Solved

WMI Filtering by User

Posted on 2008-06-17
6
809 Views
Last Modified: 2010-03-17
I have a single policy to the user which will enable the screen saver and password protect it. If this GPO is linked to an OU with the user charlesj, will the following WMI filter prevent the GP from applying to it?

SELECT * FROM Win32_UserAccount WHERE Name <> 'charlesj'
0
Comment
Question by:jjmartineziii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21806146
0
 
LVL 12

Author Comment

by:jjmartineziii
ID: 21806210
That's what I'm trying to avoid. Isn't that what WMI is for or is it just for computers? I'd like to reduce the number of security groups I use.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 50 total points
ID: 21806369
You can filter by the USER rather than group if you must. Yes WMI is mainly for computers - I'm not saying it can't be used with the user object, but I've not seen it myself (now there's an invitation to someone)
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 58

Accepted Solution

by:
tigermatt earned 200 total points
ID: 21807157
The problem you have with WMI filters is you can only apply a maximum of one WMI filter per policy. It is for this reason you wouldn't use them for carrying out operations such as performing user filtering for a policy or anything else - not only does it clutter up Active Directory with WMI filters, it is overcomplicating matters for both you and the system.

WMI filters are generally used to only apply a policy to a set of computers - perhaps only Windows Vista PCs. That is what they are best for.

With that said, you can either move all the users the policy should apply to into their own OU, then link this policy there, or alternatively, use security filtering as KCTS has already suggested. I would always try to use the OU method unless you have to use security filtering.

-tigermatt
0
 
LVL 6

Expert Comment

by:aces4all2008
ID: 21808815
KCTS and Tigermatt - Please correct me if I'm wrong but isn't Win32_UserAccount used to query a computer's SAM repository?  Wouldn't that query just return computers that have local accounts with the name 'charlesj'?  I haven't worked used wmi filtering with AD much but I've dome quite a bit of scripting and I know if I used that query in a script it wouldn't return and AD object.  I'm pretty sure that if filtering must be used the only viable solution short of writing the LDAP filter by hand is to use security filtering like you both advised.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21810585
I've no idea, because I hardly ever use WMI filters, for the reasons I posted in http:#a21807157. It's bulky and really not necessary for the task at hand.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question