WMI фильтры групповых политики позволяют создать дополнительные условия, в которых определяются параметры компьютеров, к которым нужно нужно применять настройки GPO. Например, с помощью WMI фильтра вы можете применить политику к компьютерам с определенным версией Windows; с определенными настройками; характеристиками оборудования (размеру RAM, HDD); на которых установлена определенная программа; к компьютерам в указанной IP подсети и т.д.
Содержание:
- Как создать и привязать WMI фильтр к GPO
- Примеры WMI запросов для фильтров GPO
- Проверка WMI фильтров с помощью PowerShell
WMI (Windows Management Instrumentation) фильтр в GPO представляет собой запрос на языке WQL (WMI Query Language). Доменный компьютер перед тем, как применить конкретный объект GPO, выполняет такой WMI запрос и опрашивает свое состояние. Если состояние компьютера соответствует условиям выполняются, такая групповая политика будет применена к компьютеру.
Как создать и привязать WMI фильтр к GPO
Для управления WMI фильтрами используется консоль управления доменными групповыми политиками .
- Откройте консоль
gpmc.msc - Перейдите в раздел WMI Filters и создайте новый фильтр
- Укажите название фильтра и описание (не обязательно)
- Нажмите Add. Выберите пространство имен WMI (в большинстве случаев используется root\CIMv2). Укажите код WMI запроса в следующем формате:
Select * from <WMI Class> WHERE <Property> = <Value>
Например, следующий WMI запрос можно использовать, чтобы применить GPO только к компьютерам с Windows 10 и 11:
Select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1"
- Теперь WMI фильтр можно привязать к GPO. Например, вы хотите, чтоб политика установки принтеров применялась только к компьютерам с Windows 10 и 11. В разделе WMI Filtering групповой политики выберите WMI фильтр, который вы создали.
- Обновите настройки GPO на клиентах. Теперь политика будет применяться только к компьютерам, которые удовлетворяют условиям WMI фильтра. Для анализа примененных политики можно использовать команду gpresult /r. Если политика действует на клиента, но не применяется из-за WMI фильтра, такая политика в отчете gpresult будет иметь статус
Filtering: Denied (WMI Filter)
и указано имя WMI фильтра.
Примеры WMI запросов для фильтров GPO
Рассмотрим часто используемые примеры WMI запросов для фильтров GPO.
В зависимости от типа ОС:
- ProductType=1 – рабочая станция (клиентская версия Windows)
- ProductType=2 – контроллер домена AD
- ProductType=3 – серверная ОС (Windows Server)
В зависимости от версии Windows:
Version like "X.X%"
- Windows Server 2016/2019/2022 и Windows 10/11 — 10.%
- Windows Server 2012 R2 и Windows 8.1 — 6.3%
- Windows Server 2012 и Windows 8 — 6.2%
- Windows Server 2008 R2 и Windows 7 — 6.1%
- Windows Server 2008 и Windows Vista — 6.0%
- Windows Server 2003 — 5.2%
- Windows XP — 5.1%
С помощью логических операторов AND и OR можно комбинировать несколько условий в WMI запросе. Например, чтобы применить GPO только к серверам с Windows Server 2019:
select * from Win32_OperatingSystem WHERE Caption LIKE "%2019%" AND Version LIKE "10.%" AND ( ProductType = "2" or ProductType = "3")
Компьютеры с 64 битными версиями Windows 10:
select * from Win32_OperatingSystem WHERE Version like "10.%" AND ProductType="1" AND OSArchitecture = "64-bit"
Компьютеры с определенным билдом Windows 11 (например, 23H2, билд 22631):
select * from Win32_OperatingSystem WHERE Caption like "%Windows 11%" AND ProductType="1" AND BuildNumber = "22631"
Применить политику только к виртуальным машинам VMWare:
SELECT Model FROM Win32_ComputerSystem WHERE Model LIKE "%VMware%"
Применить политику только к ноутбукам:
select * from Win32_ComputerSystem where PCSystemType="2"
Только к десктопным компьютерам (рабочим станциям):
select * from Win32_ComputerSystem where PCSystemType="1" or PCSystemType="3"
WMI фильтр для выбора компьютеров, чьи имена начинаются на “msk-pc
SELECT Name FROM Win32_ComputerSystem WHERE Name LIKE "msk-pc%"
Применить политику только к компьютерам в определенных IP подсетях (WMI фильтр для привязки GPO к IP подсети):
Select * FROM Win32_IP4RouteTable WHERE (Mask='255.255.255.255' AND (Destination Like '192.168.1.%' OR Destination Like '192.168.2.%'))
Компьютеры с более чем 4 ГБ RAM:
Select * from WIN32_ComputerSystem where TotalPhysicalMemory >= 4200000000
Компьютеры, на которых установлен архиватор 7ZIP:
Select * From Win32_Product where Name like "%7-Zip %"
На которых установлен Internet Explorer (по умолчанию IE удален в современных версиях Windows):
SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version>"11.0"
Проверка WMI фильтров с помощью PowerShell
WMI фильтры перед применением в GPO можно протестировать на целевых компьютерах. Это позволит понять, будет или не будет политика с таким WMI запросов применяться на определенных компьютерах. Для просмотра всех доступных WMI классов на компьютере выполните PowerShell команду:
Get-WmiObject -List
Вывести доступные атрибуты и значения WMI класса Win32_OperatingSystem:
Get-WMIObject Win32_OperatingSystem| Select *
Чтобы проверить ваш WMI запроса на компьютере и понять, соответствует ли компьютер данному запросу или нет, укажите его код в параметре -query. Например, такой WMI запрос проверяет, установлен ли на компьютере Microsoft Office:
Get-WmiObject -query 'Select * From Win32_Product where Name like "%Office 16 Click-to-Run%"'
Если такая команда возвращает в ответ список атрибутов, значит компьютер соотвествует вашему запросу и GPO с таким WMI фильтром будет применена. Если команда get-wmiobject ничего не вернула — компьютер не соответствует запросу.
