Solved

WMI Filtering by User

Posted on 2008-06-17
6
803 Views
Last Modified: 2010-03-17
I have a single policy to the user which will enable the screen saver and password protect it. If this GPO is linked to an OU with the user charlesj, will the following WMI filter prevent the GP from applying to it?

SELECT * FROM Win32_UserAccount WHERE Name <> 'charlesj'
0
Comment
Question by:jjmartineziii
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21806146
0
 
LVL 12

Author Comment

by:jjmartineziii
ID: 21806210
That's what I'm trying to avoid. Isn't that what WMI is for or is it just for computers? I'd like to reduce the number of security groups I use.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 50 total points
ID: 21806369
You can filter by the USER rather than group if you must. Yes WMI is mainly for computers - I'm not saying it can't be used with the user object, but I've not seen it myself (now there's an invitation to someone)
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 58

Accepted Solution

by:
tigermatt earned 200 total points
ID: 21807157
The problem you have with WMI filters is you can only apply a maximum of one WMI filter per policy. It is for this reason you wouldn't use them for carrying out operations such as performing user filtering for a policy or anything else - not only does it clutter up Active Directory with WMI filters, it is overcomplicating matters for both you and the system.

WMI filters are generally used to only apply a policy to a set of computers - perhaps only Windows Vista PCs. That is what they are best for.

With that said, you can either move all the users the policy should apply to into their own OU, then link this policy there, or alternatively, use security filtering as KCTS has already suggested. I would always try to use the OU method unless you have to use security filtering.

-tigermatt
0
 
LVL 6

Expert Comment

by:aces4all2008
ID: 21808815
KCTS and Tigermatt - Please correct me if I'm wrong but isn't Win32_UserAccount used to query a computer's SAM repository?  Wouldn't that query just return computers that have local accounts with the name 'charlesj'?  I haven't worked used wmi filtering with AD much but I've dome quite a bit of scripting and I know if I used that query in a script it wouldn't return and AD object.  I'm pretty sure that if filtering must be used the only viable solution short of writing the LDAP filter by hand is to use security filtering like you both advised.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21810585
I've no idea, because I hardly ever use WMI filters, for the reasons I posted in http:#a21807157. It's bulky and really not necessary for the task at hand.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question