Link to home
Create AccountLog in
Avatar of ReefIT
ReefIT

asked on

WMI Filter to Apply GPO by Group Policy

I have an SBS 2003 Domain with a couple of remote offices connected via private WAN links.  There is a local network attached multifunction at each office and I want to apply scripts to install the local mulifunction for end users at each site who travel around with laptops.  There are only Domain Controllers at the head office.

So if user A with laptop connects to remote office B they get an IP address 192.168.11.* and should have the GPO with the printer script for office B applied.

I assume this can be detected with WMI but since I have never scripted in WMI before I have no idea, can someone give me the script and instructions for one then I can modify it for all the other offices GPO.
Avatar of Scraigfamily
Scraigfamily
Flag of United States of America image

I found a possible answer to your WMI question. If the WMI filter is successful, you could like separate GPO's at the domain or site level that run your printer GPO settings based up the default gateway address for the client at the specific site.  If the default gateway is for site A, then GPOa would apply via the WMI filter.

Select * from Win32_NetworkAdapterConfiguration where DefaultIPGateway='10.0.0.1'

If that works, to add more subnets try somethng like...

Select * from Win32_NetworkAdapterConfiguration where (DefaultIPGateway='10.0.0.1' OR DefaultIPGateway='10.1.0.1')
Avatar of ReefIT
ReefIT

ASKER

What name space should this be running in?

I tried it with the default namespace, root\CIMv2, but the GPO is showing access denied on the client
I believe room\CIMv2 is correct.
Is the GPO being denied because of the WMI filter or is it due to permissions on the GPO?  Make sure the security settings on the GPO allows all systems (authenitcated users will include all systems) to Read and Apply the GPO and then the WMI filter will reduce it down to systems that meet the WMI criteria.
The GPMC tool is a free download from micrsoft and allows you to run Resultant Set of Policy reports against a particular systems and it reports if the system or user meets the GPO security and WMI filter results to apply a particular GPO.

Regards,
Steve
ASKER CERTIFIED SOLUTION
Avatar of Scraigfamily
Scraigfamily
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of ReefIT

ASKER

Thanks for the help guess i need to do this a differnet way
There actually is a way to use a WMI filter based on default gateway in a GPO:

Select * FROM Win32_IP4RouteTable WHERE Destination='0.0.0.0' AND NextHop='10.0.0.1'

Thanks to Xinjitzu for this solution!