question

MISAdmin-6413 avatar image
0 Votes"
MISAdmin-6413 asked HannahXiong-MSFT answered

WMI Filter Help For Group Policy Processing

Can someone show me the WMI Filter which will apply for Windows 7 or Windows 10 but not any Server OS?

windows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DonPickard-7259 avatar image
0 Votes"
DonPickard-7259 answered

use parentheses to group your expression
https://docs.microsoft.com/en-us/windows/win32/wmisdk/where-clause
e.g.

 SELECT * FROM Win32_LogicalDisk WHERE (Name = "C:" OR Name = "D:") 
     AND  FreeSpace > 2000000  AND   FileSystem = "NTFS"


e.g.
select * from Win32_OperatingSystem WHERE (Version like "10.%" or Version >= "6.1") AND ProductType = "1"

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered

Hello @MISAdmin-6413,

Thank you so much for posting here.

WMI filter for Windows 7:
Select * from Win32_OperatingSystem WHERE Version like "6.1%" and ProductType="1"

WMI filter for Windows 10:
select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1"

For more information, please refer to:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo#:~:text=To%20create%20a%20WMI%20filter%20that%20queries%20for,filter.%20...%206%20Click%20Add.%20More%20items...%20

For any question, please feel free to contact us.

Best regards,
Hannah Xiong

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MISAdmin-6413 avatar image
0 Votes"
MISAdmin-6413 answered

Thank you. I have seen that article but I am looking for one filter that will check all three conditions... is W7 or W10 but NOT a server OS.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered

Hello @MISAdmin-6413,

You are welcome. Thank you so much for your kindly reply.

If we need to filter W7 and W10 in one WMI, please try the below WMI filter.

Select * from Win32_OperatingSystem WHERE (Version like "6.1%") or (Version like "10.%") and ProductType="1"

For any question, please feel free to let me know.


Best regards,
Hannah Xiong

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MISAdmin-6413 avatar image
0 Votes"
MISAdmin-6413 answered

Hi. That is similar to the one I was using however, Server 2019 boxes also received the policies (unwanted). Here's what I had...

select * from Win32_OperatingSystem WHERE Version like "10.%" or Version >= "6.1" AND ProductType = "1"

Even though I had ProductType ="1", Server 2019 still received the policies. Will yours prevent the policies from being applied on Server 2019?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered

Hello @MISAdmin-6413,

Thank you so much for your kindly reply.

Yeah, I did the testing and it will prevent the policy from being applied on Server 2019. Below is the testing:

115200-image.png

115253-image.png

115261-image.png

When checking the gpresult report, we could see the below information:

On W10:
115236-image.png

On Server 2019:

115218-image.png

On server 2016:

115237-image.png

It is suggested that we could run the command gpresult /h C:\report.html on the server 2019 to get the group policy report.

For any question, please feel free to contact us.

Best regards,
Hannah Xiong



image.png (21.4 KiB)
image.png (58.1 KiB)
image.png (48.8 KiB)
image.png (30.0 KiB)
image.png (25.1 KiB)
image.png (37.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MISAdmin-6413 avatar image
0 Votes"
MISAdmin-6413 answered HannahXiong-MSFT commented

Hi. The test that you performed did not include the check for Windows 7... and including that in the same WMI filter is where this becomes tricky.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MISAdmin-6413,

Thank you so much for your kindly reply.

So sorry that there is no Windows 7 in my lab. So I could not include the check for Windows 7.

As mentioned, Windows 2019 also received the policies. Please kindly run gpresult /h C:\report.html on server 2019 and then check the group policy report. Normally, the GPO should be in the Denied GPOs.

For any question, please feel free to contact us.

Best regards,
Hannah Xiong

0 Votes 0 ·
MISAdmin-6413 avatar image
0 Votes"
MISAdmin-6413 answered

Thank you. I think Don hit on the issue with my WMI filter.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered

Hello @MISAdmin-6413,

Thank you so much for your kindly reply.

I did lots of testing about the WMI filtering. Now I could totally understand that it will become tricky if we add some filters in the same WMI filtering. In my lab, I have Windows server 2019, Windows 10 and Window 8.1.

116150-image.png

116077-image.png

Then checking the gpresult report, for the Windows server 2019, the GPO is denied due to false WMI filter.

116201-image.png

Thanks a lot.

Best regards,
Hannah Xiong



image.png (80.9 KiB)
image.png (17.9 KiB)
image.png (29.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.