[gptalk] Re: Select statement calling Win32_Group in a WMI FIlter

  • From: jfvanmeter@xxxxxxxxxxx
  • To: gptalk@xxxxxxxxxxxxx, <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 23 May 2008 15:08:28 +0000

Thanks James

select * from WIn32_Group Where Domain = "domainname" and Name = "groupname" 
does work.
When I add a computer account  to the group, the policy is correct applied and 
other workstations in the domain the policy is filtered.

--John

 -------------- Original message ----------------------
From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
> Win32_Group is not actually exposing membership; when you run that WQL
> statement you are actually only verifying that the group exists.
> 
> Just use security filtering if you want to limit the application of
> entire GPO based on groups, OR you can also use the new item-level
> targeting in the GPP extensions to limit the application of specific
> settings in the same policy.
> 
> Jamie Nelson | Systems Engineer | Systems Support, Information
> Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
> 405.553.5687 | http://www.integrisok.com
> 
> -----Original Message-----
> From: jfvanmeter@xxxxxxxxxxx [mailto:jfvanmeter@xxxxxxxxxxx] 
> Sent: Friday, May 23, 2008 2:07 AM
> To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx
> Cc: Nelson, Jamie R
> Subject: Re: [gptalk] Re: Select statement calling Win32_Group in a WMI
> FIlter
> 
> just trying to learn something
> 
> --JOhn
> 
>  -------------- Original message ----------------------
> From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
> > Is there a particular reason you're not using Security Filtering?
> > 
> > Jamie Nelson | Systems Engineer | Systems Support, Information
> > Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
> > 405.553.5687 | http://www.integrisok.com
> > 
> > -----Original Message-----
> > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > On Behalf Of jfvanmeter@xxxxxxxxxxx
> > Sent: Thursday, May 22, 2008 12:14 PM
> > To: gpotalk
> > Subject: [gptalk] Select statement calling Win32_Group in a WMI FIlter
> > 
> > Hello everyone, I'm trying to write a wmi filter that will apply group
> > policy based on group membership.  Lets say I have computer accounts
> are
> > all XP workstations  in two groups Group1 and Group2
> > 
> > The following works
> > 
> > select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1" any computers that are a member of Group1 will recieve the
> > group policy that I have it linked to, any computer not a member of
> > Group1 the policy is filtered. I need the filter to use both Group1 or
> > Group2.
> > 
> > I've tried to the following
> > 1 select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1" or Name = "Group2"
> > 
> > 2 select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1"  or Domain = "Domainname" and Name = "Group2"
> > 
> > 3 I've tried to seperate filters together
> > select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1"
> > select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group2"
> > 
> > With any of the above 3 GPResults shows the policy being filter when I
> > try to add the second group. If someone could point me in the right
> > direction that would be great.
> > 
> > Take Care and Have Fun --John
> > ***********************
> > You can unsubscribe from gptalk by sending email to
> > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
> OR
> > by logging into the freelists.org Web interface. Archives for the list
> > are available at http://www.freelists.org/archives/gptalk/
> > ************************
> > 
> > 
> > This e-mail may contain identifiable health information that is
> subject to 
> > protection under state and federal law. This information is intended
> to be for 
> > the use of the individual named above. If you are not the intended
> recipient, be 
> > aware that any disclosure, copying, distribution or use of the
> contents of this 
> > information is prohibited and may be punishable by law. If you have
> received 
> > this electronic transmission in error, please notify us immediately by
> 
> > electronic mail (reply).
> > ***********************
> > You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx 
> > with 'unsubscribe' in the Subject field OR by logging into the
> freelists.org Web 
> > interface. Archives for the list are available at 
> > http://www.freelists.org/archives/gptalk/
> > ************************
> 
> 
> 
> This e-mail may contain identifiable health information that is subject to 
> protection under state and federal law. This information is intended to be 
> for 
> the use of the individual named above. If you are not the intended recipient, 
> be 
> aware that any disclosure, copying, distribution or use of the contents of 
> this 
> information is prohibited and may be punishable by law. If you have received 
> this electronic transmission in error, please notify us immediately by 
> electronic mail (reply).
> ***********************
> You can unsubscribe from gptalk by sending email to 
> gptalk-request@xxxxxxxxxxxxx 
> with 'unsubscribe' in the Subject field OR by logging into the freelists.org 
> Web 
> interface. Archives for the list are available at 
> http://www.freelists.org/archives/gptalk/
> ************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: