[gptalk] Re: Select statement calling Win32_Group in a WMI FIlter

• From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Fri, 23 May 2008 10:10:47 -0500

Can you give an example of the query that appears to be working
correctly?

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com


-----Original Message-----
From: jfvanmeter@xxxxxxxxxxx [mailto:jfvanmeter@xxxxxxxxxxx] 
Sent: Friday, May 23, 2008 10:08 AM
To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx
Cc: Nelson, Jamie R
Subject: Re: [gptalk] Re: Select statement calling Win32_Group in a WMI
FIlter

Thanks James

select * from WIn32_Group Where Domain = "domainname" and Name =
"groupname" does work.
When I add a computer account  to the group, the policy is correct
applied and other workstations in the domain the policy is filtered.

--John

 -------------- Original message ----------------------
From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
> Win32_Group is not actually exposing membership; when you run that WQL
> statement you are actually only verifying that the group exists.
> 
> Just use security filtering if you want to limit the application of
> entire GPO based on groups, OR you can also use the new item-level
> targeting in the GPP extensions to limit the application of specific
> settings in the same policy.
> 
> Jamie Nelson | Systems Engineer | Systems Support, Information
> Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
> 405.553.5687 | http://www.integrisok.com
> 
> -----Original Message-----
> From: jfvanmeter@xxxxxxxxxxx [mailto:jfvanmeter@xxxxxxxxxxx] 
> Sent: Friday, May 23, 2008 2:07 AM
> To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx
> Cc: Nelson, Jamie R
> Subject: Re: [gptalk] Re: Select statement calling Win32_Group in a
WMI
> FIlter
> 
> just trying to learn something
> 
> --JOhn
> 
>  -------------- Original message ----------------------
> From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
> > Is there a particular reason you're not using Security Filtering?
> > 
> > Jamie Nelson | Systems Engineer | Systems Support, Information
> > Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
> > 405.553.5687 | http://www.integrisok.com
> > 
> > -----Original Message-----
> > From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > On Behalf Of jfvanmeter@xxxxxxxxxxx
> > Sent: Thursday, May 22, 2008 12:14 PM
> > To: gpotalk
> > Subject: [gptalk] Select statement calling Win32_Group in a WMI
FIlter
> > 
> > Hello everyone, I'm trying to write a wmi filter that will apply
group
> > policy based on group membership.  Lets say I have computer accounts
> are
> > all XP workstations  in two groups Group1 and Group2
> > 
> > The following works
> > 
> > select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1" any computers that are a member of Group1 will recieve the
> > group policy that I have it linked to, any computer not a member of
> > Group1 the policy is filtered. I need the filter to use both Group1
or
> > Group2.
> > 
> > I've tried to the following
> > 1 select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1" or Name = "Group2"
> > 
> > 2 select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1"  or Domain = "Domainname" and Name = "Group2"
> > 
> > 3 I've tried to seperate filters together
> > select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group1"
> > select * from Win32_Group Where Domain = "Domainname" and Name =
> > "Group2"
> > 
> > With any of the above 3 GPResults shows the policy being filter when
I
> > try to add the second group. If someone could point me in the right
> > direction that would be great.
> > 
> > Take Care and Have Fun --John
> > ***********************
> > You can unsubscribe from gptalk by sending email to
> > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
> OR
> > by logging into the freelists.org Web interface. Archives for the
list
> > are available at //www.freelists.org/archives/gptalk/
> > ************************
> > 
> > 
> > This e-mail may contain identifiable health information that is
> subject to 
> > protection under state and federal law. This information is intended
> to be for 
> > the use of the individual named above. If you are not the intended
> recipient, be 
> > aware that any disclosure, copying, distribution or use of the
> contents of this 
> > information is prohibited and may be punishable by law. If you have
> received 
> > this electronic transmission in error, please notify us immediately
by
> 
> > electronic mail (reply).
> > ***********************
> > You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx 
> > with 'unsubscribe' in the Subject field OR by logging into the
> freelists.org Web 
> > interface. Archives for the list are available at 
> > //www.freelists.org/archives/gptalk/
> > ************************
> 
> 
> 
> This e-mail may contain identifiable health information that is
subject to 
> protection under state and federal law. This information is intended
to be for 
> the use of the individual named above. If you are not the intended
recipient, be 
> aware that any disclosure, copying, distribution or use of the
contents of this 
> information is prohibited and may be punishable by law. If you have
received 
> this electronic transmission in error, please notify us immediately by

> electronic mail (reply).
> ***********************
> You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx 
> with 'unsubscribe' in the Subject field OR by logging into the
freelists.org Web 
> interface. Archives for the list are available at 
> //www.freelists.org/archives/gptalk/
> ************************



This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at //www.freelists.org/archives/gptalk/
************************

• References:
  • [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
    • From: jfvanmeter

Other related posts:

• » [gptalk] Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter
• » [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter

1. Home
2. gptalk
3. Archive
4. 05-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---