none
Group Policy WMI filter on Registry via Poweshell

    Question

  • I need to build a policy filter that queries on a numerical value (<>) in the registry. This value is applied via the Win10 image and not available in the WMI namespace. Any ideas on how this would be accomplished? I can see the value in the registry with a variation of this command:

    Get-ItemProperty "HKLM:\software\WOW6432Node\xxx" buildversion

    Thanks!

    Tuesday, October 11, 2016 1:54 AM

Answers

  • It is not possible to build a WMI filter using the registry provider.  You can create a custom 'mof' that can return the value but that would have to be installed on the server when you create the image.

    A WMI filter must be a query that returns something or nothing.  The registry provider requires multiple lines of WMI to instantiate the provider then to query the registry.

    WMI filters are not PowerShell. They are GPs own execution of a single WMI query.

    This is what a WMI GP filter looks like:

    instance of MSFT_SomFilter
    {
    	ChangeDate = "20051206225516.406000-000";
    	CreationDate = "20051206225516.406000-000";
    	Domain = "KAHLNET.local";
    	ID = "{A0F0F9AB-9C2F-4504-BBE4-5923E25CB539}";
    	Name = "PostSP2";
    	Rules = {	
    		instance of MSFT_Rule{		
    			Query = "Select * from WIN32_OperatingSystem where ServicePackMajorVersion>=2 and Version='5.1.2600'";
    			QueryLanguage = "WQL";
    			TargetNameSpace = "root\\CIMV2";
    		}
    	}
    };
    

    It is a MOF format file and not PowerShell.


    \_(ツ)_/

    Tuesday, October 11, 2016 2:43 AM