В новых версиях PowerShell Core 7.x, командлет Get-WmiObject является устаревшим и вместо него нужно использовать
Get-CimInstance
.
WMI фильтры GPO позволяют создать динамические правила, в которых определяются характеристики компьютеров, к которым нужно применить групповые политики.
Создание WMI фильтров для групповых политик (GPO) в домене AD
Технология WMI фильтров в групповых политиках (GPO) позволяет более гибко применять политики на клиентов, за счет использования различных правил, позволяющих указывать WMI запросы для формирования критериев выборки компьютеров, на которые будет действовать групповая политика. К примеру, с помощью WMI фильтров GPO вы можете применить политику, назначенную на OU, только к компьютерам с ОС Windows 10 (на других версиях Windows такая политика с фильтром применяться не будет).
Для чего используются WMI фильтры GPO?
Обычно технология фильтрации групповых политик с помощью WMI (Windows Management Instrumentation) используется в ситуациях, когда объекты домена (пользователи или компьютеры) находятся в плоской структуре AD, а не в выделенном OU, либо если необходимо применить политики, в зависимости от версии ОС, ее сетевых настроек, наличию определенного установленного ПО или любом другом критерии, который можно выбрать с помощью WMI. При обработке такой групповой политики клиентом, Windows будет проверять свое состояние на соответствие указанному WMI запросу на языке WQL (WMI Query Language), и, если условия фильтра выполняются, такая GPO будет применена к компьютеру.
WMI фильтры групповых политик впервые появились еще в Windows XP, и доступны вплоть до последних версий Windows (Windows Server 2019, 2016, Windows 10, 8.1).
Как создать новый WMI фильтр и привязать его к GPO?
Чтобы создать новый WMI фильтр, откройте консоль управления доменными групповыми политиками Group Policy Management (gpmc.msc) и перейдите в раздел Forest -> Domains -> itoservice.ru -> WMI Filters. В этой секции содержатся все WMI фильтры домена. Создайте новый WMI фильтр (New).
В поле Name укажите имя фильтра, в поле Descriptions его описание (не обязательно). Чтобы добавить в фильтр WMI запрос нажмите на кнопку Add, укажите имя пространства имен WMI (по умолчанию root\CIMv2) и укажите код WMI запроса.
WMI запрос имеет следующий формат:
Select * from <WMI Class> WHERE <Property> = <Value>
В данном примере хотим создать WMI фильтр, позволяющий применить групповую политику только на компьютеры с Windows 10. Код WMI запроса может выглядеть так:
Select * from Win32_OperatingSystem where Version like «10.%» and ProductType=»1″
Созданные WMI фильтры хранятся в объектах класса msWMI-Som домена Active Directory в разделе DC=…, CN=System, CN=WMIPolicy, CN=SOM их можно найти и отредактировать с помощью консоли adsiedit.msc.
После создания WMI фильтра его можно привязать к конкретному объекту GPO. Найдите нужную политику в консоли GPMC и на вкладке Scope в выпадающем меню секции WMI Filtering выберите созданный ранее WMI фильтр. В этом примере планируется, чтобы политика автоматического назначения принтеров применялась только к компьютерам с Windows 10.
Дождитесь применения данной политики на клиентов, или обновите ее с помощью gpupdate /force . При анализе примененных политик на клиенте нужно использовать команду gpresult /r. Если политика действует на клиента, но не применяется из-за WMI фильтра, такая политика в отчете будет иметь статус Filtering: Denied (WMI Filter) и указано имя WMI фильтра.
Примеры запросов для WMI фильтров GPO
Рассмотрим различные примеры WMI фильтров GPO, который чаще всего используются.
