Configuring WMI filtering
Windows Management Instrumentation (WMI) filtering allows the
scope of a GPO to be dynamically determined based on attributes of
the target computer. WMI filters are queries written using the WMI
Query Language (WQL), a SQL-like language. An example of a WMI
filter is the following:
select Version from Win32_OperatingSystem where
Version like "6.2%" and ProductType = "1"
The preceding query filters based on whether the target
computer is running Windows 8. Configuring this query as a WMI
filter for a GPO will result in the GPO being applied only to
computers running Windows 8. To create and link this filter to a
GPO, you do the following:
-
Right-click the WMI Filters node in the GPMC, and select
New to open the New WMI Filter dialog box.
-
Give the new filter a name and, optionally, a
description.
-
Click Add, and type your query in the Query field of the
WMI Query dialog box. Then click OK to return to the New WMI
Filter dialog box:
-
Click Save to save your query. The new filter will be
displayed beneath the WMI Filters node.
-
Select the GPO you want to link the filter to, and switch
to the Scope tab.
-
In the WMI Filtering section on the Scope tab, select the
filter you created from the list of available filters. Click Yes
when the confirmation dialog box is displayed.
Important
Performance impact of WMI filters
Although security filtering is fast, WMI filtering can be
slow. Improper use of WMI filtering can therefore have a
significant performance impact on how Group Policy is processed
and applied. As a result, you should be sure to test the
performance of any WMI filter before you deploy it in your
production environment. Examples of WMI filters that usually
evaluate quickly include filters that query for registry keys or
environment variables. WMI filters that might evaluate slowly
include filters that query the CIM_DataFile namespace or for
installed products using the MSI database.
Note
REAL WORLD Alternative to WMI
filtering
An alternative to using WMI filtering in many scenarios is
to use the Item-Level Targeting feature of Group Policy
Preferences, which allows you to change the scope of individual
preferencesso that they apply only to the specified users or
computers. For example, by using Item-Level Targeting, you can
allow a preference item to be applied only if the targeted
computer has a battery, has a certain amount of free disk space
available, has an IP address within a specified range of
addresses, and so on.
Backing up and restoring GPOs
You can use the GPMC to back up your GPOs. You can also
restore a deleted or previous version of an existing GPO, copy a
GPO, import the settings from a GPO, or migrate a GPO to a different
domain. By backing up GPOs, you can quickly restore your Group
Policy infrastructure in the event of a disaster.
To back up a specific GPO, follow these steps:
-
Right-click on the GPO, and select Back Up to open the
Backup Group Policy Object dialog box.
-
Specify the path to the location where you want to store
the backup.
You can also back up all GPOs in a domain as follows:
-
Right-click on the Group Policy Objects node, and select
Back Up.
-
Specify the path to the location where you want to store
the backup.
After you back up GPOs, you can manage your backups by
right-clicking on the Group Policy Objects node and selecting Manage
Backups.