none
Best way to apply group policy on certain domain machines - VM's only except Host and client machine(laptop)

    Question

  • HI Guys,

    Could anyone pls share some pointer how can I enforce group policy to certain domain machines except clients machine.? We have only one default OU Computers that contains all Domain machines.

    thanks

    Thursday, April 20, 2017 2:11 PM

Answers

  • Certainly you can do that by configuring GPO WMI filters and its quiet easy to setup once you get the gist of the queries.

    Follow this URL with some steps and screenshots to start with.

    https://www.eventsentry.com/blog/2009/10/useful-wmi-queries-to-filter-g.html

    http://zeda.nl/index.php/en/implementing-wmi-filters

    As these are 3rd party URL please carry out testing in the dev/test environment before implementing on Prod Env.


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    • Marked as answer by Atul Dogra Thursday, April 20, 2017 3:16 PM
    Thursday, April 20, 2017 2:22 PM
  • Hi

     You can try to configure vmi filtering for laptop's.Follow the steps on the article;

    http://discoposse.com/2012/04/05/group-policy-wmi-filter-laptop-or-desktop-hardware/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Atul Dogra Thursday, April 20, 2017 3:16 PM
    Thursday, April 20, 2017 2:24 PM
  • Hi,
    As far as I know, it should work if you configure the filtering in each GPO when you set up loopback mode.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Atul Dogra Friday, April 21, 2017 1:15 PM
    Friday, April 21, 2017 5:33 AM
    Moderator

All replies

  • Certainly you can do that by configuring GPO WMI filters and its quiet easy to setup once you get the gist of the queries.

    Follow this URL with some steps and screenshots to start with.

    https://www.eventsentry.com/blog/2009/10/useful-wmi-queries-to-filter-g.html

    http://zeda.nl/index.php/en/implementing-wmi-filters

    As these are 3rd party URL please carry out testing in the dev/test environment before implementing on Prod Env.


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    • Marked as answer by Atul Dogra Thursday, April 20, 2017 3:16 PM
    Thursday, April 20, 2017 2:22 PM
  • Hi

     You can try to configure vmi filtering for laptop's.Follow the steps on the article;

    http://discoposse.com/2012/04/05/group-policy-wmi-filter-laptop-or-desktop-hardware/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Atul Dogra Thursday, April 20, 2017 3:16 PM
    Thursday, April 20, 2017 2:24 PM
  • Actually I forgot to ask as I've haven't used WMI or Security filters before.  Is it feasible to use this way to apply auto log off policy on Servers. 

    I've have tested (local group policy) loop backup policy used merge and applied to computer instead of user account. https://4sysops.com/archives/automatically-log-off-idle-users-in-windows/ Which is working as expected in local Server. Now wants to apply group policy on servers

    Thanks

    Thursday, April 20, 2017 3:47 PM
  • Hi,
    As far as I know, it should work if you configure the filtering in each GPO when you set up loopback mode.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Atul Dogra Friday, April 21, 2017 1:15 PM
    Friday, April 21, 2017 5:33 AM
    Moderator