WMI Filtering by User
I have a single policy to the user which will enable the screen saver and password protect it. If this GPO is linked to an OU with the user charlesj, will the following WMI filter prevent the GP from applying to it?
SELECT * FROM Win32_UserAccount WHERE Name <> 'charlesj'
SELECT * FROM Win32_UserAccount WHERE Name <> 'charlesj'
Brian Pierce
No need to use WMI - just use security filtering - see http://technet2.microsoft.com/windowsserver/en/library/65424a58-aff3-4e1e-a3a1-59878cbcf0051033.mspx?mfr=true
ASKER
That's what I'm trying to avoid. Isn't that what WMI is for or is it just for computers? I'd like to reduce the number of security groups I use.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
KCTS and Tigermatt - Please correct me if I'm wrong but isn't Win32_UserAccount used to query a computer's SAM repository? Wouldn't that query just return computers that have local accounts with the name 'charlesj'? I haven't worked used wmi filtering with AD much but I've dome quite a bit of scripting and I know if I used that query in a script it wouldn't return and AD object. I'm pretty sure that if filtering must be used the only viable solution short of writing the LDAP filter by hand is to use security filtering like you both advised.
I've no idea, because I hardly ever use WMI filters, for the reasons I posted in http:#a21807157. It's bulky and really not necessary for the task at hand.