Announcement

Collapse
No announcement yet.

WMI Filtering

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • WMI Filtering

    Yo:

    So, I have to push out 1 of 2 reg keys, depending on if the OS is 32-bit or 64-bit. I have 2 Group Policy objects created, one for each scenario. I have 2 WMI filters set up, one each each OS type. I've found a few 32/64 queries online, but with out luck, so far.

    One of them is:
    Code:
    SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth ='32'
    Another is:
    Code:
    Select * from Win32_Processor where AddressWidth ='32'
    Another is:
    Code:
    select * from Win32_Processor where DeviceID="CPU0" and AddressWidth="32"
    Substituting 64 in each case for the 64-bit filter, of course.

    Like I said, none of these queries works. Can anyone advise?

    Server: 2008 R2, Clients: W7 32/64

    Thanks!

  • #2
    Re: WMI Filtering

    Given it is Server 2008, use Group Policy Preferences and Item Level Targetting
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: WMI Filtering

      Also, concur. WMI filters are generally something I tend to avoid and use Security Filtering and Item level targeting as recommended when feasible.

      Comment


      • #4
        Re: WMI Filtering

        Also concur, this option to link a GPO to a WMI filter is something you best use only as a temporay work around i.e when restructuring is going on. The WQL filters will be processed for every account in the linked OU and, I should say it does process remarkable slow. Additionally, each filter used will slowing down the logon even more. Multiple WMI filters can sometimes cause a general time out in gpo processing during logon.

        The SQL filter on its own should have worked btw,
        SELECT * FROM Win32_Processor WHERE AddressWidth = 32
        maybe there're some other problem?
        What HIVE must be updated in the registry? Is the item configured in the gpo under Computer configuration-preferences-Registry or under User configuration preferences? What is the 'Action' type? What's the client's OSes. What else is in the same WMI filter?


        Ossion mensioned it already, for Registry preferences you can use Item-level targetting, you find it on the Common tab.
        Or else, You can also use a startup/logon script to edit the registry.


        /Rems
        Last edited by Rems; 8th June 2012, 14:19.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: WMI Filtering

          Thanks everyone for replying. I did look at item level and did not see a 32/64 filter there. (Under OSes, there are a few 64-bit options, but they're for Enterprise or Ultimate or 2008 and such. We're on Pro).

          So, even at item level, it looks like I need the WMI option.

          And, I'm afraid that in my frustration, I left out some info. Okay, here's the story, as brief as I can be. Please see the attached screens for the keys, paths, etc.:

          So, I was able to get the 64-bit one working just fine, piece of cake, no problem. But, I didn't know that that was a 64-bit only path as the name Wow6432Node seemed to imply it was for both. So the programmer says: No, this same key also needs to get created under a different path for 32-bit machines. I come back with: Is there any harm, you think, in pushing out both? He thinks not, and I concur.

          So I push out both (all just testing at this point). Now the 32-bit policy is overriding the 64-bit policy. Changing order doesn't help. I decide I need to do filtering.

          So where I'm at, is: With all 3 of the WMI queries tried, a 64-bit test box is still only getting the 32-bit policy. You can see from the "results" screenshot that the 32-bit policy is winning. I'm assuming that that is because it's not filtering correctly. I love to assume! (I think I have to assume it's because of the filtering. If filtering was working, there wouldn't be a conflict to resolve. Right?)

          So, that's where I'm at and why I'm here.

          Thanks again, guys!
          Attached Files

          Comment


          • #6
            Re: WMI Filtering

            Originally posted by shmengie View Post
            So, even at item level, it looks like I need the WMI option.
            That is just one of the options you have with Item-level targeting.
            Infact a WMI query normally is prosessing very fast on a computer but when it is configured in a wmi filter set on the gpo it slows down the GPO processing.
            It could be that when this WMI query is configured at Item Level it does not cause much of a delay (never tested it myself).


            Originally posted by shmengie View Post
            Is there any harm, you think, in pushing out both? He thinks not, and I concur.
            For this entry it will not break anything on the computer when the registry key for 64 bit Os is pushed to a 32 bits OS computer, however I would not recommend it. It turns the registry into a soup, for you as an administrator that would not be convenient (i.e. see the Item-level targeting solution below).

            An other option to determine whether the OS is 64-bit with Item-level targeting:
            add a new “Registry Match” item. Match Type is “Key exists”. The Hive is “HKEY_LOCAL_MACHINE”, the “Key path” is “Software\Wow6432Node\Microsoft\Silverlight”. [, ect.]
            When the item is finish you can copy it and modify the pasted new registry item so it suits for the 32 bits version of silverlight.

            /Rems

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment


            • #7
              Re: WMI Filtering

              Thanks, Rems. I thought that was going to work, but there's something screwy going on. Even after deleting the Silverlight_32 policy, it's still winning. (Although, now that it's deleted, it shows the SID instead of the name). Weird.

              Well, it's not a large rollout, so I've got the reg keys on a thumbdrive and will just hit the desks and install. I'll have to sit down and look at this when I get a chance, but I need to roll it out this week, so it's easier to just do it than troubleshoot it.

              Thanks everybody for your help. (BTW, if anyone can think of why a unlinked, then deleted policy would still be winning, I could sure use the help!)

              Comment

              Working...
              X