Can you give an example of the query that appears to be working correctly? Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com -----Original Message----- From: jfvanmeter@xxxxxxxxxxx [mailto:jfvanmeter@xxxxxxxxxxx] Sent: Friday, May 23, 2008 10:08 AM To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx Cc: Nelson, Jamie R Subject: Re: [gptalk] Re: Select statement calling Win32_Group in a WMI FIlter Thanks James select * from WIn32_Group Where Domain = "domainname" and Name = "groupname" does work. When I add a computer account to the group, the policy is correct applied and other workstations in the domain the policy is filtered. --John -------------- Original message ---------------------- From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx> > Win32_Group is not actually exposing membership; when you run that WQL > statement you are actually only verifying that the group exists. > > Just use security filtering if you want to limit the application of > entire GPO based on groups, OR you can also use the new item-level > targeting in the GPP extensions to limit the application of specific > settings in the same policy. > > Jamie Nelson | Systems Engineer | Systems Support, Information > Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax > 405.553.5687 | http://www.integrisok.com > > -----Original Message----- > From: jfvanmeter@xxxxxxxxxxx [mailto:jfvanmeter@xxxxxxxxxxx] > Sent: Friday, May 23, 2008 2:07 AM > To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx > Cc: Nelson, Jamie R > Subject: Re: [gptalk] Re: Select statement calling Win32_Group in a WMI > FIlter > > just trying to learn something > > --JOhn > > -------------- Original message ---------------------- > From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx> > > Is there a particular reason you're not using Security Filtering? > > > > Jamie Nelson | Systems Engineer | Systems Support, Information > > Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax > > 405.553.5687 | http://www.integrisok.com > > > > -----Original Message----- > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > On Behalf Of jfvanmeter@xxxxxxxxxxx > > Sent: Thursday, May 22, 2008 12:14 PM > > To: gpotalk > > Subject: [gptalk] Select statement calling Win32_Group in a WMI FIlter > > > > Hello everyone, I'm trying to write a wmi filter that will apply group > > policy based on group membership. Lets say I have computer accounts > are > > all XP workstations in two groups Group1 and Group2 > > > > The following works > > > > select * from Win32_Group Where Domain = "Domainname" and Name = > > "Group1" any computers that are a member of Group1 will recieve the > > group policy that I have it linked to, any computer not a member of > > Group1 the policy is filtered. I need the filter to use both Group1 or > > Group2. > > > > I've tried to the following > > 1 select * from Win32_Group Where Domain = "Domainname" and Name = > > "Group1" or Name = "Group2" > > > > 2 select * from Win32_Group Where Domain = "Domainname" and Name = > > "Group1" or Domain = "Domainname" and Name = "Group2" > > > > 3 I've tried to seperate filters together > > select * from Win32_Group Where Domain = "Domainname" and Name = > > "Group1" > > select * from Win32_Group Where Domain = "Domainname" and Name = > > "Group2" > > > > With any of the above 3 GPResults shows the policy being filter when I > > try to add the second group. If someone could point me in the right > > direction that would be great. > > > > Take Care and Have Fun --John > > *********************** > > You can unsubscribe from gptalk by sending email to > > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field > OR > > by logging into the freelists.org Web interface. Archives for the list > > are available at //www.freelists.org/archives/gptalk/ > > ************************ > > > > > > This e-mail may contain identifiable health information that is > subject to > > protection under state and federal law. This information is intended > to be for > > the use of the individual named above. If you are not the intended > recipient, be > > aware that any disclosure, copying, distribution or use of the > contents of this > > information is prohibited and may be punishable by law. If you have > received > > this electronic transmission in error, please notify us immediately by > > > electronic mail (reply). > > *********************** > > You can unsubscribe from gptalk by sending email to > gptalk-request@xxxxxxxxxxxxx > > with 'unsubscribe' in the Subject field OR by logging into the > freelists.org Web > > interface. Archives for the list are available at > > //www.freelists.org/archives/gptalk/ > > ************************ > > > > This e-mail may contain identifiable health information that is subject to > protection under state and federal law. This information is intended to be for > the use of the individual named above. If you are not the intended recipient, be > aware that any disclosure, copying, distribution or use of the contents of this > information is prohibited and may be punishable by law. If you have received > this electronic transmission in error, please notify us immediately by > electronic mail (reply). > *********************** > You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx > with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web > interface. Archives for the list are available at > //www.freelists.org/archives/gptalk/ > ************************ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply). *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************