С помощью WMI фильтра вы можете выбрать тип ОС:
- ProductType=1 – любая клиенская ОС
- ProductType=2 – контроллер домена AD
- ProductType=3 – серверная ОС (Windows Server)
Версии Windows:
- Windows Server 2016 и Windows 10 — 10.%
- Windows Server 2012 R2 и Windows 8.1 — 6.3%
- Windows Server 2012 и Windows 8 — 6.2%
- Windows Server 2008 R2 и Windows 7 — 6.1%
- Windows Server 2008 и Windows Vista — 6.0%
- Windows Server 2003 — 5.2%
- Windows XP — 5.1%
- Windows 2000 — 5.0%
Вы можете комбинировать условия выборки в WMI запросе с помощью логических операторов AND и OR. Чтобы применить политику только к серверам с Windows Server 2016, код WMI запроса будет таким:
select * from Win32_OperatingSystem WHERE Version LIKE «10.%» AND ( ProductType = «2» or ProductType = «3» )
Выбрать 32 битные версии ОС Windows 8.1:
select * from Win32_OperatingSystem WHERE Version like «6.3%» AND ProductType=»1″ AND OSArchitecture = «32-bit»
Применить политику только к 64-битным ОС:
Select * from Win32_Processor where AddressWidth = «64»
Выбрать Windows 10 с определенным билдом, например Windows 10 1803:
select Version from Win32_OperatingSystem WHERE Version like “10.0.17134” AND ProductType=”1″
Применить политику только к виртуальным машинам VMWare:
SELECT Model FROM Win32_ComputerSystem WHERE Model = “VMWare Virtual Platform”
Применить политику только к ноутбукам:
select * from Win32_SystemEnclosure where ChassisTypes = «8» or ChassisTypes = «9» or ChassisTypes = «10» or ChassisTypes = «11» or ChassisTypes = «12» or ChassisTypes = «14» or ChassisTypes = «18» or ChassisTypes = «21»
WMI фильтр, который применится только к компьютерам, чьи имена начинаются на “msk-pc“(например, для блокировки подключения USB накопителей на этих устройствах):
SELECT Name FROM Win32_ComputerSystem WHERE Name LIKE ‘msk-pc%’
Пример использования WMI фильтра для тонкого нацеливания групповой политики к IP подсетям описывается в статье WMI фильтр для привязки GPO к IP подсети. Например, чтобы применить политику к клиентам в нескольких IP подсетях, используйте фильтр:
Select * FROM Win32_IP4RouteTable WHERE (Mask=’255.255.255.255′ AND (Destination Like ‘192.168.1.%’ OR Destination Like ‘192.168.2.%’))
Применять политику к компьютерам, с количеством оперативной памяти больше 1 Гб:
Select * from WIN32_ComputerSystem where TotalPhysicalMemory >= 1073741824
WMI фильтр проверки наличия на компьютере Internet Explorer 11:
SELECT path,filename,extension,version FROM CIM_DataFile WHERE path=»\\Program Files\\Internet Explorer\\» AND filename=»iexplore» AND extension=»exe» AND version>»11.0″
Тестирование WMI фильтра с помощью PowerShell
При написании WMI запросов иногда нужно получать значения различных параметров на компьютере. Вы помете получить эти данный с помощью командлета Get-WMIObject. Например, выведем атрибуты и значения WMI класса Win32_OperatingSystem:
Get-WMIObject Win32_OperatingSystem
SystemDirectory : C:\WINDOWS\system32
Organization :
BuildNumber : 17134
RegisteredUser : Windows User
SerialNumber : 00331-10000-00001-AA494
Version : 10.0.17134
Чтобы вывести все доступные параметры класса:
Get-WMIObject Win32_OperatingSystem| Select *
Для тестирования WMI фильтров на компьютерах можно использовать PowerShell. Допустим, вы написали сложный WMI запрос и его хотите проверить (соответствует ли компьютер данному запросу или нет). Например, вы создали WMI фильтр проверки наличия IE 11 на компьютере. На целевом компьютере вы можете выполнить этот WMI запрос с помощью командлета get-wmiobject:
get-wmiobject -query ‘SELECT * FROM CIM_DataFile WHERE path=»\\Program Files\\Internet Explorer\\» AND filename=»iexplore» AND extension=»exe» AND version LIKE «11.%»‘
Если данная команда что-то возвращает, значит компьютер соответствует условиям запроса. Если команда get-wmiobject ничего не вернула — компьютер не соответствует запросу.
Например, запустив указанный запрос на компьютере с Windows 10 и IE 11, команда вернет:
Compressed : False
Encrypted : False
Size :
Hidden : False
Name : c:\program files\internet explorer\iexplore.exe
Readable : True
System : False
Version : 11.0.17134.1
Writeable : True
Это значит, что IE 11 установлен на компьютере и GPO с таким WMI фильтром будет применяться к этому компьютеру.
Итак, мы разобрались как использовать WMI фильтры для применения групповых политик только компьютерам, попадающим под условия запроса. Нужно учитывать наличие WMI фильтров при анализе причин, из-за которых не применяется политика на компьютере.
