easy way to apply group policy to windows clients only. no servers

Any simple wmi filters etc i can use to do this.
i want my autoupdate policy to only effect xp/vista/7 and not server 2003/2008.

I was using a wmi filter
taht says
Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

but my results say false wmi filter for win7.  XP even says that, but i think it works for xp??? not sure. i guess.  I dont know anything about wmi.
LVL 11
EricIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NoduzzCommented:
What you should do is create a seperate OU for servers etc and a seperate OU for client machines etc and then just put those machines in their respective OU's and then apply a different policy for each OU or you can just block the policy to the servers etc.
NoduzzCommented:
otherwise if you prefer to do WMI filters check this for an easier way to write them:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=09dfc342-648b-4119-b7eb-783b0f7d1178&DisplayLang=en
EricIT ManagerAuthor Commented:
i used to block the server names as i use computer policy.
now i have to many and its high maintenance.

i could do the OU i guess.  I mostly have that in place anyway. I have no override on my policy, so i would have to remove that and block inheritance?
I leave windows pc's in the default container.

I get confused sometimes when to use a computer policy vs user.  Does it really matter in this case? Figured computer would allow me to apply it to just the computers ou and not the root where I have it now.  Then i would nto need to block inheritance if I move servers.
10 Holiday Gifts Perfect for Your Favorite Geeks

Still have some holiday shopping to do for the geeks in your life? While toys, clothing, games, and gift cards are still viable options for your friends and family, there’s more reason than ever to consider gadgets and software.

EricIT ManagerAuthor Commented:
so is wmi more trouble than its worth? ie. finicky?
NoduzzCommented:
No its not really more trouble than its worth, i guess it just depends really on how big your network is and what you are using it for.  Like if you only have a couple hundred machines that are only xp and servers it might not be worth using WMI but if you have say a couple thousand machines and a ton of different flavors of windows running then it might be worth using depending on how complex OU structure is.
EricIT ManagerAuthor Commented:
default "computers" ou is not listed in the group policy mmc.
never noticed that. wtf
NoduzzCommented:
As for the no override yeah you would want to remove that and block inheritance.  As far as when to use computer policy vs user it depends on what you are trying to apply and to what you are trying to apply it to.  For instance if you want to apply a gp to specific users you would want to create a user policy etc.  As far as where to apply it, the basic way is just user policies are applied to users and computer policies are applied to computers.  That being said there is other more advanced options as well but usually thats only in special circumstances that most companies don't use.  I.E.  A special computer that you want difference policy applied for a user that normally gets another policy etc.
NoduzzCommented:
yeah thats cause computers is not an OU its a container.  There is a way that you can setup a specific OU to be the default OU for computers if you want to apply specific policies to it.  For instance i created a OU called Default Computers and made it my default ou for new computers.
EricIT ManagerAuthor Commented:
yea i played with loopback for my citrix farm. that works good after lots of playing around.
the concept of looping back user policies to machines or something is somewhat simple i guess... although its really the reason im always confused about when to use user policy vs computer. Im probably over complicating it because im scared from doing the citrix polices.
ha
EricIT ManagerAuthor Commented:
thats what I want.
ok made ou.  searching how to make it my new default place for new systems.
then i just need to move servers out.
if i forget ill remember when they reboot automatically from wu :o
NoduzzCommented:
http://support.microsoft.com/kb/324949 will show you how to change your default OU.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EricIT ManagerAuthor Commented:
found dame thing.
realized my forest was still 2000 :|
fixed that mess. I had a 2000 DC in a child domain when i updated teh root domain so i left it as 2000 forest.  Glad i found that.

done and done.

now just need to add a new pc to confirm its working.
EricIT ManagerAuthor Commented:
my win7 heap got the policy :D

im sure it will work. thanks for the advice.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.