Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Group Policies
 WMI Filter - Local group membership		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

aburrow
Welcome Newcomer

Australia
3 Posts
Status: offline
Posted - 11/29/2012 :  01:26:45 AM  Show Profile  Reply with Quote
I'd like to write a WMI Filter that will check to see if the user who's currently logging in, is a member of the local Administrators Group. If the user is a member then the GPO should not be applied.

wkasdo
Administrator

Netherlands
7403 Posts
Status: offline
Posted - 11/29/2012 :  06:18:40 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
This sort of functionality is built into Group Policy Preferences. Is that an alternative?
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

aburrow
Welcome Newcomer

Australia
3 Posts
Status: offline
Posted - 11/30/2012 :  01:28:45 AM  Show Profile  Reply with Quote
I didn't think of Group Policy Preferences. I spent some time today looking at them.

I can replicate the changes I need through HKCU registry changes.

However I can't get the ILT to work.

I've set it up as follows

"
the user is not a member of the security group BUILTIN\Administrators (It fills in the SID for me).

What should be happening. If the user logging in is a member of Administrators local group then the Registry key shouldn't be applied.

What's happening. The registry key is being applied regardless of whether the user is a member of the Administrators local group or not.

If I no longer apply the GPO then the registry key is removed as it should.
Go to Top of Page

wkasdo
Administrator

Netherlands
7403 Posts
Status: offline
Posted - 11/30/2012 :  03:42:51 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
I just spent 10 minutes in my lab validating that this should work -- and it does. So let's look at the usual.

- did GPO processing complete without errors?
- does the GPO apply to the user account in question?
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

aburrow
Welcome Newcomer

Australia
3 Posts
Status: offline
Posted - 12/03/2012 :  02:41:37 AM  Show Profile  Reply with Quote
When I came into work this morning. I thought I'd start from scratch. I removed the GPO and recreated it. After re-applying it it's now working. The only thing I can think of is that somehow it got corrupted on friday. It looks good so far.

Thanks for all your help.
Go to Top of Page

wkasdo
Administrator

Netherlands
7403 Posts
Status: offline
Posted - 12/03/2012 :  03:01:23 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Thx for the update, aburrow!
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.2 seconds. Snitz Forums 2000