How to Apply GPO through WMI filtering

active-directory

Solution 1:

Catering sounds like a nice easy way to group machines / users, so in this instance, I would suggest that it would be much more transparent and maintainable to apply this to a Catering OU (Or OU's) or a Catering security group.

Leave WMI filters for when you have no choice. In my experience, they're rarely used because there is generally a better way forward.

Solution 2:

I'm not a programmer so don't take what I say below as gospel, you should check over at SO if you want confirmation, but I can't find a single WMI property for department that you can use to filter off of:

enter image description here

The CLOSEST I can find in the WMI namespace are the Win32_NetworkLoginProfile or Win32_UserAccount but they don't have a DEPARTMENT property in its class.

IF your GPO is using GPPs you can set up an LDAP query and do selective GPP targeting using that query: http://technet.microsoft.com/en-us/library/cc753205.aspx

Other than that...Dan's choice works.

Related

How does tcp keep a connection alive? [closed]
12-24 rack, 10-32 server thumbscrew. How to mount?
Give a name to localhost with specifying a port [closed]
Is a bad NFS mount preventing a clean boot?
Logging in as root [duplicate]
Where can I learn fundamentals about hypervisors in context of other hardware virtualization solutions? [closed]
Correctly configure nameservers with cPanel [closed]
dd test indicated that it took 51 second to transfer 1 kilobyte, VPS hosting provider claimed not responsible, how? [closed]
How much downtime should I expect when changing hosts? [closed]
Running python script on anisble
HP MSA60 complains that new drives are faulty
550 Requested action not taken: mailbox unavailable