DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 9.15 Creating a WMI Filter

WMI filters can be configured only on a Windows Server 2003 domain controller, and they will apply only to Windows Server 2003- and Windows XP-based clients.

9.15.1 Problem

You want to create a WMI filter.

9.15.2 Solution

9.15.2.1 Using a graphical user interface
  1. Open the GPMC snap-in.

  2. In the left pane, expand the Forest container, expand the Domains container, browse to the target domain, and click the WMI Filters container.

  3. Right-click on the WMI Filters container and select New.

  4. Enter a name and description for the filter.

  5. Click the Add button.

  6. Select the appropriate namespace, enter a WQL query, and click OK.

  7. Repeat steps 5 and 6 for as many queries as you need to add.

  8. Click the Save button.

9.15.2.2 Using VBScript

At the time of publication of this book, there were no GPM methods available for creating WMI filters.

9.15.3 Discussion

WMI filters are new in Windows Server 2003 and provide another way to filter how GPOs are applied to clients. WMI filters live in Active Directory as objects under the WMIPolicy container within the System container for a domain. A WMI filter consists of a WMI Query Language (WQL) query that when linked to a GPO will be run against all clients that the GPO applies to. If the WQL returns a true value (that is returns nonempty results from the WQL query), the GPO will continue to process. If the WQL query returns false (nothing is returned from the query), the GPO will not be processed.

The great thing about WMI filters is that the vast amount of information that is available in WMI on a client becomes available to filter GPOs. You can query against CPU, memory, disk space, hotfixes installed, service packs installed, applications installed, running processes, and the list goes on and on.

For example, if you want to create a GPO that applies only to computers that are running Windows XP Professional, it would have been really difficult to accomplish under Windows 2000. You would have either needed to create a security group that contained all of those computers as members (and apply a security filter), or move all of those workstations to a particular OU. With a WMI filter, this becomes trivial. Here is an example WQL query that would return true when run on a Windows XP Professional workstation:

select * from Win32_OperatingSystem 
 where Caption = "Microsoft Windows XP Professional"

9.15.4 See Also

Recipe 9.16 for applying a WMI filter to a GPO and MSDN: Querying with WQL

    [ Team LiB ] Previous Section Next Section