Windows Server 2012 : Planning, implementing, and managing Group Policy (part 9) - Configuring WMI filtering

Configuring WMI filtering

Windows Management Instrumentation (WMI) filtering allows the scope of a GPO to be dynamically determined based on attributes of the target computer. WMI filters are queries written using the WMI Query Language (WQL), a SQL-like language. An example of a WMI filter is the following:

select Version from Win32_OperatingSystem where
Version like "6.2%" and ProductType = "1"

The preceding query filters based on whether the target computer is running Windows 8. Configuring this query as a WMI filter for a GPO will result in the GPO being applied only to computers running Windows 8. To create and link this filter to a GPO, you do the following:

1. Right-click the WMI Filters node in the GPMC, and select New to open the New WMI Filter dialog box.

2. Give the new filter a name and, optionally, a description.

3. Click Add, and type your query in the Query field of the WMI Query dialog box. Then click OK to return to the New WMI Filter dialog box:

   

4. Click Save to save your query. The new filter will be displayed beneath the WMI Filters node.

5. Select the GPO you want to link the filter to, and switch to the Scope tab.

6. In the WMI Filtering section on the Scope tab, select the filter you created from the list of available filters. Click Yes when the confirmation dialog box is displayed.

Important

Performance impact of WMI filters

Although security filtering is fast, WMI filtering can be slow. Improper use of WMI filtering can therefore have a significant performance impact on how Group Policy is processed and applied. As a result, you should be sure to test the performance of any WMI filter before you deploy it in your production environment. Examples of WMI filters that usually evaluate quickly include filters that query for registry keys or environment variables. WMI filters that might evaluate slowly include filters that query the CIM_DataFile namespace or for installed products using the MSI database.

Note

REAL WORLD Alternative to WMI filtering

An alternative to using WMI filtering in many scenarios is to use the Item-Level Targeting feature of Group Policy Preferences, which allows you to change the scope of individual preferencesso that they apply only to the specified users or computers. For example, by using Item-Level Targeting, you can allow a preference item to be applied only if the targeted computer has a battery, has a certain amount of free disk space available, has an IP address within a specified range of addresses, and so on.

Backing up and restoring GPOs

You can use the GPMC to back up your GPOs. You can also restore a deleted or previous version of an existing GPO, copy a GPO, import the settings from a GPO, or migrate a GPO to a different domain. By backing up GPOs, you can quickly restore your Group Policy infrastructure in the event of a disaster.

To back up a specific GPO, follow these steps:

1. Right-click on the GPO, and select Back Up to open the Backup Group Policy Object dialog box.

2. Specify the path to the location where you want to store the backup.

You can also back up all GPOs in a domain as follows:

3. Right-click on the Group Policy Objects node, and select Back Up.

4. Specify the path to the location where you want to store the backup.

After you back up GPOs, you can manage your backups by right-clicking on the Group Policy Objects node and selecting Manage Backups.