You can apply policies to clients more flexibly with WMI filters in Group Policy (GPO) by utilizing different rules. When you want to target machines to which a particular group policy should be applied, you can use a set of WMI queries (the WMI Query Language, or WQL) called WMI filters. One way to deploy a policy related to an OU is by utilizing the WMI GPO filter to restrict the policy’s use to computers running Windows 10. This way, the policy won’t apply to computers running older versions of Windows.
What are the WMI GPO filters used for?
When multiple domain objects (users or computers) are located in the flat AD structure rather than the separate OU, or when you need to apply group policies based on the OS version, network settings, installed software, or any other criteria that can be selected using WMI, you can use group policy filtering using WMI (Windows Management Instrumentation). Upon processing a group policy by the client, Windows will verify if it meets with the requested WMI query. If it does, the GPO will be implemented on this particular computer.
Create a New WMI Filter and Link it to a GPO
To create a new WMI filter, open the Group Policy Management console (gpmc.msc and go to Forest -> Domains -> woshub.com -> WMI Filters. This section contains all WMI filters in the AD domain. Create a new WMI filter (New).
WMI Filters
Once a WMI filter has been developed, it can be linked to a particular GPO. Locate the desired policy in the GPMC console, then choose your WMI filter from the drop-down list in the WMI Filtering section on the Scope tab. For the purposes of this example, I wish would restrict the policy to Windows 11 computers only.
Please wait for group policy update, or manually update it using the gpupdate /force command. Use the gpresult /r command to see the policies that have been applied to the client.
The policy will show the status Filtering: Denied (WMI Filter) in the gpresult report if it impacts the client but isn’t applicable because of the WMI filter restrictions.
The policy will show the status of WMI filtering policy in the result report, the group policy is being applied to win11 machine.
GPO WMI Filtering Examples
Let’s explore the several WMI GPO filter examples that are most frequently utilized.
You can select the OS type by using the WMI filter:
- ProductType=1 – any desktop Windows edition;
- ProductType=2 – Active Directory domain controller;
- ProductType=3 – Windows Server.
Windows versions:
- Windows Server 2016 and Windows 10 — 10.%
- Windows Server 2012 R2 and Windows 8.1 — 6.3%
- Windows Server 2012 and Windows 8 — 6.2%
- Windows Server 2008 R2 and Windows 7 — 6.1%
- Windows Server 2008 and Windows Vista — 6.0%
- Windows Server 2003 — 5.2%
- Windows XP — 5.1%
- Windows 2000 — 5.0%
WARNING: Please make sure you test these filters fully and confirm they are correct for your use case before applying them to a production environment.
Below is the collection of WMI filters that have collected over the years to assist with narrowing group policy object scopes.
WMI FILTER FOR OPERATING SYSTEM TYPE
WMI FILTER FOR DESKTOP OPERATING SYSTEMS
The below WMI filter is for all windows workstation operating systems.
select * from Win32_OperatingSystem where ProductType="1"
WMI FILTER FOR SERVER OPERATING SYSTEMS (DOMAIN CONTROLLERS ONLY)
The below WMI filter is for all windows server operating systems and are domain controllers.
select * from Win32_OperatingSystem where ProductType="2"
WMI FILTER FOR SERVER OPERATING SYSTEMS (MEMBER SERVERS ONLY)
The below WMI filter is for all windows server operating systems and are not domain controllers.
select * from Win32_OperatingSystem where ProductType="3"
WMI FILTER FOR SERVER OPERATING SYSTEMS (DOMAIN CONTROLLERS AND MEMBER SERVERS)
select * from Win32_OperatingSystem where ProductType="2" or ProductType="3"
WMI FILTER FOR COMPUTER SYSTEM TYPE
WMI FILTER FOR STANDALONE WORKSTATION
select * from Win32_ComputerSystem where DomainRole="0"
WMI FILTER FOR MEMBER WORKSTATION
select * from Win32_ComputerSystem where DomainRole="1"
WMI FILTER FOR STANDALONE SERVER
select * from Win32_ComputerSystem where DomainRole="2"
WMI FILTER FOR MEMBER SERVER
select * from Win32_ComputerSystem where DomainRole="3"
WMI FILTER FOR BACKUP DOMAIN CONTROLLER
select * from Win32_ComputerSystem where DomainRole="4"
WMI FILTER FOR PRIMARY DOMAIN CONTROLLER (PDC)
select * from Win32_ComputerSystem where DomainRole="5"
This is the domain controller that holds the PDC FSMO role
WMI FILTER FOR WINDOWS DESKTOP OPERATING SYSTEMS
WMI FILTER FOR WINDOWS 11 OPERATING SYSTEM VERSION
WMI filter for all Windows 11 Versions
select * from Win32_OperatingSystem where Version like "10.0.2%" and ProductType="1"
WMI filter for Windows 11 (23H2)
select * from Win32_OperatingSystem where Version like "10.0.22631%" and ProductType="1"
WMI filter for Windows 11 (22H2)
select * from Win32_OperatingSystem where Version like "10.0.22621%" and ProductType="1"
WMI filter for Windows 11 (21H2)
select * from Win32_OperatingSystem where Version like "10.0.22000%" and ProductType="1"
WMI FILTER FOR WINDOWS 10 OPERATING SYSTEM VERSION
WMI filter for all Windows 10 Versions
select * from Win32_OperatingSystem where Version like "10.0.1%" and ProductType="1"
WMI filter for Windows 10 (22H2)
select * from Win32_OperatingSystem where Version like "10.0.19045%" and ProductType="1"
WMI filter for Windows 10 (21H2)
