In this tutorial, I will walk you through how to create and use Group Policy WMI Filters to filter the application of Group Policy.
Before starting, the “technical” part where we will see how to configure and use a WMI filter on a group policy, I will start from an example to show you the interest of using a WMI filter.
Why Use WMI Filters
To illustrate this tutorial, we will start from the following situation: we must apply a group policy only to computers that are on Windows 7.
As we can see from the screenshots below, the OS version is written in the description.
To answer our problem, we have several solutions:
- Create a group (Computer_W7), add the computers in this group and apply the policy to the group
- In the organizational units (OU), create new under OU with the version of the OS and link the strategy to the organizational units
As you will certainly have understood, there are several solutions to achieve the “same” result, here we will see how to solve this problem with the use of WMI filters, which will allow us to:
- To have a dynamic solution, if the computer is updated to Windows 10/11, the group policy will no longer be applied and without actions on our part
- Not having to modify the structure of organizational units
- No additional group creation
What is WMI?
This section is only a summary so that you know what WMI is.
WMI is the acronym for: Windows Management Instrumentation, which is based on the WBEM standard (Web-Based Enterprise Mangement), which allows through queries (which is very similar to SQL) to retrieve system information such as hardware components , information about the operating system …
WMI can be used:
- With group policies
- With PowerShell : Cmdlet Get-WmiObject
Here is an example of a WMI query:
select name,version,producttype from Win32_OperatingSystem
Which gives us in PowerShell:
Get-WmiObject -query "select name,version,producttype from Win32_OperatingSystem"
Now that you have the information you need to understand this tutorial in the best possible way, it’s time to practice.
The WMI query
Before creating our WMI filter, we will first see the query that we are going to create.
What we want to do is filter against the version of our operating system, this information is in the class (table) Win32_OperatingSystem and we will look for the value (field) Version.
Which gives us so far:
Select * FROM Win32_OperatingSystem WHERE version = X.Y
To find the versions of Windows, it is necessary to search on the Internet, because this changes regularly.
At the time of writing the tutorial, here is what I can give you:
|Version de Windows||Numéro de la version|
|Windows XP (32)||5.1|
|Windows XP (64)||5.2|
|Windows Server 2003 R2||5.2|
|Windows Server 2008||6.0|
|Windows Server 2008 R2||6.1|
|Windows Server 2012||6.2|
|Windows Server 2012 R2||6.3|
|Windows 10 (1607)||10.0.14393|
|Windows 10 (1809)||10.0.17763|
|Windows 10 (1909)||10.0.18363|
|Windows 10 (2004)||10.0.19041|
|Windows 10 (20H2)||10.0.19042|
|Windows 10 (21H1)||10.0.19043|
|Windows 11 (21H2)||10.0.22000|
|Windows Server 2016 (1607)||10.0.14393|
|Windows Server 2019 (1809)||10.0.17763|
|Windows Server 2022 (21H2)||10.0.20348|
Now that we have the Windows versions, we will return to our WMI query. Based on the table, the version of Windows 7 is 6.1
Which gives us to filter Windows 7 computers:
Select * FROM Win32_OperatingSystem WHERE version = 6.1
In reality we will use this query:
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "6.1%"
Using LIKE will select all versions of Windows that start with 6.1, so if the full version of Windows is 6.1.XYZ, it will be validated by the WMI query.
Normally something should bother you, in the table, we can see that the “desktop” and server versions of Windows share the same version number, so if we use the query, we will also apply the group policy to Windows Server computers 2008 R2. We must add a parameter to the request to indicate that we only want the “Desktop” version, for this we will add a filter on the ProductType parameter and we will say that it must be equal to 1 to exclude server versions.
Which gives us :
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "6.1%" AND ProductType="1"
|1||Version Bureau / Client|
|2||Serveur Contrôleurs de domaine|
Now that we have seen the query, we will see how to use it with WMI filters.
Create a WMI filter and use it
Add a WMI filter
1. Open the Group Policy Management console.
2. Click on the WMI Filters 1 folder located in the tree on the right.
3. At this location, we will find all the WMI filters that have been entered, a WMI filter can be used on several group policies.
When a WMI filter is added to a group policy, it is applied on all links.
4. To create a new filter, right-click in the central area and click on New 1.
5. Name the WMI filter 1 then click on the Add button 2.
6. By default, the namespace to select is root\CIMv2, which is the one you want to use. In the query area 1, enter the WMI query you want to apply and click OK 2.
7. We can see that the query is added 1, click on the Save button 2 to save the filter.
8. The WMI filter is added to the list.
Add a filter to Group Policy
1. Click on the Group Policy (or link) where you want to apply a filter by going to the Scope 1 tab.
2. In the WMI Filtering section 1, select the filter from the drop-down list 2.
3. A confirmation message is displayed, click on the Yes button 1 to confirm the application of the filter.
4. Once confirmed, we can see that the WMI filter is selected.
Now you know how to apply a WMI filter to Group Policy.
Some useful queries
Here are some sample WMI queries you could use:
All Windows 10 and 11 computers:
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "10.0%" AND ProductType="1"
All Computers / Servers starting with name starting with XXYY-
SELECT Name FROM Win32_ComputerSystem WHERE Name LIKE "XXYY-%"
All Windows Server:
SELECT ProductType FROM Win32_OperatingSystem WHERE (ProductType = "2") OR (ProductType = "3")
It is also possible to use WMI queries in some Group Policy settings that allow item-level targeting.
In the target editor, you cannot select a WMI filter.
WMI filters are powerful tools that allow you to easily apply a group policy based on computer settings without the need to create a group or modify the OUs and moreover it is dynamic.