¿La competencia del filtro de WMI - es usted el caballero en armadura brillante?
Recepción a “La búsqueda para el filtro santo del tablero del escritorio WMI”, esto es una búsqueda global para lo que usted podría llamar “El filtro perfecto del tablero del escritorio WMI". Un filtro de WMI que, usando el lenguaje de interrogación de WMI (WQL), debe poder manchar las computadoras DE ESCRITORIO solamente. Debe ser una pregunta general - significado que debe ser posible utilizar el filtro en la mayoría de los ambientes activos del directorio alrededor del globo para la filtración de la política del grupo.
¿Así pues, cuál es un tablero del escritorio realmente? Bien, realmente en este caso diremos que es el contrario de una computadora portátil. ¿Hmm, entonces cuál es una computadora portátil? Bastante fácil: ¡una computadora con una batería! Tenemos el filtro de WMI para encontrar las computadoras portátiles ya:
Seleccione * de Win32_Battery - ¿usted justo no ama la simplicidad en esta pregunta?
Este filtro hará que una computadora con una batería responde detrás con “VERDAD” (porque el caso de la clase de WMI está presente), significando un GPO con este filtro se aplicará a las computadoras con las baterías. ¿La derecha simple? Y usted puede ser que piense que es fácil apenas “darle vuelta alrededor” a los tableros del escritorio del hallazgo, como:
¡Seleccione * de Win32_Battery donde disponibilidad! = 2
o
Seleccione * de Win32_Battery donde NO ESTÁ NULA la disponibilidad
o
“Donde no X tiene gusto de Y” o lo que
Está quizá, él no está quizá… ¡Pienso que es duro bastante maldito! ¡Para manchar las computadoras portátiles habríamos podido probar las clases Win32_PortableBattery, Win32_PCMCIAController, Win32_POTSModem también - pero pienso de alguna manera que la mayoría de la gente convendrá, que el “ting esencial”, que hace una computadora portátil una computadora portátil, es de hecho la presencia de la batería!
¡Pero, nuestras pruebas para manchar los TABLEROS DEL ESCRITORIO solamente (las máquinas sin una batería - sí, sé que ésta incluirá los servidores como ellos un “inmóvil” también) no han sido un éxito todavía! ¿Probablemente apenas necesitamos el sintaxis correcto? ¡Y aquí es adonde usted consigue en el cuadro!
¿Puede usted agrietar abierto esta tuerca? ¡Hay un precio fresco!
Este comenzado todo en una lista que envía para los individuos de la política del grupo y las muchachas - GPTalk llamado - creadas y mantenidas por el gurú y MVP Darren de Group Policy Estropean-Elia - a individuo detrás GPOguy.com y Software de SDM. Usted puede ensamblar la lista LA DERECHA AQUÍ y participe en esta competencia a GANE una copia libre de:
GPExpert™ que localiza averías Pak
¡PERO usted tiene que ser la primera persona para agrietar esta cosa, allí será solamente UN GANADOR que podría ser usted!
Evaluaré respuestas entrantes - Primero en entrar, primero en salir: " Primero adentro primero hacia fuera" method is used. Hopefully we'll see the most simple solution first - simplicity works, right? Actually I wouldn't know in this case would I...
One important thing! We will ask you kindly to TEST any WMI query submissions before sending them to everybody on the list. During your testing, you should use a tool to verify the WMI filter against a minimum of 2 desktops and 2 laptops. You can use the free WMI Filter Validation Tool to test you WMI filters in your environment. Personally I’m also using Scriptomatic version 2 and WBEMTEST for finding the available classes, items, queries etc.
Please have a look at the "rules" further down!
Why do this? Well, because it's fun - and useful at the same time... When looking at it generally, the purpose of this filter is to say: "I want these user settings to apply, but only when the user logs on to stationary machines". This can be used for a lot of security related setting, eg. in the case where Automatically cached Offline Files/Folders are unwanted on stationary machines for certain users etc. The job of most WMI filters placed on User policies is to limit which machines the policy setting(s) should apply to (even though WMI filters could check for user specific things too). Besides from that it's a nice challenge, we can pretty easily "spot" laptops, as they have batteries – and desktops don’t, but that’s not good enough for Mr. WQL, is it?!
