+ Post New Thread
Results 1 to 9 of 9
Windows 7 Thread, Using WMI filter with GPO to only apply to specific OU in Technical; I've got a group policy that adds printers during logon which I've put under students so each time a student ...
  1. #1

    Join Date
    Dec 2013
    Posts
    7
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Using WMI filter with GPO to only apply to specific OU

    I've got a group policy that adds printers during logon which I've put under students so each time a student logs on it maps the printers. That part all works fine.

    Where I'm running into trouble is using an WMI filter so it only applies to certain machines. Basically I want to create a GPO for each department so that where ever a student logs on it will only apply that departments GPO and only that departments printers are mapped. At the moment I'm just testing it with the art department. The structure is Domain.local/Workstations-Win7/Expressive arts/Art, so I'm using a WMI filter with namespace: root\directory\LDAP and query: SELECT * FROM ds_computer WHERE DS_distinguishedName like '%OU=ART,OU=Expressive Arts,OU=Workstations-Win7%'

    When I test that with wbemtest.exe it only pulls up the computers in that OU but when I create the WMI filter and apply it to the GPO, gpresult shows that it gets a true result wherever I log on. I've tinkered with it but it always either shows true or false where ever I log on.

    I hope that made sense, in truth I've only looked into WMI filters the last couple days so I may have something wrong somewhere. Any input or pointing out of a glaring mistake would be greatly appreciated, cheers!

  2. #2
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Location
    Powys, Wales
    Posts
    605
    Thank Post
    65
    Thanked 130 Times in 101 Posts
    Rep Power
    43
    Quote Originally Posted by Sokh View Post
    I've got a group policy that adds printers during logon which I've put under students so each time a student logs on it maps the printers. That part all works fine.

    Where I'm running into trouble is using an WMI filter so it only applies to certain machines. Basically I want to create a GPO for each department so that where ever a student logs on it will only apply that departments GPO and only that departments printers are mapped. At the moment I'm just testing it with the art department. The structure is Domain.local/Workstations-Win7/Expressive arts/Art, so I'm using a WMI filter with namespace: root\directory\LDAP and query: SELECT * FROM ds_computer WHERE DS_distinguishedName like '%OU=ART,OU=Expressive Arts,OU=Workstations-Win7%'

    When I test that with wbemtest.exe it only pulls up the computers in that OU but when I create the WMI filter and apply it to the GPO, gpresult shows that it gets a true result wherever I log on. I've tinkered with it but it always either shows true or false where ever I log on.

    I hope that made sense, in truth I've only looked into WMI filters the last couple days so I may have something wrong somewhere. Any input or pointing out of a glaring mistake would be greatly appreciated, cheers!
    Cant you just put the GPO in the OU... No need for WMI filters?

  3. #3

    Join Date
    Dec 2013
    Posts
    7
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    If the OU only contains computers, which it does, it will only run computer policies which doesn't include logon scripts unfortunately. So if I put the printer mapping GPO in the Art OU it won't run the user part that contains the logon script. At least that's how I understand it, I could be wrong so feel free to point correct me.

  4. #4
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    897
    Thank Post
    41
    Thanked 67 Times in 64 Posts
    Rep Power
    17
    Unless you turn on loopback processing in merge mode.

  5. Thanks to free780 from:

    Sokh (16th December 2013)

  6. #5

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,698
    Thank Post
    143
    Thanked 542 Times in 486 Posts
    Rep Power
    148
    He's right - you can run logon scripts via GPOs set on Computer objects. The difficult comes when doing the reverse - startup scripts on User objects (which needs loopback processing). You should be fine just applying by OU - I have a large number of User settings set on Computers.

  7. #6

    Join Date
    Dec 2013
    Posts
    7
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    That's a helluva lot simpler than what I was trying! I think I read something about it earlier and just totally missed what it did.

    Thanks very much to both of you.

  8. #7

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    Using too many GP's and WMI Filters can cause a massive performance impact, it is also a management overhead having lots of GP's to keep track of.
    Depending on how you name your computers could you maybe add some logic to your script??

    i.e. If computer name contains room1 then map this printer else if computer name contains room2 then map this other printer etc

    This has the advantage of being one script applied at logon and in only one gp with no wmi so easier to manage.

  9. #8

    Join Date
    Dec 2013
    Posts
    7
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I've just started here and looking at improving some of the aspects of the network. One of the things is exactly what you've mentioned, they have a staggering amount of GP running which is causing slow start up and login. There's a VBscript that runs every startup that creates a txt with all the printers, and a staff and student desktop and start menu. Then on logon there's another VBscript that adds printers based on that txt file.

    It seemed an incredibly verbose way of doing it so I'm trying to slim it down one step at a time. I'll definitely look into the "all-in-one" script method though.

  10. #9
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    https://gist.github.com/Arcath/1438247 << A script that lets you set printers based on the lowest ou the computer is in which runs as a user logon script.

    I've not used it in a while (since moving to GPP) but it should work no problem

SHARE:
+ Post New Thread

Similar Threads

  1. GPO's not applying to Windows 7 Pcs
    By Sheridan in forum Windows 7
    Replies: 5
    Last Post: 28th February 2014, 02:44 PM
  2. Problems with Windows XP / 7 GPOs & WMI Filters
    By smarties11 in forum Windows 7
    Replies: 3
    Last Post: 9th March 2012, 12:35 PM
  3. HELP! Every GPO is being applied to a user, not even in the OU?
    By EarlGrey in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 26th January 2012, 03:26 PM
  4. GPOs don't apply to XP clients randomly
    By reggiep in forum Windows Server 2008
    Replies: 9
    Last Post: 6th January 2011, 02:18 PM
  5. wmi filter pc os applying to users
    By sted in forum Windows
    Replies: 0
    Last Post: 19th November 2010, 09:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •