Browse All Articles > WMI Filtering
Unless you've been hiding under a rock you know that Microsoft will be releasing a new version of Windows this summer (2015). As administrators of Active Directory and managers of group policy we use WMI filtering to set and apply group policy objects to different versions of Windows, clients / servers, desktops and laptops. For instance, we want the policy to be applied only to laptops and not desktops, or to client operating systems and not server operating systems.
The examples below might be familiar as it is a common way to apply a GPO to all Versions of Windows after 7. It would also automatically work for Windows 8 and Windows 8.1 but it will fail for Windows 10.
WMI Filtering is another tool to put in your active directory toolbox. Order of execution of Group Policy Objects
Policies in hierarchy are located. (L-S-D-OU)
WMI Filters are checked.
Security settings are checked.
Only then after everything has passed does the policy get applied.
So we find all the policies that exist in the user/computer’s Local, Site, Domain, and OU hierarchy. Then we determine if the WMI filter evaluates as TRUE. Then we verify that the user/computer has Read and Apply Group permissions for the GPO. This means that WMI filters are still less efficient than hierarchical linking, but can definitely use filters to make decisions in a non-hierarchical Active Directory design. Many SysAdmins don't like WMI Filtering since is is the slowest of them all and the query can take a relatively long time on slower machines. Test on your slowest machine in a LAB environment first. Having a hierarchical Active Directory is good but it can be a bear to manage. What you give with one hand you take away with another.
You can have a group policy that runs on a specific day of the week
For instance on Mondays
![2015-06-01-23-22-30.png]()
On the weekend
!["2015-06-01-23-22-30.png" t]()
The query didn't return anything so it is false
!["2015-06-01-23-27-06.png" t]()
Result is True
Another example is for older operating systems
Enabling UAC on all machines for everyone including Admins is a good idea except for SERVERCORE machines
Always test your query with WBEMTEST which is included in the operating system of every OS that supports WMI. Then click Connect, leave it as root\cimv2, then click Query, and paste in your query as-is, then click Apply. If you get 0 objects returned that is a False, 1 object returned is a True
Used sparingly WMI filters can be a great item to add to your list of tools.
The examples below might be familiar as it is a common way to apply a GPO to all Versions of Windows after 7. It would also automatically work for Windows 8 and Windows 8.1 but it will fail for Windows 10.
select * from Win32_OperatingSystem where Version >= “6.1”
Unfortunately, WMI does the comparison as a string and not a number. This means that Version “10” is actually lower than “6.0” as 1 is lower that 6. So now we have to change our previously working WMI filter to:
select * from Win32_OperatingSystem where Version like “10.%” or Version >=”6.1″
Note: The same is also true for Windows Server 2016 as it has the same OS version number. This is why I've created this new article
WMI Filtering is another tool to put in your active directory toolbox. Order of execution of Group Policy Objects
Policies in hierarchy are located. (L-S-D-OU)
WMI Filters are checked.
Security settings are checked.
Only then after everything has passed does the policy get applied.
So we find all the policies that exist in the user/computer’s Local, Site, Domain, and OU hierarchy. Then we determine if the WMI filter evaluates as TRUE. Then we verify that the user/computer has Read and Apply Group permissions for the GPO. This means that WMI filters are still less efficient than hierarchical linking, but can definitely use filters to make decisions in a non-hierarchical Active Directory design. Many SysAdmins don't like WMI Filtering since is is the slowest of them all and the query can take a relatively long time on slower machines. Test on your slowest machine in a LAB environment first. Having a hierarchical Active Directory is good but it can be a bear to manage. What you give with one hand you take away with another.
You can have a group policy that runs on a specific day of the week
For instance on Mondays
select DayOfWeek from Win32_LocalTime where DayOfWeek = 1
On the weekend
select DayOfWeek from Win32_LocalTime where DayOfWeek > 5
During the Work Week
select DayOfWeek from Win32_LocalTime where DayOfWeek < 6
One use of this is to have a different screensaver running on a specific day of the week or during the weekend.
The query didn't return anything so it is false
Result is True
Another example is for older operating systems
SELECT Version FROM Win32_OperatingSystem WHERE Version < "6"
will return true for Windows XP, Windows Server 2003, Sorry WMI isn't available for W2K.
