[gptalk] GPO WMI/WQL Filter
- From: "Jerry Abouelnasr" <jerryabouelnasr@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Thu, 23 Oct 2008 14:55:50 -0700
Hi everyone
I'm trying to filter a GPO using a WMI query. My goal is to have one policy
only apply to desktops and one only apply to laptops. I understand that
there is currently no really good method of doing this by querying hardware
(and that a contest exists) :-). Fortunately, our naming standard appears to
accomodate. All laptops end with "LT."
So, when I run a query for *Select * From Win32_ComputerSystem Where Name
Like "%LT"* ---- I get the desired result when I log in to a laptop with
a name ending in LT. The policy applies. When I log into a computer that
does not end with LT, the GPO is filtered out and denied.
Now - to do the opposite, I'm having problems. I want to filter based on
computers NOT named "%LT" - My goal in doing so is to have a policy ONLY
apply to workstations (which do not end with LT in their name) --- So, I
have tried: *Select * From Win32_ComputerSystem Where Name Like
"%[^LT]"*---- This works for me on Vista, but not on Windows XP SP2
workstations.
When testing from a command prompt - on a workstation not ending with LT - I
am able to validate that the "%[^LT]" exclusion is not working on XP
workstations vs. it working on a Vista workstation using the following
command: *wmic path win32_ComputerSystem WHERE (Name like "%[^LT]") get Name
*.
So, it feels like I'm in the right neighborhood. I suspect that the Syntax
might need to be different on XP, but I've already tried variations to no
avail.
Any help would be *greatly* appreciated.
Thanks
Jerry
Other related posts:
