NIST's guidance for a Zero Trust Architecture

Active Directory Policies

Security Filtering and WMI Filtering

Security Filtering is used to apply policy settings to only a particular set of users and computers. By default, all authenticated users will receive the policy settings. To apply the GPO only to a particular set of users and computers, follow these steps:

  • In the left pane of the GPMC snap-in, browse to the container and select the GPO
  • In the right pane, select the Scope Tab. Under the Security Filtering section, select Authenticated Users and click Remove
  • Now click Add to add the security principals to which the policy settings will be applied

Windows Management Instrumentation (WMI) filtering is used to apply GPOs based on certain properties of the target computer. WMI filters can be created based on the target computer’s make, model, operating system, time zone, etc. The following steps illustrate how to create a WMI filter:

  • In the left pane of GPMC, browse to the WMI filters container
  • Right-click the WMI filters container and select New
  • In the New WMI filter dialog box, enter the name and description of the filter. Click Add to enter the WMI query.

For example, the following query filters out computers based on their operating system: “Select * from Win32_OperatingSystem where Caption = “Microsoft Windows XP Professional”. Click Save

  • Now choose the GPO for which the WMI filter has to be applied
  • In the right pane, select the Scope Tab. Under the WMI Filtering section, choose the WMI filter from the drop down list and click Yes in the confirmation box that appears

Now, the GPO will be applied to only the computers running the Windows XP Professional operating system.

Related posts
Active Directory Policies

Fine-Grained Password Policies

Active Directory Policies

Account Lockout Policy

Active Directory Policies

Password Policy

Active Directory Policies

Account Policies

Leave a Reply

Your email address will not be published. Required fields are marked *