?
Solved

WMI Filtering by User

Posted on 2008-06-17
6
Medium Priority
?
815 Views
Last Modified: 2010-03-17
I have a single policy to the user which will enable the screen saver and password protect it. If this GPO is linked to an OU with the user charlesj, will the following WMI filter prevent the GP from applying to it?

SELECT * FROM Win32_UserAccount WHERE Name <> 'charlesj'
0
Comment
Question by:jjmartineziii
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21806146
0
 
LVL 12

Author Comment

by:jjmartineziii
ID: 21806210
That's what I'm trying to avoid. Isn't that what WMI is for or is it just for computers? I'd like to reduce the number of security groups I use.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 150 total points
ID: 21806369
You can filter by the USER rather than group if you must. Yes WMI is mainly for computers - I'm not saying it can't be used with the user object, but I've not seen it myself (now there's an invitation to someone)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 58

Accepted Solution

by:
tigermatt earned 600 total points
ID: 21807157
The problem you have with WMI filters is you can only apply a maximum of one WMI filter per policy. It is for this reason you wouldn't use them for carrying out operations such as performing user filtering for a policy or anything else - not only does it clutter up Active Directory with WMI filters, it is overcomplicating matters for both you and the system.

WMI filters are generally used to only apply a policy to a set of computers - perhaps only Windows Vista PCs. That is what they are best for.

With that said, you can either move all the users the policy should apply to into their own OU, then link this policy there, or alternatively, use security filtering as KCTS has already suggested. I would always try to use the OU method unless you have to use security filtering.

-tigermatt
0
 
LVL 6

Expert Comment

by:aces4all2008
ID: 21808815
KCTS and Tigermatt - Please correct me if I'm wrong but isn't Win32_UserAccount used to query a computer's SAM repository?  Wouldn't that query just return computers that have local accounts with the name 'charlesj'?  I haven't worked used wmi filtering with AD much but I've dome quite a bit of scripting and I know if I used that query in a script it wouldn't return and AD object.  I'm pretty sure that if filtering must be used the only viable solution short of writing the LDAP filter by hand is to use security filtering like you both advised.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21810585
I've no idea, because I hardly ever use WMI filters, for the reasons I posted in http:#a21807157. It's bulky and really not necessary for the task at hand.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question