wmi

WMI Filter Features on Demand GPO

Richard Green on

Last week, Yung Chou from Microsoft put up a post about using Group Policy to provide Features on Demand for Windows Server 2012 R2 and how this can help in restricted environments where servers don’t have access to Windows Update to retrieve on-demand features such as .NET Framework 3.5 or where you don’t want to be left manually providing UNC paths to operating system media.

This is certainly true, and even if you aren’t in a restricted environment this is worthy of doing because it makes it much easier for administrators to add certain roles and features to Windows Server however the one point that was missed from the post is that you will probably want to WMI Filter this Group Policy Object so that only Windows Server 2012 R2 operating systems will be able to read it and apply the policy setting.

I’m not going to walk through the process of creating a WMI Filter and applying it to a GPO as that’s pretty simple stuff but finding the right query to craft can sometimes be a challenge so here you go:

SELECT ProductType, Version FROM Win32_OperatingSystem WHERE (Version LIKE "6.3%") AND (ProductType = "2" OR ProductType = "3")

This query will pick out Windows Server 2012 R2 with the Version LIKE 6.3% syntax however this alone would also resolve true on Windows 8.1 client machines so the addition of ProductType equals 2 or 3 means that only server types will be matched.

This filter can be used for targeting any GPO that requires Windows Server 2012 R2 specifically. If you wanted to craft a WMI Filter which explicitly calls out Windows 8.1 instead then simply replace ProductType 2 or 3 with ProductType equals 1.

 

Repairing the DirectAccess Group Policy WMI Filters

Richard Green on

When you configure your first DirectAccess server in an Active Directory domain, the wizard will automatically create for you two Group Policy Objects. One of these policies applies to the DirectAccess servers and the other to the DirectAccess clients. I’m in the process of setting this up on my Windows Server 2012 R2 Essentials server so my server is latest and greatest as far as operating system version goes and even to date, it appears that the WMI Filter created for the Group Policy Object has not been updated.

Here is the WMI Filter in it’s default state:

SELECT * FROM Win32_ComputerSystem WHERE PCSystemType = 2
SELECT * FROM Win32_OperatingSystem WHERE (ProductType = 3) OR (Version LIKE ‘6.2%’ AND (OperatingSystemSKU = 4 OR OperatingSystemSKU = 27 OR OperatingSystemSKU = 72 OR OperatingSystemSKU = 84)) OR (Version LIKE ‘6.1%’ AND (OperatingSystemSKU = 4 OR OperatingSystemSKU = 27 OR OperatingSystemSKU = 70 OR OperatingSystemSKU = 1 OR OperatingSystemSKU = 28 OR OperatingSystemSKU = 71))

As you can see, that’s a pretty long filter, one which is going to take some time to enumerate on a client. Secondly, the filter only calls out Version 6.1 and 6.2 which like a previous post I wrote about the problems with the WMI Filter in the Windows Server 2012 Essentials Client GPO WMI Filter, it excludes Windows 8.1 (Version 6.3).

These aren’t the only problems though. ProductType = 3 means server (per MSDN WMI Win32_OperatingSystem guidance at http://msdn.microsoft.com/en-us/library/aa394239(v=vs.85).aspx) which means that the policy will never apply to a client machine as intended. The OperatingSystemSKU filter section means that this policy is valid for all sorts of crazy product SKUs that we just aren’t interested in (a full list of SKUs can be found at http://techontip.wordpress.com/tag/operatingsystemsku/).

I’ve modified this query down so that it will apply to Windows 7 and upwards instead of explicit versions and also simplified it so that it only applies to the SKUs that we might actually be interested in.

Simply clear out the current filter and replace it with the following:

SELECT * FROM Win32_ComputerSystem WHERE PCSystemType = “2”
SELECT * FROM Win32_OperatingSystem WHERE (ProductType = “1” AND Version >= “6.1%”) AND (OperatingSystemSKU = “4” OR OperatingSystemSKU = “27”)

Now, the policy will apply to computers of class PCSystemType 2 which defines a mobile computer, ProductType 1 which defines a workstation device, Version 6.1 or higher covering Windows 7 and onwards and lastly, defines OperatingSystemSKU as 4 or 27 which singles out Enterprise and Enterprise N editions of Windows client operating systems.

Windows Server 2012 Essentials Folder Redirection on Windows 8.1

Richard Green on

As all good IT Pros have done, I’ve upgraded my home client computers from Windows 8 to Windows 8.1. You have upgraded your machines to Windows 8.1 right?

As I frequently proclaim and preach on here, I run Windows Server 2012 Essentials on my home network, acting as my DNS Server, DHCP Server in addition to the out of the box features that you can get from Windows Server 2012 Essentials like roaming profiles, folder redirection, automated computer backups and network file sharing (all of which I use).

When I was building out a test environment this week to practice how I might migrate from Windows Server 2012 Essentials to Windows Server 2012 R2 Essentials without the benefit of a second server with 19TB of available storage to hand (how many homes do have 19TB of storage let alone a spare 19TB) I was experiencing an issue.

As part of my testing, I built a Windows 8.1 Pro virtual machine to simulate a desktop or laptop client computer. I built a Windows Server 2012 Essentials server as a second virtual machine on which I recreated my group policy settings and a mock up of my Storage Pool and Storage Spaces on my production server. After installing the Windows Server 2012 Essentials Connector on the Windows 8.1 client and logging in for the first time as a user configured to use roaming profile and folder redirection, I noticed that the roaming profile was working but the folder redirection was not.

I spent a while pouring through event logs on the client wondering why folder redirection wasn’t working, looking at GPMC (Group Policy Management Console) wondering if I’d done something silly like moved a link on a GPO preventing it from working until the penny dropped. Windows Server 2012 Essentials applies a WMI Filter named SBS Group Policy WMI Filter to the SBS Group Policy Folder Redirection GPO which is created when you implement Group Policy via the Server Dashboard.

Windows Server 2012 Essentials Original WMI Filter

This WMI Filter is setup as SELECT * FROM Win32_OperatingSystem WHERE (Version LIKE “6.1%” or Version LIKE “6.2%”) AND ProductType = “1”. For those who are now also dropping the penny or those who can’t make head nor tail of a WMI Filter, Windows 8.1 increments the operating system version number from 6.2 (Windows 8) to 6.3 (Windows 8.1), therefore the GPO isn’t applying to any of the Windows 8.1 machines on my network because this filter limits the scope of the Group Policy Object to explicitly Windows 7 and Windows 8 operating systems.

The solution to making this work is pretty simple in that we just need to update the WMI Filter so that it includes Windows 8.1 as we know that basic features like roaming profiles and folder redirection are going to work so I’m not worried about something breaking here.

I’ve decided to change my WMI Filter to include operating systems greater than or equal to Windows 7 rather than add another or statement to include Windows 8.1 For me, the WMI Filter now reads SELECT * FROM Win32_OperatingSystem WHERE (Version >= “6.1%”) AND ProductType = “1”.

Windows Server 2012 Essentials New WMI Filter

 

After making the changes and running a gpupdate command on a Windows 8.1 client computer, the group policy magically springs back into life and things start working. Firstly, I’m amazed that I haven’t noticed this being a problem on my home clients which I guess is a testament to my gigabit throughout home network pushing the files directly back to the server rather than caching them locally with Offline Folders first. Secondly, I’m surprised that this hasn’t been updated with a patch or update to Windows Server 2012 Essentials but perhaps this is a cattle prod for customers to upgrade to Windows Server 2012 R2 Essentials?