Enabling UAC on all machines for everyone including Admins is a good idea except for SERVERCORE machines
Always test your query with WBEMTEST which is included in the operating system of every OS that supports WMI. Then click Connect, leave it as root\cimv2, then click Query, and paste in your query as-is, then click Apply. If you get 0 objects returned that is a False, 1 object returned is a True
ANY WINDOWS DESKTOP OS
Any Windows Desktop OS
select * from Win32_OperatingSystem WHERE (ProductType <> "2") AND (ProductType <> "3")
Any Windows Desktop OS – 32-bit
select * from Win32_OperatingSystem WHERE ProductType = "1" AND NOT OSArchitecture = "64-bit"
Any Windows Desktop OS – 64-bit
select * from Win32_OperatingSystem WHERE ProductType = "1" AND OSArchitecture = "64-bit"
WINDOWS XP
Windows XP
select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1"
Windows XP – 32-bit
select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows XP – 64-bit
select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND OSArchitecture = "64-bit"
WINDOWS VISTA
Windows Vista
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1"
Windows Vista – 32-bit
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows Vista – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND OSArchitecture = "64-bit"
WINDOWS 7
Windows 7
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1"
Windows 7 – 32-bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 7 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"
WINDOWS 8
Windows 8
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1"
Windows 8 – 32-bit
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 8 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND OSArchitecture = "64-bit"
WINDOWS 8.1
Windows 8.1
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1"
Windows 8.1 – 32-bit
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 8.1 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND OSArchitecture = "64-bit"
WINDOWS 10
Windows 10
select * from Win32_OperatingSystem WHERE Version like "10.%" AND ProductType="1"
Windows 10 – 32-bit
select * from Win32_OperatingSystem WHERE Version like "10.%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 10 – 64-bit
select * from Win32_OperatingSystem WHERE Version like "10.%" AND ProductType="1" AND OSArchitecture = "64-Bit"
SERVERS
ANY WINDOWS SERVER OS
Any Windows Server OS
select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3")
Any Windows Server OS – 32-bit
select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND NOT OSArchitecture = "64-bit"
Any Windows Server OS – 64-bit
select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND OSArchitecture = "64-bit"
Any Windows Server – Domain Controller
select * from Win32_OperatingSystem where (ProductType = "2")
Any Windows Server – Domain Controller – 32-bit
select * from Win32_OperatingSystem where (ProductType = "2") AND NOT OSArchitecture = "64-bit"
Any Windows Server – Domain Controller – 64-bit
select * from Win32_OperatingSystem where (ProductType = "2") AND OSArchitecture = "64-bit"
Any Windows Server – Non-Domain Controller
select * from Win32_OperatingSystem where (ProductType = "3")
Any Windows Server – Non- Domain Controller – 32-bit
select * from Win32_OperatingSystem where (ProductType = "3") AND NOT OSArchitecture = "64-bit"
Any Windows Server – Non-Domain Controller – 64-bit
select * from Win32_OperatingSystem where (ProductType = "3") AND OSArchitecture = "64-bit"
WINDOWS SERVER 2003
Windows Server 2003 – DC
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2"
Windows Server 2003 – non-DC
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3"
Windows Server 2003 – 32-bit – DC
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 – 32-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND OSArchitecture = "64-bit"
Windows Server 2003 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND OSArchitecture = "64-bit"
WINDOWS SERVER 2003 R2
Windows Server 2003 R2 – DC
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2"
Windows Server 2003 R2 – non-DC
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3"
Windows Server 2003 R2 – 32-bit – DC
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 R2 – 32-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
Windows Server 2003 R2 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND OSArchitecture = "64-bit"
Windows Server 2003 R2 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND OSArchitecture = "64-bit"
WINDOWS SERVER 2008
Windows Server 2008 – DC
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2"
Windows Server 2008 – non-DC
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3"
Windows Server 2008 – 32-bit – DC
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
Windows Server 2008 – 32-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
Windows Server 2008 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND OSArchitecture = "64-bit"
Windows Server 2008 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND OSArchitecture = "64-bit"
WINDOWS SERVER 2008 R2
Windows Server 2008 R2 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="2"
Windows Server 2008 R2 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="3"
WINDOWS SERVER 2012
Windows Server 2012 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="2"
Windows Server 2012 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="3"
WINDOWS SERVER 2012 R2
Windows Server 2012 R2 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="2"
Windows Server 2012 R2 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="3”
WINDOWS SERVER 2016 PREVIEW
Windows Server 2016 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like "10.%" AND ProductType="2"
Windows Server 2016 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like "10.%" AND ProductType="3”
Used sparingly WMI filters can be a great item to add to your list of tools.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)