Q. How can I apply Group Policy object (GPO) user settings in a GPO only if connecting to specific machines or classes of machines (such as servers)?

A. In the previous FAQ, I created a GPO to run a login script that provides servers with a wallpaper that shows server information. However, because I want this to happen at user logon, the policy is applied as part of the User Configuration part of the GPO—so it's not aimed at particular machines.

To create the filter, open the Group Policy Management Console and select the WMI Filters node. Create a new filter—in my example, I want to check for server OS, which I do by querying Win32_OperatingSystem and checking whether ProductType is 2 or 3 (domain controller is 2, server is 3) from the root\CIMv2 namespace, per this MSDN article.

select * from Win32_OperatingSystem where ProductType="2" or ProductType="3"

This is shown below.


Once the WMI filter is created, you just select the GPO within GPMC. At the bottom of the GPO, under the Scope tab, you can select the filter to apply. Now the settings in the GPO only get applied if the filter conditions are met—in this case, logging on to a server.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.