• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

I have a User lockdown GPO that I want to apply to windows XP machines only.

Is there anyway to target Windows XP machines only with a WMI filter? I have tried using a WinXP filter with a Query like; Select * from Win32OperatingSystem WHERE BuildNumber=2600.
I do not want the w2k machines on the network to be effected.
Thanks in advance
0
sweetaz
Asked:
sweetaz
  • 4
  • 3
  • 2
1 Solution
 
mdiglioCommented:
Hello,
You are doing this the correct way.
The problem is that windows 2000 machines do not see wmi filters, so the GPO is always applied
WMI filters are meant for XP and 2003 machines.

The options you have are:

1) place your W2K machines in a different GPO.
2) perhaps you can place your W2K Machines in a specific group and use security filtering to prevent them from reading the GPO.

#1 is the way I would recommend, unless there is something preventing you from doing that.

Applying WMI Filters
http://technet2.microsoft.com/WindowsServer/en/Library/7cae3dab-b973-4905-9e47-00a638241da91033.mspx?mfr=true
0
 
mdiglioCommented:
If your GPO contains policies under the user configuration, then #2 won't work for you
0
 
Netman66Commented:
WMI filters only work for XP - they do not work for Windows 2000 so there is no way to prevent the GPO from applying to them.

Your only options is to create 1 security group - for the 2000 accounts.  
Add the new Security Group to the ACL then check Apply Group Policy under DENY.

This will filter out the 2000 boxes by denying them the ability to apply the GPO.

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Netman66Commented:
Sorry about that mdiglio - didn't mean to repeat your posts!



0
 
mdiglioCommented:
No problem...I can do that a few times a day
0
 
sweetazAuthor Commented:
Mmm thats what I thought unfortunately they are User GPO's. I will have to work something else out....
Thanks for your input!

0
 
mdiglioCommented:
What about the suggestions for creating a new OU for these W2K machines?
That should work just fine
0
 
sweetazAuthor Commented:
As it is a User GPO putting the W2k machines in a seperate OU to the XP machines will not stop the policies being applied. Unless I am very much mistaken.
I have tried putting the XP computers in a security group and using GPO Security Filtering to apply it those machines only but it doesnt seem to work.
0
 
sweetazAuthor Commented:
I will try what Netman66 suggests and use a deny for the windows 2k machines In GPO security filtering rather than a read for the XP machines.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now