select * from Win32_OperatingSystem where Version like "10.0.19044%" and ProductType="1"
WMI filter for Windows 10 (21H1)
select * from Win32_OperatingSystem where Version like "10.0.19043%" and ProductType="1"
WMI filter for Windows 10 (20H2)
select * from Win32_OperatingSystem where Version like "10.0.19042%" and ProductType="1"
WMI filter for Windows 10 (2004)
select * from Win32_OperatingSystem where Version like "10.0.19041%" and ProductType="1"
WMI filter for Windows 10 (1909)
select * from Win32_OperatingSystem where Version like "10.0.18363%" and ProductType="1"
WMI filter for Windows 10 (1903)
select * from Win32_OperatingSystem where Version like "10.0.18362%" and ProductType="1"
WMI filter for Windows 10 (1809)
select * from Win32_OperatingSystem where Version like "10.0.17763%" and ProductType="1"
WMI filter for Windows 10 (1803)
select * from Win32_OperatingSystem where Version like "10.0.17134%" and ProductType="1"
WMI filter for Windows 10 (1709)
select * from Win32_OperatingSystem where Version like "10.0.16299%" and ProductType="1"
WMI filter for Windows 10 (1703)
select * from Win32_OperatingSystem where Version like "10.0.15063%" and ProductType="1"
WMI filter for Windows 10 (1607)
select * from Win32_OperatingSystem where Version like "10.0.14393%" and ProductType="1"
WMI filter for Windows 10 (1511)
select * from Win32_OperatingSystem where Version like "10.0.10586%" and ProductType="1"
WMI filter for Windows 10 (1507)
select * from Win32_OperatingSystem where Version like "10.0.10240%" and ProductType="1"
WMI FILTER FOR WINDOWS 8 AND 8.1 OPERATING SYSTEM VERSIONS
WMI filter for Windows 8 and 8.1
select * from Win32_OperatingSystem where (Version like "6.3%" and ProductType="1") or (Version like "6.2%" and ProductType="1")
WMI FILTER FOR WINDOWS 8.1 OPERATING SYSTEM VERSION
WMI filter for Windows 8.1
select * from Win32_OperatingSystem where Version like "6.3%" and ProductType="1"
WMI FILTER FOR WINDOWS 8 OPERATING SYSTEM VERSION
WMI filter for Windows 8
select * from Win32_OperatingSystem where Version like "6.2%" and ProductType="1"
WMI FILTER FOR WINDOWS 7 OPERATING SYSTEM VERSION
WMI filter for Windows 7
select * from Win32_OperatingSystem where Version like "6.1%" and ProductType="1"
WMI FILTER FOR WINDOWS VISTA OPERATING SYSTEM VERSION
WMI filter for Windows Vista
select * from Win32_OperatingSystem where Version like "6.0%" and ProductType="1"
WMI FILTER FOR WINDOWS XP OPERATING SYSTEM VERSION
WMI filter for Windows XP
select * from Win32_OperatingSystem where (Version like "5.1%" or Version like "5.2%") and ProductType="1"
WMI FILTER FOR WINDOWS 2000 OPERATING SYSTEM VERSION
WMI filter for Windows 2000
select * from Win32_OperatingSystem where Version like "5.0%" and ProductType="1"
WMI FILTER FOR WINDOWS SERVER OPERATING SYSTEMS
STANDARD WINDOWS SERVER RELEASE CHANNEL (LTSC)
WMI filter for Windows Server 2022
select * from Win32_OperatingSystem where Version like "10.0.20348%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2019
select * from Win32_OperatingSystem where Version like "10.0.17763%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2016
select * from Win32_OperatingSystem where Version like "10.0.14393%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2012 R2
select * from Win32_OperatingSystem where Version like "6.3%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2012
select * from Win32_OperatingSystem where Version like "6.2%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2008 R2
select * from Win32_OperatingSystem where Version like "6.1%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2008
select * from Win32_OperatingSystem where Version like "6.0%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2003 and Windows Server 2003 R2
select * from Win32_OperatingSystem where Version like "5.2%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2000
select * from Win32_OperatingSystem where Version like "5.0%" and (ProductType="2" or ProductType="3")
ANNUAL WINDOWS SERVER RELEASE CHANNEL (AC)
WMI filter for Windows Server 23H2
select * from Win32_OperatingSystem where Version like "10.0.25398%" and (ProductType="2" or ProductType="3")
SEMI-ANNUAL WINDOWS SERVER RELEASE CHANNEL (SAC)
WMI filter for Windows Server 20H2
select * from Win32_OperatingSystem where Version like "10.0.19042%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 2004
select * from Win32_OperatingSystem where Version like "10.0.19041%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 1909
select * from Win32_OperatingSystem where Version like "10.0.18363%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 1903
select * from Win32_OperatingSystem where Version like "10.0.18362%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 1809
select * from Win32_OperatingSystem where Version like "10.0.17134%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 1803
select * from Win32_OperatingSystem where Version like "10.0.16299%" and (ProductType="2" or ProductType="3")
WMI filter for Windows Server 1709
select * from Win32_OperatingSystem where Version like "10.0.14393%" and (ProductType="2" or ProductType="3")
WMI FILTER FOR 64-BIT AND 32-BIT OPERATING SYSTEMS
WMI filter for 64-bit operating systems
select * from Win32_Processor where AddressWidth = "64"
WMI filter for 32-bit operating systems
select * from Win32_Processor where AddressWidth = "32"
WMI FILTER FOR HOSTNAME
WMI filter for a device with a spesific hostname.
