none
WMI-Filter on Group Membership doesn't work RRS feed

  • Question

  • Hello everybody,

    I have a Problem which maybe one of you can solve. I have a terminalserver which is in an AD-Group (not OU). The AD-Group is called "tsServer". The domain name is "test1" and I try to block the usage of the command prompt only on this server. I tried this through  a GPO with a WMI-Filter. The filter's query looks like this:
    Select * from Win32_GroupUser Where GroupComponent="Win32_Group.Domain='test1',Name='tsServer'"

    But it's not really working. Any suggestions how I can solve this?

    Domaincontroller: Windows Server 2008 R2
    Terminalserver: Windows Server 2012 R2

    Friday, August 29, 2014 9:51 AM

Answers

  • Not a legitimate WMI query.

    To block for server only define GPO in server OU and add filter for ONLY that machine.

    Post GP questions in GP forum.

    It is silly to block command prompt on a properly secured system.


    ¯\_(ツ)_/¯

    Friday, August 29, 2014 10:24 AM

All replies