[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

WMI filter to block policy based upon server name

Posted on 2007-10-01
9
Medium Priority
?
4,613 Views
Last Modified: 2008-05-31
How do I use a WMI filter to block a policy from being applied to a particular server based upon server name?
0
Comment
Question by:stvbrx
  • 4
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 19995214
It's a lot easier to create a Security Group, add the server to it then add the Security Group to the ACL of the GPO with a Deny - Apply Group Policy entry.

0
 
LVL 11

Expert Comment

by:kamalgopi
ID: 19995821
yup this is rite , i have done this same setup in one of my clients. and it works like charm

Cheers:)
Kamal
0
 

Author Comment

by:stvbrx
ID: 19995843
Yes, I know I can do it with a sec. group, but I was trying to use the wmi filter.  
(I'm trying to learn how to us this feature.)

Is it possible at all?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 51

Accepted Solution

by:
Netman66 earned 1000 total points
ID: 19997460
Yes, however you can only attach one WMI filter to a GPO and only XP and newer OSes actually can use it.  Windows 2000 does not understand WMI filters and will ignore them.


You'll need to make a true or false WMI query (I'm guessing you need a false query) this way if the query is false the GPO applies.

This example would only apply the GPO to XP Professional:

Root\CimV2; Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"


This may work:

Root\CimV2; Select * from Win32_ComputerSystem where name = "servername"
 

 
0
 

Author Comment

by:stvbrx
ID: 19997837
thanks Netman66!
0
 

Author Comment

by:stvbrx
ID: 20016076
I applied the policy as described with the server having deny permissions in the properties, but when I rdp to the server, it still shows up before the windows login screen!  
The legal banner statements do not exist in the registry of the server.
Why is this happening?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20017688
Explain to me, in detail where the GPO is, whether computer or user configurations are being set and how you setup the security on the policy.

The legal caption is a computer setting - are you sure you're setting ACE's on the correct policy?
0
 

Author Comment

by:stvbrx
ID: 20017729
GPO is applied at the top level of the domain.  (just below Default policy).
Settings are computer based.
Security settings:
Auth Users Read/apply
Security group I created: Deny Read/Deny Apply
And all other default sec. settings

What does ACE stand for?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20018507
ACE=Access Control Entry.

Okay, this setting is registry-based.  You'll have to create a new policy with only the new security group on it then leave everything blank - it should reverse the setting from the other policy.

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month19 days, 18 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question