select * from Win32_ComputerSystem where Name like "computer-name"
WMI filter for devices with the same starting hostname format. (example hostnames: PC01, PC02, PC03, PC04)
select * from Win32_ComputerSystem where Name like "PC%"
WMI FILTER FOR SYSTEM MANUFACTURER
select * from Win32_ComputerSystem where Manufacturer like "%Dell%"
To find the system manufacturer, run: wmic computersystem get manufacturer
WMI FILTER FOR SYSTEM MODEL
select * from Win32_ComputerSystem where Name like "%XPS%"
To find the system model, run: wmic computersystem get model
WMI FILTER FOR DESKTOPS
select * from Win32_ComputerSystem where PCSystemType="1" or PCSystemType="3"
WMI FILTER FOR LAPTOPS
select * from Win32_ComputerSystem where PCSystemType="2"
WMI FILTER FOR DAY OF THE WEEK (MON/TUE/WED/THU/FRI/SAT/SUN)
WMI filter for Monday
select DayOfWeek from Win32_LocalTime where DayOfWeek="1"
WMI filter for Tuesday
select DayOfWeek from Win32_LocalTime where DayOfWeek="2"
WMI filter for Wednesday
select DayOfWeek from Win32_LocalTime where DayOfWeek="3"
WMI filter for Thursday
select DayOfWeek from Win32_LocalTime where DayOfWeek="4"
WMI filter for Friday
select DayOfWeek from Win32_LocalTime where DayOfWeek="5"
WMI filter for Saturday
select DayOfWeek from Win32_LocalTime where DayOfWeek="6"
WMI filter for Sunday
select DayOfWeek from Win32_LocalTime where DayOfWeek="7"
WMI filter for multiple days (Example uses Monday, Tuesday, and Friday)
select DayOfWeek from Win32_LocalTime where DayOfWeek="1" or DayOfWeek="2" or DayOfWeek="5"
WMI FILTER FOR HARD DRIVE TYPE (SSD/HDD)
WMI filter for SSD based systems
select * from MSFT_PhysicalDisk where MediaType="4"
WMI filter for HDD based systems
select * from MSFT_PhysicalDisk where MediaType="3"
So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!
Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .
You can also share the feedback on below windows techno email id.If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.
Was this article helpful?
YesNo
Every now and then during Windows 10 deployments we need to use WMI filters for group policy objects, there are simply no better way of doing this, without a lot of work. WMI is simple to use and demands little maintenance.
There WMI filters may also come handy since there are group policy settings that only applies to one or two builds.
So here are some examples, ready to use for all operating system.
There are three queries for all operating system, 64-bit, 32-bit and both.
Note! Due to performance do NOT use Select * instead use Select Version as in the queries below, Why? See this article Using group policy WMI filters computers booting slow?
Windows 10 1703
select Version from Win32_OperatingSystem WHERE Version like “10.0.15063” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.15063” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.15063” AND ProductType=”1″
Windows 10 1607
select Version from Win32_OperatingSystem WHERE Version like “10.0.14393” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.14393” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.14393” AND ProductType=”1″
Windows 10 1511
select Version from Win32_OperatingSystem WHERE Version like “10.0.10586” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.10586” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.10586” AND ProductType=”1″
Windows 10 1507
select Version from Win32_OperatingSystem WHERE Version like “10.0.10240” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.10240” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.0.10240” AND ProductType=”1″
Windows 10 all builds
select Version from Win32_OperatingSystem WHERE Version like “10.%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “10.%” AND ProductType=”1″
Windows 7, 8 and 8.1 (all versions before 10)
select Version from Win32_OperatingSystem WHERE Version like “6.%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.%” AND ProductType=”1″
Windows 8.1
select Version from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″
Windows 8
select Version from Win32_OperatingSystem WHERE Version like “6.2%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.2%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.2%” AND ProductType=”1″
Windows 7
select Version from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
select Version from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″
In the ever-evolving landscape of Windows enterprise environments, IT administrators continually seek efficient ways to deploy targeted Group Policy settings. Windows Management Instrumentation (WMI) filters provide a powerful mechanism to apply GPOs with surgical precision, ensuring policies reach exactly the right systems at the right time. This post explores both fundamental and creative applications of WMI filters that can transform your Group Policy management strategy.
