Appendix C: WMI Filtering

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

How WMI Works

The WMI filters are evaluated on the client computer after the list of potential GPOs have been determined and filtered based on Security Group membership.

When a filter is applied to a GPO, it will be evaluated on the client computer. The GPO will only be applied if the entire query results in TRUE. Note that a GPO will be processed if no WMI filter has been selected.

During RSoP, in planning mode evaluation, a simulation of the client side processing occurs, producing a result based on the specified WMI Filters evaluation to TRUE.

For example:

  • If no WMI filter is selected, all WMI filters are assumed to evaluate to true; therefore, all GPOs will apply.

  • If a filter specified in the RSoP wizard matches a given GPO, the GPO will be evaluated.

  • In the RSoP wizard, the wizard will show all the filters based on the list of GPOs that apply to a computer or user. If a filter is removed from the filter list, it is assumed to evaluate to false and the GPO that is associated with the filter will not apply.

Active Directory Schema additions

A new property called "gPCWQLFilter" has been added to the properties of a GPO. It includes the namespace path and GUID that represents the WMI filter.

Using WMI in Mixed Environments

Clients running Windows 2000 or earlier versions do not have support for WMI filters. They may however be affected by a GPO that has specified a WMI filter. In this case, the client will process the GPO as if the filter evaluated to TRUE because it has no way of knowing if it were FALSE.

However, a mixed environment supports the schema changes required to enable WMI filters. Windows Server 2003-based servers with WMI filter-enabled GPOs will continue to handle Windows 2000 clients as they did previously.

WMI filters are only available in domains that have at least one Windows Server 2003 domain controller. In an environment consisting only of Windows 2000 domains, the WMI filter node in GPMC is not shown.

Examples of WMI Filters

This section illustrates some scenarios in which administrators use WMI filtering to achieve a specific goal.

Software inventory-based targeting (Ored set)

A company purchases a site license for a new bounds-checker tool that helps software developers write more reliable code. Because the bounds-checker only works with Visual Basic®, Visual C, and Visual C++,® the administrator wants to assign the package only on computers running any of these programs.

The administrator chooses the following filter:

Root\cimv2;Select * from Win32_Product where name = "MSIPackage1" OR name = "MSIPackage2" OR name = "MSIPackage32"

Note

it may be more reliable to use IdentifyingNumber

Software inventory-based targeting( Anded set)

A software company discovers that the interaction of three software products causes instabilities on the system. The company develops a hot fix but only wants to install it on computers where this interaction is possible.

The administrator chooses the following filter:

root\cimv2;Select * from Win32_Product where name = "MSIpackage1"

root\cimv2;Select * from Win32_Product where name = "MSIPackage2"

root\cimv2;Select * from Win32_Product where name = "MSIPackage3"

Note

it may be more reliable to use IdentifyingNumber.

Operating system-based targeting

An administrator wants to deploy an enterprise monitoring policy but needs to limit the target set to computers running either Windows 2000 Server or Advanced Server.

The administrator chooses the following filter:

Root\CimV2; Select * from Win32_OperatingSystem where Caption = "Microsoft Windows 2000 Advanced Server" OR Caption = "Microsoft Windows 2000 Server"

Hardware inventory-based targeting

An administrator wants to deploy a new connection-manager but needs to avoid wasting space on desktop computers without modems where the connection manager would be useless. An administrator can deploy the package across the enterprise with the following WMI-filter:

Root\CimV2;Select * from Win32_POTSModem

Resource-based targeting

To encourage field engineers and consultants to use documentation, a company wants to make Help systems available directly on users' hard disks. But because users complain that the Help files consume too much space, a manager decides to only deploy the documentation on computers that have at least 600 megabytes (MB) available.

An administrator can accomplish this with the following WMI filter:

Root\CimV2; Select * from Win32_LogicalDisk where FreeSpace > 629145600 AND Description <> "Network Connection"

Computer-based targeting

An administrator wants to set up a policy to encrypt all "My Documents" folders on notebook computers. The administrator determines that all the company's notebook computers are Toshiba Tecra models 800 and 810.

To set up the policy, an administrator uses the following WMI filter:

Root\CimV2; Select * from Win32_ComputerSystem where manufacturer = "Toshiba" and Model = "Tecra 800" OR Model = "Tecra 810"

Asset tag-based targeting

An administrator wants to set hardware inventory monitoring policy for all computers with an "asset tag" of 300,000-355555.

To set up the policy, an administrator uses the following WMI filter:

Root\Cimv2 ; Select * from Win32_SystemEnclosure where SMBIOSAssetTag > '300000' AND SMBIOSAssetTag < '355555'

Hardware configuration-based targeting

An administrator wants to target a policy for all computers that have a network adapter on interrupt number 11. The administrator chooses the following filter:

Root\cimv2; Associators of {win32_IRQResource.IRQNumber=11} where resultclass = Win32_NetworkAdapter

Configuration-based targeting

An administrator wants to avoid turning on "netmon" on computers enabled with multicasting turned on. The administrator chooses the following filter:

Select * from Win32_NetworkProtocol where SupportsMulticasting = true

File attribute-based targeting

An administrator only wants to disable sharing of folders on systems where at least one of "My Documents" directories are not encrypted. The administrator chooses the following filter:

Root\cimv2 ; Select * from Win32_Directory where filename ='my documents' AND encrypted = false

Time zone-based targeting

An administrator needs to target a policy on all servers located on the East Coast of the United States. The administrator chooses the following filter:

Root\cimv2 ; Select * from win32_timezone where bias =-300

Hot fix-based targeting

An administrator only wants to apply a policy on computers that have a specific hot fix. The administrator chooses the following filter:

Root\cimv2 ; select * from Win32_QuickFixEngineering where HotFixID = 'q147222'

Further Information

The WMI SDK has a tool called cimstudio. This allows users to find a class, searching by name, description, property name, and so forth. Users can then experiment with queries on the class and optimize it before creating a new filter. For more information, see Windows Management Instrumentation in the Microsoft Platform SDK at https://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi\_start\_page.asp.