[gptalk] Re: I Need The Perfect Desktop WMI Filter

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 11 Feb 2008 16:54:06 -0600

Actually, it did come through. However, you're right in that security
filtering won't do any good on user policies.

 

Let me guess...does this problem have something to do with offline
lines?

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jakob H. Heidelberg
Sent: Monday, February 11, 2008 4:39 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

For some reason my reply from earlier never got through:

 

[START]

I agree - there's lots of workarounds to this problem - I'm just "in
love" with the idea of "The Perfect Desktop WMI Filter" - sorry to
introduce you to my love life just like that J

 

I also agree it could be nice to say "if FALSE then apply" - and no, WMI
filtering logic hasn't changed in WS2008.

 

At this point I think I might have to give up - maybe because "desktops"
are not just desktops, and hardware is not just hardware, and even
though the hardware is there, the WMI class is not necessarily
present... Just "love" the logic of Win32_Battery to spot a laptop - it
would be nice to just be able to turn that around.

[END]

 

 

And, BTW - security filtering is not a valid replacement for a WMI
filter in this case - I need to place the WMI filter on User policies.
Eg. When User A logs on to a Computer B, User Policy C will apply, but
the policy will not apply if User A logs on to Computer D. That's
basically why I need this.

 

Thanx!

/Jakob

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: 11. februar 2008 23:23
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

Hmmm, a security group based solution is probably the only way to do
something like this. The problem with that is it would require a minimum
of 2 reboots before systems get scoped in by a GPO. However, it would
give you a lot more flexibility.

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Monday, February 11, 2008 3:20 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

You can certainly use a NOT operator in a query but that doesn't help
when what you're trying to find a lack of instances. The key would be to
see if there is a way to form a query that results in true if no
instances of a class (e.g. Win32_Battery) are found. I haven't found a
way to do that yet, but I'm guessing it is possible with the right
syntax. 

 

No changes to this in 2008, btw.

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: Monday, February 11, 2008 1:13 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

Yeah, I use ChassisType all the time in scripting logic...guess I have
never tried to use it in a WMI filter before.

 

You're right in that it doesn't work with arrays. It's too bad you can't
configure the reverse of a filter (so the filter applies if a statement
is FALSE). If that were possible you could just use the reverse of
Win32_Battery and you'd be done. Are WMI filters going to be more
flexible in Server 2008?

 

One thing you might think about doing is this...have a startup script
that adds systems to a domain security group (if you detect them to be a
laptop) and apply your filtering that way. It would be kind of similar
to how the WMI Filtering for Windows 2000 solution
<http://www.mml.ru/WMIF2K/>  works, except I would  not mess with the
whole server-side component. Just give "Domain Computers" managed-by
rights to the group.

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jakob H. Heidelberg
Sent: Monday, February 11, 2008 3:02 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

That's not gonna work at all - because that's an Array. WMI filters/WQL
cannot handle arrays unfortunately. I know many forums claim that class
is a solution - but for WMI queries it's not, with scripting logic it's
no problem.

 

The Win32_Fan class could also work - but in my case both laptops and
desktops "reject" that class (return false as they are empty).

 

This is really strange... Sometimes, stuff that seems so simple, really
isn't - please prove me wrong J

 

Regards

/Jakob

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: 11. februar 2008 21:53
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

So you haven't had any luck with ChassisTypes in Win32_SystemEnclosure?

 

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Monday, February 11, 2008 2:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

Its certainly a tough problem. Of course, GP Preferences has a laptop
vs. desktop filter built into it for its settings but it doesn't do any
good for the regular GP settings. One other class you might try. I did a
quick check of my desktop vs. laptop. What came back is that my desktop
has instances of the Win32_Fan class, but my laptop does not. Maybe???

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jakob H. Heidelberg
Sent: Monday, February 11, 2008 12:05 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

I can't seem to make that work - in my case my laptop has 2 SystemSlots
(CardBus + Mini-PCI) and my desktop returns 2 (AGP and PCI). I'm using
Scriptomatic for this.

 

Also, using WQL I wouldn't know how to make a "count" - as that would be
needed I guess?

