WMI过滤器比赛-您是否是骑士在shining装甲?
欢迎 “对圣洁桌面WMI过滤器的搜寻”, 这是一次全球性查寻什么您可能叫“完善的桌面WMI过滤器". 通过使用WMI查询语言的WMI过滤器(WQL),应该能察觉仅台式计算机。 它应该是一次一般询问-的意思世界各地使用过滤器为小组政策过滤在多数活跃目录环境应该是可能的。
如此,什么真正地是桌面? 很好,我们实际上在这种情况下说它是膝上计算机的对面。 Hmm,然后什么是膝上计算机? 足够容易: 一台计算机用电池! 我们有WMI过滤器为已经发现膝上计算机:
选择*从Win32_Battery - 您是否正义不爱朴素在这次询问?
这过滤器将做一台计算机用电池反应与“真实” (因为WMI类事例存在),意味GPO用这过滤器将适用于计算机用电池。 简单的权利? 并且您也许认为“转动它在附近”到发现桌面,象是容易的:
选择*从Win32_Battery,可及性! = 2
或
选择*从Win32_Battery,可及性不是空的
或
“不是X喜欢Y”或的地方什么
可能它是,可能它不是… 我认为它是相当坚硬的! 为察觉膝上计算机我们可能测试了类Win32_PortableBattery, Win32_PCMCIAController, Win32_POTSModem -,但我莫名其妙地认为多数人将同意, “根本铃声”,做膝上计算机一台膝上计算机,实际上是电池存在!
但,我们的测试为察觉仅桌面(没有电池的机器-是,我知道这太将包括服务器作为他们“固定式”)不是成功! 我们大概需要正确句法? 并且这是您进入图片的地方!
您能崩裂开放这枚坚果? 有一个凉快的价格!
在一份发送邮件列表所有开始的这为小组Group Policy宗师和最有价值球员和女孩-叫的GPTalk -创造和赡养的政策人Darren 3月Elia -人后边 GPOguy.com 并且 SDM软件. 您能加入名单 这里 并且参加这场比赛 赢取赠送阅本 :
GPExpert™查明故障朴
但您只必须是崩裂这件事的第一个人,那里将是可能是您的一个优胜者-!
我评估接踵而来的答复- FIFO: " 首先首先 " method is used. Hopefully we'll see the most simple solution first - simplicity works, right? Actually I wouldn't know in this case would I...
One important thing! We will ask you kindly to TEST any WMI query submissions before sending them to everybody on the list. During your testing, you should use a tool to verify the WMI filter against a minimum of 2 desktops and 2 laptops. You can use the free WMI Filter Validation Tool to test you WMI filters in your environment. Personally I’m also using Scriptomatic version 2 and WBEMTEST for finding the available classes, items, queries etc.
Please have a look at the "rules" further down!
Why do this? Well, because it's fun - and useful at the same time... When looking at it generally, the purpose of this filter is to say: "I want these user settings to apply, but only when the user logs on to stationary machines". This can be used for a lot of security related setting, eg. in the case where Automatically cached Offline Files/Folders are unwanted on stationary machines for certain users etc. The job of most WMI filters placed on User policies is to limit which machines the policy setting(s) should apply to (even though WMI filters could check for user specific things too). Besides from that it's a nice challenge, we can pretty easily "spot" laptops, as they have batteries – and desktops don’t, but that’s not good enough for Mr. WQL, is it?!
Stuff we have tried - and the rules
We’ve been around solutions looking for Win32_SystemEnclosure > ChassisType before - which basically doesn’t work in a WMI filter because that’s an Array (and yes, I've also seen lots of posts on forums out there claiming that particular class is the solution – but for WMI/WQL queries it’s not). If would work in a script (because you can add additional logic to scripts), but we are searching for a WMI Filter - not workarounds of any kind!
As mentioned we tried with the Win32_Battery WMI class. However, as desktops don’t know this class at all, they'll return FALSE no matter what. Basically a desktop computer is gonna say “Heck, I don’t know anything about that class *Panic* I’m out!” – or just “False”... Bummer!
We have also tried PowerSupplyState, Win32_DesktopMonitor, Win32_DisplayConfiguration, Win32_SystemSlot, Win32_Fan and other classes – just haven’t found the perfect “this is definitely a desktop WMI item value or class”…
We're basically looking for something like:
A) Select * from Win32_SomeClassOnlyDesktopsHave
Or
B )Select * from Win32_SomeClass.SomeItem = “SomeValueOnlyDesktopsHave”
Or
C) Some way of saying “if you don’t know the class (eg. Win32_Battery), then apply the GPO anyway”
Again, the “quest” is to find the perfect, *universal*, way of spotting “Non-laptops” or Desktops – it can of course be done by looking for some special computer Manufacturer/Model, BIOS version, specific hardware driver or whatever – but that stuff it most likely gonna be different from environment to environment. Also, if we all just used computer names like “DESKxxx” for desktops and “LAPTxxx” for laptops, we could have used WMI filters for computer name – but unfortunately that’s not the case - or at least I won't consider that a valid solution :)
The thing is, that normally it’s the LAPTOPS that have special hardware – like Batteries and built-in Modems, PCMCIA slots etc. – so they are pretty easy to find. With desktop computers it’s another story – hope you can help us out here!
Please, again, we know lot’s of “workarounds”, but what we need is a *WMI filter* and it has to return *TRUE* for *DESKTOPS* (or let’s call the NON-LAPTOPS or NON-PORTABLES, it doesn’t really matter).
Remember, simplicity works - maybe the answer/solution is pretty straight forward? Feel free to post any additional questions to the mailing list!
Another example of what has been tried
We could maybe try to go for presence of PCI (and not Mini-PCI) or AGP slots, as we expect most desktops to have PCI slots (and laptops to have Mini-PCI, but that would depend on the form factor) – or maybe AGP (but does onboard VGA count as AGP? Any PCI VGA cards left out there? Yeah, probably...). If not we could maybe go for something like this:
A) Select * From Win32_SystemSlot Where SlotDesignation = “PCI%”
Or
B) Select * From Win32_SystemSlot Where SlotDesignation = “AGP”
However, this is not accepted as a solution as we cannot say that all desktop computers have AGP slots. But - maybe you can convince us otherwise?
Other cool Group Policy information:
You'll find additional Group Policy information at these sites:
www.gpanswers.com - The home of Group Policy guru and MVP Jeremy Moskowitz, check out the community there too!
TechNet Group Policy Forum - A brand new Group Policy forum on Microsoft TechNet
The Group Policy Team - The home of the Microsoft Group Policy Team
Jakob H. Heidelberg blog - My own blog, mostly about Group Policy and Security
www.heidelbergit.dk - My website with blog RSS, certifications, LinkedIn info etc.
Hope to hear from you soon - O' Yee Knight of the Microsoft Group Policy Table!
Popularity: 63%
Written by Jakob H. Heidelberg. Read more great feeds at is source WEBSITE
no comments.
Read more articles on Jeremy Moskowitz and otherSoftware and MVP and technet and Group Policy and Microsoft.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