Understanding WMI Filters: The Basics
WMI filters act as gatekeepers for Group Policy Objects (GPOs), evaluating whether a policy should apply to a particular system. These filters query system properties through WMI classes to make this determination. Before a GPO processes, the system evaluates its associated WMI filter, and only proceeds if the query returns true.
The syntax follows standard WMI Query Language (WQL), which resembles SQL:
Select [properties] from [WMI class] where [conditions]
Real-World Example: Updating Server Version Filters
Consider this scenario: You have a GPO with a WMI filter targeting domain controllers running Windows Server
Select * from Win32_OperatingSystem WHERE (ProductType = 3) AND (Version LIKE ’10.%’) OR (Version >= ‘6.2%’)
However, you now need to include older Server 2008 systems. The solution involves adjusting the version number check, as Server 2008 uses version 6.0 and Server 2008 R2 uses 6.1:
Select * from Win32_OperatingSystem WHERE (ProductType = 3) AND ((Version LIKE ’10.%’) OR (Version >= ‘6.0%’))
This modified filter will match all domain controllers running Windows Server 2008 and newer versions.
Operating System Targeting Reference
When creating WMI filters, precisely targeting specific Windows versions is a common requirement. Here’s a comprehensive reference for targeting various Windows operating systems:
Windows Client Operating Systems
Windows 11
Select * from Win32_OperatingSystem WHERE Version LIKE ’10.%’ AND BuildNumber >= 22000
Windows 10
Select * from Win32_OperatingSystem WHERE Version LIKE ’10.%’ AND BuildNumber < 22000
Combination: Windows 10 and 11 Only
Select * from Win32_OperatingSystem WHERE Version LIKE ’10.%’
Combination: Windows 8 and Later (Excluding Server)
Select * from Win32_OperatingSystem WHERE Version >= ‘6.2%’ AND ProductType = 1
Windows Server Operating Systems
Windows Server 2022
Select * from Win32_OperatingSystem WHERE Version LIKE ‘10.0%’ AND BuildNumber >= 20348 AND ProductType > 1
Windows Server 2019
Select * from Win32_OperatingSystem WHERE Version LIKE ‘10.0%’ AND BuildNumber >= 17763 AND BuildNumber < 20348 AND ProductType > 1
Windows Server 2016
Select * from Win32_OperatingSystem WHERE Version LIKE ‘10.0%’ AND BuildNumber >= 14393 AND BuildNumber < 17763 AND ProductType > 1
Windows Server 2012 R2
Select * from Win32_OperatingSystem WHERE Version LIKE ‘6.3%’ AND ProductType > 1
Special Combinations
All Domain Controllers
Select * from Win32_OperatingSystem WHERE ProductType = 2
All Member Servers (Non-DC Server OS)
Select * from Win32_OperatingSystem WHERE ProductType = 3
All Server Operating Systems
Select * from Win32_OperatingSystem WHERE ProductType > 1
All Desktop Operating Systems
Select * from Win32_OperatingSystem WHERE ProductType = 1
Server 2012 and Newer
Select * from Win32_OperatingSystem WHERE ((Version LIKE ’10.%’) OR (Version >= ‘6.2%’)) AND ProductType > 1
Physical Machines Only (No VMs)
Select * from Win32_ComputerSystem WHERE Model NOT LIKE ‘%Virtual%’
Architecture-Based Filters
64-bit Systems Only
Select * from Win32_OperatingSystem WHERE OSArchitecture = ’64-bit’
32-bit Systems Only
Select * from Win32_OperatingSystem WHERE OSArchitecture = ’32-bit’
Performance Considerations: WMI Filters vs. Item-Level Targeting
It’s important to understand the performance implications when deciding between WMI filters and item-level targeting:
Processing Differences
- WMI Filters: Applied at the GPO level before any policy settings are processed. If the filter evaluates to false, the entire GPO is skipped, saving processing time for all contained settings.
- Item-Level Targeting: The GPO itself is always processed, but individual settings within the policy will be applied or skipped based on targeting criteria. This means the Group Policy engine still has to evaluate the entire GPO, even if many settings are ultimately not applied.
Performance Impact
Both mechanisms create a similar overhead in terms of the WMI queries themselves, but they differ in when that overhead is incurred:
- With WMI filters, the overhead happens early in the Group Policy processing cycle, potentially eliminating subsequent processing entirely.
- With item-level targeting, the Group Policy processing happens first, followed by additional overhead for each targeted item.
