is skipped.
  5. group-policy-scope-wmi-filtering

  6. Add your WMI Query, mine is Select name from Win32_ComputerSystem WHERE NOT name LIKE “%SHS-EXAM%” This will basically select all computers that are not named “SHS-EXAM”
  7. Now press Save
  8. Now that we have successfully made the WMI Filter we need to apply it to the proper group policy, so go to your Group Policy Objects under your domain and select the one you wish to add the filter to.
  9. The last section on the screen should be WMI Filtering, just drop down the list and select the WMI Filter you just made

Reference Material

  • WQL (SQL for WMI) (Windows) – This is a great list of advanced operators and examples to get you close the the proper syntax
  • HOWTO: Leverage Group Policies with WMI Filters – This article explains in detail how to create a WMI filter to determine the scope of a Group Policy based on computer attributes.
  • Paessler WMI Tester – This tool can help you test your WMI queries before deploying them in Group Policy use. I use this tool all the time to help find information about a workstation.
  • Microsoft Win32 Classes Reference – This is a Microsoft’s reference for all of the objects and events for WMI. You can use this to find that specific settings you need to filter on.