Clicky

Any simple wmi filters etc i can use to do this.
i want my autoupdate policy to only effect xp/vista/7 and not server 2003/2008.

I was using a wmi filter
taht says
Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

but my results say false wmi filter for win7.  XP even says that, but i think it works for xp??? not sure. i guess.  I dont know anything about wmi.

asked 04/11/2011 11:19

ecszone's gravatar image

ecszone ♦♦


13 Answers:
What you should do is create a seperate OU for servers etc and a seperate OU for client machines etc and then just put those machines in their respective OU's and then apply a different policy for each OU or you can just block the policy to the servers etc.
link
Noduzz's gravatar image

Noduzz

otherwise if you prefer to do WMI filters check this for an easier way to write them:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=09dfc342-648b-4119-b7eb-783b0f7d1178&DisplayLang=en
link
Noduzz's gravatar image

Noduzz

i used to block the server names as i use computer policy.
now i have to many and its high maintenance.

i could do the OU i guess.  I mostly have that in place anyway. I have no override on my policy, so i would have to remove that and block inheritance?
I leave windows pc's in the default container.

I get confused sometimes when to use a computer policy vs user.  Does it really matter in this case? Figured computer would allow me to apply it to just the computers ou and not the root where I have it now.  Then i would nto need to block inheritance if I move servers.
link
ecszone's gravatar image

ecszone

so is wmi more trouble than its worth? ie. finicky?
link
ecszone's gravatar image

ecszone

No its not really more trouble than its worth, i guess it just depends really on how big your network is and what you are using it for.  Like if you only have a couple hundred machines that are only xp and servers it might not be worth using WMI but if you have say a couple thousand machines and a ton of different flavors of windows running then it might be worth using depending on how complex OU structure is.
link
Noduzz's gravatar image

Noduzz

default "computers" ou is not listed in the group policy mmc.
never noticed that. wtf
link
ecszone's gravatar image

ecszone

As for the no override yeah you would want to remove that and block inheritance.  As far as when to use computer policy vs user it depends on what you are trying to apply and to what you are trying to apply it to.  For instance if you want to apply a gp to specific users you would want to create a user policy etc.  As far as where to apply it, the basic way is just user policies are applied to users and computer policies are applied to computers.  That being said there is other more advanced options as well but usually thats only in special circumstances that most companies don't use.  I.E.  A special computer that you want difference policy applied for a user that normally gets another policy etc.
link
Noduzz's gravatar image

Noduzz

yeah thats cause computers is not an OU its a container.  There is a way that you can setup a specific OU to be the default OU for computers if you want to apply specific policies to it.  For instance i created a OU called Default Computers and made it my default ou for new computers.
link
Noduzz's gravatar image

Noduzz

yea i played with loopback for my citrix farm. that works good after lots of playing around.
the concept of looping back user policies to machines or something is somewhat simple i guess... although its really the reason im always confused about when to use user policy vs computer. Im probably over complicating it because im scared from doing the citrix polices.
ha
link
ecszone's gravatar image

ecszone

thats what I want.
ok made ou.  searching how to make it my new default place for new systems.
then i just need to move servers out.
if i forget ill remember when they reboot automatically from wu :o
link
ecszone's gravatar image

ecszone

http://support.microsoft.com/kb/324949 will show you how to change your default OU.
link
Noduzz's gravatar image

Noduzz

found dame thing.
realized my forest was still 2000 :|
fixed that mess. I had a 2000 DC in a child domain when i updated teh root domain so i left it as 2000 forest.  Glad i found that.

done and done.

now just need to add a new pc to confirm its working.
link
ecszone's gravatar image

ecszone

my win7 heap got the policy :D

im sure it will work. thanks for the advice.
link
ecszone's gravatar image

ecszone

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×17
×23
×22
×23
×9

Asked: 04/11/2011 11:19

Seen: 339 times

Last updated: 04/11/2011 05:32