Stuff we have tried - and the rules
We’ve been around solutions looking for Win32_SystemEnclosure > ChassisType before - which basically doesn’t work in a WMI filter because that’s an Array (and yes, I've also seen lots of posts on forums out there claiming that particular class is the solution – but for WMI/WQL queries it’s not). If would work in a script (because you can add additional logic to scripts), but we are searching for a WMI Filter - not workarounds of any kind!
As mentioned we tried with the Win32_Battery WMI class. However, as desktops don’t know this class at all, they'll return FALSE no matter what. Basically a desktop computer is gonna say “Heck, I don’t know anything about that class *Panic* I’m out!” – or just “False”... Bummer!
We have also tried PowerSupplyState, Win32_DesktopMonitor, Win32_DisplayConfiguration, Win32_SystemSlot, Win32_Fan and other classes – just haven’t found the perfect “this is definitely a desktop WMI item value or class”…
We're basically looking for something like:
A) Select * from Win32_SomeClassOnlyDesktopsHave
Or
B )Select * from Win32_SomeClass.SomeItem = “SomeValueOnlyDesktopsHave”
Or
C) Some way of saying “if you don’t know the class (eg. Win32_Battery), then apply the GPO anyway”
Again, the “quest” is to find the perfect, *universal*, way of spotting “Non-laptops” or Desktops – it can of course be done by looking for some special computer Manufacturer/Model, BIOS version, specific hardware driver or whatever – but that stuff it most likely gonna be different from environment to environment. Also, if we all just used computer names like “DESKxxx” for desktops and “LAPTxxx” for laptops, we could have used WMI filters for computer name – but unfortunately that’s not the case - or at least I won't consider that a valid solution :)
The thing is, that normally it’s the LAPTOPS that have special hardware – like Batteries and built-in Modems, PCMCIA slots etc. – so they are pretty easy to find. With desktop computers it’s another story – hope you can help us out here!
Please, again, we know lot’s of “workarounds”, but what we need is a *WMI filter* and it has to return *TRUE* for *DESKTOPS* (or let’s call the NON-LAPTOPS or NON-PORTABLES, it doesn’t really matter).
Remember, simplicity works - maybe the answer/solution is pretty straight forward? Feel free to post any additional questions to the mailing list!
Another example of what has been tried
We could maybe try to go for presence of PCI (and not Mini-PCI) or AGP slots, as we expect most desktops to have PCI slots (and laptops to have Mini-PCI, but that would depend on the form factor) – or maybe AGP (but does onboard VGA count as AGP? Any PCI VGA cards left out there? Yeah, probably...). If not we could maybe go for something like this:
A) Select * From Win32_SystemSlot Where SlotDesignation = “PCI%”
Or
B) Select * From Win32_SystemSlot Where SlotDesignation = “AGP”
However, this is not accepted as a solution as we cannot say that all desktop computers have AGP slots. But - maybe you can convince us otherwise?
Other cool Group Policy information:
You'll find additional Group Policy information at these sites:
www.gpanswers.com - The home of Group Policy guru and MVP Jeremy Moskowitz, check out the community there too!
TechNet Group Policy Forum - A brand new Group Policy forum on Microsoft TechNet
The Group Policy Team - The home of the Microsoft Group Policy Team
Jakob H. Heidelberg blog - My own blog, mostly about Group Policy and Security
www.heidelbergit.dk - My website with blog RSS, certifications, LinkedIn info etc.
Hope to hear from you soon - O' Yee Knight of the Microsoft Group Policy Table!
Popularity: 17%
Written by Jakob H. Heidelberg. Read more great feeds at is source WEBSITE
no comments.
Read more articles on Jeremy Moskowitz and otherSoftware and MVP and technet and Group Policy and Microsoft.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