 

I could maybe try to go for "PCI%", as I expect most desktops to have
PCI slots (and laptops to have Mini-PCI, but that would depend on the
form factor) - or maybe AGP (does onboard VGA count as AGP? Any PCI VGA
left out there?) - something like:

 

A) Select * From Win32_SystemSlot Where SlotDesignation = "PCI%"

Or

B) Select * From Win32_SystemSlot Where SlotDesignation = "AGP"

 

Would that run through ALL slots on the machine, exactly like:

 

A)

strComputer = "."

bolFound = False

Set objWMIService = GetObject("winmgmts:\\" & strComputer &
"\root\CIMV2")

Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_SystemSlot")

For Each objItem In colItems

  If Left(Ucase(objItem.SlotDesignation),3) = "PCI" Then bolFound = True

Next

Msgbox bolFound

 

B)

strComputer = "."

bolFound = False

Set objWMIService = GetObject("winmgmts:\\" & strComputer &
"\root\CIMV2")

Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_SystemSlot")

For Each objItem In colItems

  If Ucase(objItem.SlotDesignation) = "AGP" Then bolFound = True

Next

Msgbox bolFound

 

 

If this is "true", the it might just do it - as Virtual Machines does
not have these slots I cannot test the WMI filter right now. Still not
convinced, but I think we are closer to the goal now J

 

 

Thanx!

/Jakob

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: 11. februar 2008 01:21
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

Yes, I can understand the problem. You want desktops to return True all
the time instead of having them return false. One idea that might be
worth exploring is querying Win32_SystemSlot. My expectation is that
laptops should have 0 system slots or at least no more than 1, though I
don't have one to test now, and that desktops should have > 0. So that
might be worth exploring. 

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jakob H. Heidelberg
Sent: Sunday, February 10, 2008 12:02 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

Hi Darren,

 

I have to turn it around somehow - have been there (just selecting the
class) - the thing is the query will return FALSE on a desktop (have
tested with you WMI TEST tool too). So, a desktop will not load the GPO.

 

Select * from Win32_Battery is OK for spotting a laptop though. But, I'm
basically looking for something like:

 

 

A) Select * from Win32_SomeClassOnlyDesktopsHave

 

Or

 

B )Select * from Win32_SomeClass.SomeValue = "SomeValueOnlyDesktopsHave"

 

Or

 

C) Some way of saying "if you don't know the class (eg. Battery), apply
the GPO anyway" (Brainstorm: On Error, NULL return etc. - just not
possible with WQL).

 

 

The "quest" is to find the perfect, *universal*, way of spotting
"Non-laptops" or Desktops - it can be done by looking for some special
computer Manufacturer, computer Model, BIOS version or whatever - but
that's different from environment to environment.

 

 

Any ideas?

 

 

Regards & thanks

/Jakob

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: 10. februar 2008 20:34
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: I Need The Perfect Desktop WMI Filter

 

Jakob-

I think you were close when you were using Win32_Battery. That is the
one thing that you can reliably say that laptops have, but desktops
don't. So, have you tried the following:

 

Select * from Win32_Battery

 

Just that. Nothing else. What that does is determine if there are any
instances of that class. If not (i.e., on a desktop machine) it returns
false. If so, on a laptop, it returns true. 

 

Waddya think?

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jakob H. Heidelberg
Sent: Sunday, February 10, 2008 8:36 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] I Need The Perfect Desktop WMI Filter

 

Hi all,

 

I'm in desperate need of *the perfect WMI filter for spotting DESKTOP
computers only* - have been thinking about this for some days now.

 

I've been around solutions looking for ChassisType before - which
basically doesn't work because that's an Array. Have tried
PowerSupplyState, DesktopMonitor, DisplayConfiguration and others - just
haven't found the perfect "this is definitely a desktop WMI value"...

 

I've also been around using Battery/PortableBattery
/PCMCIAController/POTSModem - which all work fine to spot LAPTOPS...
However, desktops don't know the CLASS at all, so they return FALSE no
matter what. I can't even say things like "Select * From Win32_Battery
Where Availability != 2" or "Where Not X Like Y" or whatever - a desktop
doesn't handle the Win32_Battery class at all, so it's gonna say "Heck,
I don't know anything about that class *Panic* - I'm out!" - or just
"False" J.

 

The thing is, that normally it's the LAPTOPS that have special hardware
- like Batteries and built-in Modems, PCMCIA slots etc. - so they are
pretty easy to find. With desktop computers it's another story for my
part - hope you can help me out here.

 

Please - I know lot's of "workarounds", but what I need is a *WMI
filter* and it has to return *TRUE* for *DESKTOPS* (or let's call the
NON-LAPTOPS, it doesn't matter). Also, if the customer had used computer
names like "DESKxxx" for desktops and "LAPTxxx" for laptops, I know I
could have used WMI filters for computer name - but unfortunately that's
not the case. You could say I'm looking for a global solution for
spotting DESKTOPS using WMI filter - I know lots of cases where this
could come in handy.

 

 

Hope to hear from you soon! J

 

 

Best regards
Jakob H. Heidelberg

 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply).

 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply). 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply).

 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply). 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply).

 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply). 

**********************************************************************
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).


This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

Other related posts: