Another option to exclude the DC's is to add them to a security group and deny read on the GPO.
From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, October 25, 2011 9:06 AM To: NT System Admin Issues Subject: RE: WMI filter for GPO's for WIndows 2003 Servers, I was meaning to exclude DC's since all my DC's are Windows 2008 R2 SP1. This was more targeted for Windows 2003 Member servers, since they and I just learned Windows 2008 servers will not obey the advance audit settings that are reserved for Windows 2008 R2 and Windows 7. So I had to create different Audit Policy GPO's and filter them accordingly. Do appreciate the advice on the WMI filter as always. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 [cid:[email protected]] From: Michael B. Smith [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Monday, October 24, 2011 4:09 PM To: NT System Admin Issues Subject: RE: WMI filter for GPO's for WIndows 2003 Servers, I would do it this way: select * from Win32_OperatingSystem where version like '5.%' and name like '%server%' Your query excludes domain controllers. Dunno whether that's what you intended or not. The WMI class is documented here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa394239(v=vs.85).aspx Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Ziots, Edward [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Monday, October 24, 2011 3:52 PM To: NT System Admin Issues Subject: WMI filter for GPO's for WIndows 2003 Servers, Just a quick question, for those filtering with WMI filters. I am using the following for a Windows 2003 Filter, does anyone else have anything else that works a bit better or know that its valid. select * from Win32_OperatingSystem where Version like "5.%" and ProductType = "3" TIA EZ Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 [cid:[email protected]] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
