Solved

WMI query for computers that DO NOT have Remote Desktop Servers installed

Posted on 2014-10-13
6
254 Views
Last Modified: 2014-10-20
Hi,

I need a group policy to run on all servers that DO NOT have Remote Desktop Services installed.

I can easily find which servers that DO have Remote Desktop Services installed as follows:

select * from Win32_OperatingSystem  WHERE ProductType="2"  OR ProductType="3"
select * from Win32_ServerFeature WHERE ID = 18

(http://msdn.microsoft.com/en-us/library/cc280268(v=vs.85).aspx shows that ServerFeature ID 18 = Remote Desktop Services)

the problem I have is that if I change the query to: select * from Win32_ServerFeature WHERE ID != 18 - then this will return true if any other feature is installed and I do not get the desired result.

can anyone help?

many thanks

jack
0
Comment
Question by:jackbenson
  • 3
  • 3
6 Comments
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40377847
You can add a query that checks for the "TermService" service. All Remote Desktop Services requires it to run. This should filter out all servers with it installed.

SELECT * FROM Win32_Service WHERE Name != 'TermService'
0
 
LVL 1

Author Comment

by:jackbenson
ID: 40378432
Joshua

thanks for your reply.
 
on the server running RDS this query returned all the services that were not Terminal Services that was installed on the machine and therefore the Group Policy was applied to the machine

on the server that was not running RDS - but had the ability to remote desktop to it enabled - it also returned true.

jack
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 500 total points
ID: 40379716
I think your best bet would be to add all of the RDS servers into a security group and deny them read access to the group policy you do not want applied
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:jackbenson
ID: 40391482
thanks - I was worried that I would have to do that - means I need to remember to add servers to the group in future

thanks for your help

jack
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40391915
No problem Jack, sorry there wasn't a WMI answer ;/
0
 
LVL 1

Author Comment

by:jackbenson
ID: 40391922
thanks for trying
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now