[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


GPO WMI Filter to check if a machine is a server 2000 or 2003 and it is NOT a domain controler

Posted on 2008-11-15
Medium Priority
Last Modified: 2013-12-05

Someone great with WMI filters could comment on this.  I want a "select * from" command for a WMI filter in AD GPO.

I want the filter to work in the "root\CIMV2" namespace of course. I want to check if the following is true;

A windows Server, 2000 or 2003 and NOT a domain Controler.

Thanks in advance.
Question by:PeterSinger
  • 2
  • 2
LVL 29

Accepted Solution

Michael Pfister earned 1500 total points
ID: 22974841
Instead of creating an elaborate WMI filter, why not put the DCs in OU "DCs" and the member servers in a different OU "MemberServer" and link the GPO(s) accordingly?
LVL 29

Assisted Solution

by:Michael Pfister
Michael Pfister earned 1500 total points
ID: 22974856
BTW, WMI filters are not supported on Windows 2000

Author Comment

ID: 22989518
The solution is to create a WMI filter with the following statement;
For Server 2003 and above only
Select *  from Win32_ComputerSystem where DomainRole = 3
As commented above the WMI filter will not work on a 2000 server at all.
I created a batch file and ran it in the logon section and made this policy only run at logon.
The script did a check fior the operating system then ignored windows 2000 domain controlers.
for /f "tokens=* delims=" %%a in ('ver') do @set osversion=%%a

Author Closing Comment

ID: 31517205
I placed the solution on-line to the issue but I would not have reached the solution if the comment was not made about Windows 2000 abilities re WMI filters.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question