The scope of a Group Policy Object (GPO) can be controlled with WMI filters, based on criteria such as operating system version or hardware specifications. A WMI filter consists of one or more queries, and if all queries evaluate to true then the GPO linked to the filter will be applied.
WMI queries are composed using the WMI Query Language (WQL), which is a SQL-like language. Queries can be combined with logical operators and each query is executed against a particular WMI namespace. When you create a query, you must specify the namespace. The default namespace is root\CIMv2, which is appropriate for most WMI queries.
The WMI filter is a separate object from the GPO in the directory. To apply a WMI filter to a GPO, you link the filter to the GPO, which is shown in the WMI filtering section on the scope tab of a GPO in GPMC. A GPO can only have a single WMI filter, but the same WMI filter can be linked to multiple GPOs. WMI filters are evaluated on the target computer and applied whenever a Group Policy update is triggered.
Example 1 – Checking the Operating System Version
The Win32_OperatingSystem class is used to query operating system information. For instance, the following query can be used to check the operating system is Windows 7 or above:
Select * from Win32_OperatingSystem where Version >= 6.1
The above query will also include Windows Server 2008 R2, but we can refine this query and check the ProductType to restrict the query to desktop operating systems:
Select * from Win32_OperatingSystem where Version >= 6.1 and ProductType = 1
Example 2 – Checking the System Type
The Win32_ComputerSystem class is used to query the system type. For instance, the following query can be used to check for a mobile system:
Select * from Win32_ComputerSystem where PCSystemType = 2