I would resist WMI filters on the IP information. I made some filters that used the static/dhcp status, which worked in testing and even worked against the first 50 computers, but soon after strange things started to happen...
The IP information is based on a particular network card. If a computer should have another network card (wireless, firewire port seen as NIC, or virtual NIC based on a vpn connection etc.) Things can get rather messy rather quickly. You're right the list of WMI Filters is a flat listing, which can be messy if a naming convention isn't used at the onset, but don't get too verbose as you'll want to see the WMI Filter later on in ADUC. Have you thought of assignging a policy to a site rather than use GPO filters? I've even thought about telling WSUS to use the AD provided group, but assign the group via registry hack, which works you'll want to reference the WSUS white paper though. All the AD provided values are just registry entries to the WSUS server. Good Luck, I'm trying to configure our new SCCM install for these same reasons! (Test group, first level production group, all production machines group.) On Mon, Mar 30, 2009 at 9:47 AM, Tony Patton < [email protected]> wrote: > > How do people here deal with the list of GPO's and WMI filters that are > used in AD? > > As far a I can see, there is no way of structuring/grouping them, they just > appear as flat lists. > > The reason I'm asking is that we are intending to use WMI filters on GPO's > for WSUS groups so that we can be more granular with pushing out the updates > as we have 3 sites with 800+ desktops. > The sites are split by IP subnets for each side of each floor of the > buildings. > > The make up is as follows: > > Site 1 11 subnets > Site 2 10 subnets > Site 3 2 Subnets > Site 4 6 Subnets > Site 5 1 active subnet, 6 subnets in total (New office > recently opened.) > > The WMI filters work on the IP address and apply the corresponding Target > Group, but there is starting to be an untidy list of GPO and filters. > > Is there another more structured way of doing it? > > Thanks > > Tony Patton > Desktop Operations Cavan > Ext 8078 > Direct Dial +353 (0)49 435 2878 > email: [email protected] > > ====================================================================http://www.quinn-insurance.com > > This e-mail is intended only for the addressee named above. The contents > should not be copied nor disclosed to any other person. Any views or > opinions expressed are solely those of the sender and > do not necessarily represent those of QUINN-Insurance, unless otherwise > specifically stated . As internet communications are not secure, > QUINN-Insurance is not responsible for the contents of this message nor > responsible for any change made to this message after it was sent by the > original sender. Although virus scanning is used on all inbound and > outbound e-mail, we advise you to carry out your own virus check before > opening any attachment. We cannot accept liability for any damage sustained > as a result of any software viruses. > > ==================================================================== > > QUINN-Life Direct Limited is regulated by the Financial Regulator. > QUINN-Insurance Limited is regulated by the Financial Regulator and > regulated by the Financial Services Authority for the conduct of UK > business. > > ==================================================================== > > QUINN-Life Direct Limited is registered in Ireland, registration number > 292374 and is a private company limited by shares. > QUINN-Insurance Limited is registered in Ireland, registration number > 240768 and is a private company limited by shares. > Both companies have their head office at Dublin Road, Cavan, Co. Cavan. > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ > ~ ~ > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
