Skip to main content

GPO and WMI Filters

WMI Filters and GPOs are powerful when used in combination (though evaluating MWI filters may slow down policy processing). Just a few quick examples:

For settings that may need to be applied to workstations, but not servers one could go with something like this -

WMI queries for workstations vs. servers
 

​SELECT * FROM Win32_OperatingSystem WHERE (ProductType <> "2") AND (ProductType <> "3")     ​- workstations
​SELECT * FROM Win32_OperatingSystem WHERE ProductType = "1"     ​- workstations

ProductType 1 = Desktop OS
ProductType 2 = Server OS – Domain Controller
ProductType 3 = Server OS – Not a Domain Controller


For things like Bitlocker policy that needs to be applied to laptops only one could go with something like this -

WMI queries for laptops vs. desktops
​SELECT * FROM Win32_Battery WHERE (BatteryStatus <> 0)     ​- presence of a battery indicates laptop
​SELECT * FROM Win32_PhysicalMemory WHERE (FormFactor = 12)     ​- SODIMM memory indicates laptop

If you want a quick test for certain WMI values on a computer – use WMI command line tool (wmic) -



Here are some helpful links - 


Comments

Popular posts from this blog

Skype for Business and VTC Interoperability

Skype for Business (SfB) has a very, very strong potential, I have written about it in my previous post. I can't think of any other platform that shows as much promise in terms of bridging personal and business communications as well as unifying different modes and mediums. And all of this may have started with a strategic acquisition of Skype by Microsoft in 2011.

That said, the road ahead is not without challenges. For example, interoperability with other platforms. Making SfB work with existing Video TeleConferencing (VTC) systems, many of which represent significant capital investments in organizations' infrastructure, could be of a particular importance.

After reading statements like Skype for Business is based on Session Initiation Protocol (SIP) standards and supports H.264 (MPEG-4 video coding standard) one can come to a quick conclusion that integration and/or interoperability with other VTC solutions is easy or nearly automatic. Unfortunately, the industry is not qui…

PoSh Disable and Move AD Users

A quick and easy way to disable user accounts and move them into designated OU:

Import-Csv "C:\TEMP\users.csv" | ForEach-Object { `      $u=$_."sAMAccountName"; $l="Disabling and moving: " +$u; write-output $l; `      Get-ADUser -Identity $u | `      Disable-ADAccount -PassThru | `      Move-ADObject -TargetPath "OU=Disabled Users,OU=Organization,DC=domain,DC=local"
Input is provided via a CSV file:
users.csv (username) sAMAccountName  jdoe1  jdoe2  jdoe3  jdoe4  jdoe5  

To generate input file run something like this, review and edit as necessary:
Search-ADAccount –UsersOnly –AccountInactive –TimeSpan 180.00:00:00 | `      where {$_.enabled} | `      Get-ADUser | `      select sAMAccountName | `      Export-Csv -Path "C:\TEMP\users.csv"

WordPress displays weird characters

Sometimes after a database conversion (e.g. from MySQL to MariaDB) or due to encoding issues a situation might arise when WordPress is showing weird characters. A quick way of remedying the situation would involve examining the pages to discover a pattern (what characters are being substituted, in the example below the apostrophe was replaced by â€™) then running an queries against the database to reverse the effect. Here's a quick example (common tables that store content):



UPDATE wp_posts SET post_content = REPLACE(post_content, 'Â', '')     UPDATE wp_posts SET post_content = REPLACE(post_content, '’', "'")     UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, 'Â', '')     UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, '’', "'")     
Please, keep in mind that to permanently resolve the issue you would need to get to the root of the problem and may need to adjust encoding, run a databas…