How to configure WMI filters for Group Policy to better manage your Windows clients

Using the Windows Administration Infrastructure framework, Windows administrators can create filters that apply GPO creatively to provide more granularity about system administration in Active Directory.

  Businessman explaining the plan

Image: iStockphoto / BongkarnThanyakij

Administrators responsible for managing Windows clients of all sizes have long known the virtues of implementing Group Policy to manage software and security settings to block devices in corporate networks. The flexibility of being able to centrally manage customers by applying policies to devices attached to an Active Directory (AD) domain allows IT professionals to be as holistic or granular in their device management as needed.

Due to their intertwined nature, much of how, when and why the policies are applied will depend on the design structure of the AD scheme and how the devices are stored within the organizational units. However, despite our best efforts, administrators at one time or another find scenarios that require a configuration that the existing design structure does not allow. Other times, as in larger forests, policies should only be implemented in all devices that meet specific requirements with others that do not meet these requirements, effectively ignoring that policy.

For cases like these or those that require a bit more granularity when implemented in specific systems or groups of systems, a Windows Management Instrumentation (WMI) filter will be your best option. By creating a custom filter and assigning it to one or more policies, this will ensure that the respective policies only act on devices that meet the criteria stipulated expressly in the filter, regardless of where that policy is linked within the hierarchy.

SEE: How to choose between Windows, macOS and Linux (Free PDF) (TechRepublic)

Below, I have illustrated some scenarios where WMI filters serve effectively with which implement a policy in a group of target devices with minimal administrative effort. In addition, once the WMI filters have been created, they can be accessed and reused as necessary.

Requirements to create our custom filters

Server running Windows Server 2008 R2 or later and the following functions:

  • Active Directory Domain Services
  • Windows 7 or later PC
  • Administration Tools Remote Server for Windows
  • Domain Administrator Credentials

How to create a filter that points to 64-bit operating systems only

  1. Start the Group Policy Management Console (GPMC) Change the domain controller ( if necessary) in which you want to create the WMI filter. Expand domains | Domain name | WMI filter nodes.
  2. Right-click on the root of the WMI filter node, then click New in the context menu to open the window and create a new filter.
  3. In the Name text box, enter a descriptive name of what the purpose of the filter is. In addition, in the Description text box, you can optionally enter a more detailed description of the actions that the WMI filter will provide.
  4. Click the Add button to complete the namespace entry. By default, the root CIMv2 namespace will be added. Depending on the expected action of the WMI filter, this may or may not change. For the purposes of this exercise, let's leave it as is.
  5. We will modify the query that is the logic that will be executed in the namespace to create our filtering capacity. In this case, in the Query text box, enter the following query:
  select * from Win32_OperatingSystem where OSArchitecture = "64-Bit" 

6. Click on the OK button to save the query, then click on the Save button to save the filter.

How to create a filter that targets only the server's operating systems

1. Follow steps 1-4 to create a filter that points only to 64-bit operating systems (above). Enter the following query:

  select * Win32_OperatingSystem where Version as "10.0%" and ProductType = "3" 

2. Click on the OK button to save the query, then click on the Save button to save the filter.

How to create a filter that points only to a specific brand / model computer

1. Follow steps 1-4 in the previous section. Enter the following query:

  select * Win32_ComputerSystem where Manufacturer = "Hewlett-Packard" and Model = "HP ProBook 640 G2" or Model = "HP ProBook 640 G3" 

2. Click on the OK button to save the query, then click on the Save button to save the filter.

How to apply WMI filters to Group Policy Objects (GPO)

  1. From the GPMC, navigate to an organizational unit where you have the desired linked GPO.
  2. Click on the GPO to view its properties. Under the Scope tab, scroll down to the bottom of the window below the WMI Filtering title.
  3. By default, the drop-down menu must be set to . Click on it to reveal the WMI filters that have been created for that domain and select the filter you want to add to the policy to enable it.

Once you become familiar with the creation of filters and their application to perform specific tasks on systems, you can begin linking and chaining WMI queries to form granular filters that are broken down into specific devices for almost infinite management reach capabilities.

See also

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. does not host or upload this material and is not responsible for the content.