|
You want to apply a WMI filter to a GPO.
Open the GPMC snap-in.
In the left pane, expand the Forest container, expand the Domains container, browse to the domain of the GPO you want to target, and expand the Group Policy Objects container.
Single-click on the target GPO.
In the right name, at the bottom of the window you can select from the list of WMI filters.
After you've selected the WMI filter, click Yes to confirm.
' This code links an existing WMI filter with a GPO ' ------ SCRIPT CONFIGURATION ------ strGPO = "<GPOName>" ' e.g. Sales GPO strDomain = "<DomainDNSName>" ' e.g. rallencorp.com ' e.g. {D715559A-7965-45A6-864D-AEBDD9934415} strWMIFilterID = "<WMIFilterID>" ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( ) ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Find the GPO set objGPMSearchCriteria = objGPM.CreateSearchCriteria objGPMSearchCriteria.Add objGPMConstants.SearchPropertyGPODisplayName, _ objGPMConstants.SearchOpEquals, _ cstr(strGPO) set objGPOList = objGPMDomain.SearchGPOs(objGPMSearchCriteria) if objGPOList.Count = 0 then WScript.Echo "Did not find GPO: " & strGPO WScript.Echo "Exiting." WScript.Quit elseif objGPOList.Count > 1 then WScript.Echo "Found more than one matching GPO. Count: " & _ objGPOList.Count WScript.Echo "Exiting." WScript.Quit else WScript.Echo "Found GPO: " & objGPOList.Item(1).DisplayName end if on error resume next ' Retrieve the WMI filter strWMIFilter = "MSFT_SomFilter.Domain=""" & _ strDomain & """,ID=""" & _ strWMIFilterID & """" set objWMIFilter = objGPMDomain.GetWMIFilter(strWMIFilter) if Err.Number <> 0 then WScript.Echo "Did not find WMI Filter: " & strWMIFilterID WScript.Echo "Exiting." WScript.Quit else WScript.Echo "Found WMI Filter: " & objWMIFilter.Name end if ' Link the filter and print the result objGPOList.Item(1).SetWMIFilter(objWMIFilter) if Err.Number <> 0 then WScript.Echo "Failed to set WMI filter." WScript.Echo "Error: " & err.description else WScript.Echo "Set WMI filter successfully." end if
You can link only one WMI filter to a GPO. This is not necessarily a limitation because you can still link more than one GPO to a site, domain, or OU. If you need multiple WMI filters to apply to a GPO, copy the GPO and apply a new WMI filter to it. See Recipe 9.15 for more information on WMI filters.
I use a GPMSearchCriteria object to find the GPO that is equal to the display name of the GPO specified in the configuration section. I use an if elseif else conditional statement to ensure that only one GPO is returned. If none or more than one are returned, I abort the script. If only one GPO is returned, I call GPMDomain.GetWMIFilter to instantiate a GPMWMIFilter object based on the WMI filter GUID specified in the configuration section. If you need to programmatically search for the WMI filter ID, you can use the GPMDomain.SearchWMIFilters method. After I retrieve the GPMWMIFilter object, I call the GPMGPO.SetWMIFilter method to set the filter for the GPO.
MSDN: GPMDomain.GetWMIFilter and MSDN: GPMGPO.SetWMIFilter