Best Practice Recommendations
- For Entire Policy Application: Use WMI filters when an entire GPO should apply (or not apply) to a computer or user.
- For Granular Control: Use item-level targeting when you need different settings within the same GPO to apply to different subsets of computers or users.
- Minimize Complexity: Whether using WMI filters or item-level targeting, keep the queries as simple as possible while achieving your goal.
- Consider Consolidation: Where possible, consolidate GPOs with similar WMI filters to reduce overall processing time.
- Test and Benchmark: Always test the performance impact of your filters in a non-production environment, especially for large deployments.
By understanding these performance considerations, you can make informed decisions about when to use WMI filters versus item-level targeting to achieve your management goals with minimal impact on system performance.
Creative WMI Filter Scenarios
Let’s explore some innovative applications of WMI filters that can address specific administrative challenges:
Targeting Systems with Limited RAM
Apply resource-conservative settings to machines with constrained memory:
Select * from Win32_ComputerSystem WHERE TotalPhysicalMemory < 8589934592
This targets systems with less than 8GB of RAM, allowing you to disable memory-intensive features.
Systems with Multiple CPUs/Cores
Deploy performance optimization settings only to high-performance workstations:
Select * from Win32_Processor WHERE NumberOfCores > 8
Specific Machine Models
Target policies to particular hardware models, ideal for manufacturer-specific drivers or settings:
Select * from Win32_ComputerSystem WHERE Model LIKE ‘%Razer%’
Apply region-specific policies based on IP subnet:
Select * from Win32_NetworkAdapterConfiguration WHERE IPEnabled = True AND IPAddress LIKE ‘192.168.10.%’
Apply stricter security policies to VPN-connected machines:
Select * from Win32_NetworkAdapter WHERE NetConnectionID LIKE ‘%VPN%’ AND NetEnabled = True
Apply special configurations to newly deployed systems after the date specified:
Select * from Win32_OperatingSystem WHERE InstallDate > ‘20250409000000.000000-000’
Target systems that may need rebooting with a notification policy, before the date spcified:
Select * from Win32_OperatingSystem WHERE LastBootUpTime < ‘20250209000000.000000-000’
Apply enhanced security or specialized settings to executive machines:
Select * from Win32_ComputerSystem WHERE Name LIKE ‘BearWrk-%’
Deploy developer-friendly settings to development machines:
Select * from Win32_ComputerSystem WHERE (Name LIKE ‘Dev-%’) OR (DNSHostName LIKE ‘%.bear.dev’)
Apply database-specific performance tuning only to s SQL server:
Select * from Win32_Service WHERE Name LIKE ‘MSSQL%’ AND State = ‘Running’
Deploy emergency security measures to unprotected systems that have no Defender running:
Select * from Win32_Service WHERE Name LIKE ‘%defender%’ AND State <> ‘Running’
Apply VM-specific optimizations:
Select * from Win32_ComputerSystem WHERE Model LIKE ‘%Virtual%’
Target only battery-powered devices:
Select * from Win32_Battery WHERE BatteryStatus IS NOT NULL
Apply emergency power settings to systems with critically low battery:
Select * from Win32_Battery WHERE EstimatedChargeRemaining < 10
This targets systems with less than 10GB free on the C: drive.
Select FreeSpace from Win32_LogicalDisk WHERE DeviceID=’C:’ AND FreeSpace < 10737418240
Apply policy to SSD-specific devices:
Select * from Win32_DiskDrive WHERE MediaType LIKE ‘%SSD%’
This targets NVIDIA GPUs with more than 4GB VRAM:
Select * from Win32_VideoController WHERE AdapterRAM > 4294967296 AND Name LIKE ‘%NVIDIA%’
Best Practices for WMI Filter Management
- Test thoroughly: Always validate filters in test environments before deploying to production.
- Document meticulously: Maintain clear documentation about each filter’s purpose and conditions.
- Monitor performance: Complex WMI filters can add processing overhead. Use the simplest effective query.
- Use naming conventions: Adopt a consistent naming scheme for your WMI filters.
- Validate with PowerShell: Test your queries using PowerShell’s
Get-WmiObjectorGet-CimInstancebefore implementing as filters. - Understand scope and precedence: Remember that WMI filters are evaluated before a GPO applies, adding an additional layer to Group Policy processing.
Troubleshooting WMI Filters
When WMI filters don’t work as expected, try these steps:
- Verify the syntax using PowerShell to execute the query directly on target systems
- Check the WMI event logs for errors
- Ensure WMI service is running properly on target systems
- Validate permissions for filter execution
Conclusion
WMI filters represent one of the most flexible tools in an administrator’s Group Policy arsenal. By moving beyond basic OS version filtering to implement creative scenarios like those outlined above, you can achieve unprecedented control over your environment.
The examples provided here just scratch the surface of what’s possible. The real power comes when you combine multiple conditions to create targeted, nuanced policy deployment that adapts to your organization’s specific needs.