asked on

Issue with GP WMI filters

Hello,

I am having an issue with WMI with a GP. The GP is working properly but when I add the WMI filter it doesn't work. This filter is suppose to remove offline files feature from desktop computers.

This is the code for the WMI filter

select * from Win32_SystemEnclosure where ChassisTypes = 1 or ChassisTypes = 2 or ChassisTypes = 3 or ChassisTypes = 4 or ChassisTypes = 5 or ChassisTypes = 6 or ChassisTypes = 7 or ChassisTypes = 13 or ChassisTypes = 15 or ChassisTypes = 16 or ChassisTypes = 17

The GP setting is

Do not automatically make redirect folders available offline.

This is under user settings.

The end result is if you are a laptop ignore this GP.

dbrs_helpdesk

ASKER

I ran this script to find out what I actually have. It says my Chassis type for my desktop computers is 15. I have set the WMI filter to this and I still get the same thing.

My WMI filter looks like this now

elect * from Win32_SystemEnclosure where ChassisTypes = 15

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colChassis = objWMIService.ExecQuery _
    ("Select * from Win32_SystemEnclosure")
For Each objChassis in colChassis
    For  Each strChassisType in objChassis.ChassisTypes
        Select Case strChassisType
            Case 1
                Wscript.Echo "Other"
            Case 2
                Wscript.Echo "Unknown"
            Case 3
                Wscript.Echo "Desktop"
            Case 4
                Wscript.Echo "Low Profile Desktop"
            Case 5
                Wscript.Echo "Pizza Box"
            Case 6
                Wscript.Echo "Mini Tower"
            Case 7
                Wscript.Echo "Tower"
            Case 8
                Wscript.Echo "Portable"
            Case 9
                Wscript.Echo "Laptop"
            Case 10
                Wscript.Echo "Notebook"
            Case 11
                Wscript.Echo "Handheld"
            Case 12
                Wscript.Echo "Docking Station"
            Case 13
                Wscript.Echo "All-in-One"
            Case 14
                Wscript.Echo "Sub-Notebook"
            Case 15
                Wscript.Echo "Space Saving"
            Case 16
                Wscript.Echo "Lunch Box"
            Case 17
                Wscript.Echo "Main System Chassis"
            Case 18
                Wscript.Echo "Expansion Chassis"
            Case 19
                Wscript.Echo "Sub-Chassis"
            Case 20
                Wscript.Echo "Bus Expansion Chassis"
            Case 21
                Wscript.Echo "Peripheral Chassis"
            Case 22
                Wscript.Echo "Storage Chassis"
            Case 23
                Wscript.Echo "Rack Mount Chassis"
            Case 24
                Wscript.Echo "Sealed-Case PC"
            Case Else
                Wscript.Echo "Unknown"
            End Select
    Next
Next

Open in new window

martin_babarik

I guess this is not exactly what you want to hear, but what about slightly different approach? Very simple solution:
1. Link the redirection policy to entire domain or OU you need.
2. Create new security group called "Desktops"
3. Remove "read and apply" permissions to this group on GPO

dbrs_helpdesk

ASKER

Do you have to add the computers to the desktops security group?

dbrs_helpdesk

ASKER

I have applied the GP for all laptops in their respective OU's. When I run a gpresult, the group policy does not show up in the list. I have forced replication and I have ran on the test workstation a gpupdate /force. Tthe final thing I have looked at was GPMC and the policy inheritance. It shows that this policy number 1 instead of the last one of the list. I don't know if that is correct.

ASKER CERTIFIED SOLUTION

martin_babarik

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

dbrs_helpdesk

ASKER

I found out that when I keep authenticated users, it works for both users and computers. Since our ad structure separates workstations and laptops I will deploy the GP to the proper OU.

Thanks for all your help.