[gptalk] Re: Select statement calling Win32_Group in a WMI FIlter

• From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Fri, 23 May 2008 09:49:29 -0500

Win32_Group is not actually exposing membership; when you run that WQL
statement you are actually only verifying that the group exists.

Just use security filtering if you want to limit the application of
entire GPO based on groups, OR you can also use the new item-level
targeting in the GPP extensions to limit the application of specific
settings in the same policy.

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com

-----Original Message-----
From: jfvanmeter@xxxxxxxxxxx [mailto:jfvanmeter@xxxxxxxxxxx] 
Sent: Friday, May 23, 2008 2:07 AM
To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx
Cc: Nelson, Jamie R
Subject: Re: [gptalk] Re: Select statement calling Win32_Group in a WMI
FIlter

just trying to learn something

--JOhn

 -------------- Original message ----------------------
From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
> Is there a particular reason you're not using Security Filtering?
> 
> Jamie Nelson | Systems Engineer | Systems Support, Information
> Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
> 405.553.5687 | http://www.integrisok.com
> 
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> On Behalf Of jfvanmeter@xxxxxxxxxxx
> Sent: Thursday, May 22, 2008 12:14 PM
> To: gpotalk
> Subject: [gptalk] Select statement calling Win32_Group in a WMI FIlter
> 
> Hello everyone, I'm trying to write a wmi filter that will apply group
> policy based on group membership.  Lets say I have computer accounts
are
> all XP workstations  in two groups Group1 and Group2
> 
> The following works
> 
> select * from Win32_Group Where Domain = "Domainname" and Name =
> "Group1" any computers that are a member of Group1 will recieve the
> group policy that I have it linked to, any computer not a member of
> Group1 the policy is filtered. I need the filter to use both Group1 or
> Group2.
> 
> I've tried to the following
> 1 select * from Win32_Group Where Domain = "Domainname" and Name =
> "Group1" or Name = "Group2"
> 
> 2 select * from Win32_Group Where Domain = "Domainname" and Name =
> "Group1"  or Domain = "Domainname" and Name = "Group2"
> 
> 3 I've tried to seperate filters together
> select * from Win32_Group Where Domain = "Domainname" and Name =
> "Group1"
> select * from Win32_Group Where Domain = "Domainname" and Name =
> "Group2"
> 
> With any of the above 3 GPResults shows the policy being filter when I
> try to add the second group. If someone could point me in the right
> direction that would be great.
> 
> Take Care and Have Fun --John
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR
> by logging into the freelists.org Web interface. Archives for the list
> are available at //www.freelists.org/archives/gptalk/
> ************************
> 
> 
> This e-mail may contain identifiable health information that is
subject to 
> protection under state and federal law. This information is intended
to be for 
> the use of the individual named above. If you are not the intended
recipient, be 
> aware that any disclosure, copying, distribution or use of the
contents of this 
> information is prohibited and may be punishable by law. If you have
received 
> this electronic transmission in error, please notify us immediately by

> electronic mail (reply).
> ***********************
> You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx 
> with 'unsubscribe' in the Subject field OR by logging into the
freelists.org Web 
> interface. Archives for the list are available at 
> //www.freelists.org/archives/gptalk/
> ************************



This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at //www.freelists.org/archives/gptalk/
************************

• Follow-Ups:
  • [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
    • From: Darren Mar-Elia

• References:
  • [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
    • From: jfvanmeter

Other related posts:

• » [gptalk] Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter

1. Home
2. gptalk
3. Archive
4. 05-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---