One of group policy’s best yet seldom used features is WMI filtering which allows an admin to apply policies to windows computers conditionally instead of statically based on what OU a computer or user object is in. Here are a few of my favorites, all of them are in root\CIMv2 unless otherwise specified.
Filter by OS Install Date Incredibly useful if you are looking to push new software automatically to only new computer or computers that have been freshly imaged with MDT. The example below will only apply to computers that have an install date greater than 2016-04-09
SELECT * FROM win32_operatingsystem WHERE Installdate>="20160409111400.0+0"
Filter by Memory Type This allows you to filter by desktops and laptops if you have desktops that do not have sodimm memory. If you do have desktops with sodimm memory you might combine this with another WMI filter that queries if systems have a battery present
Note that If you have systems which are small form factor and have UPS’s attached this may not work for you.
Desktops (devices not using SODIMMs)
Select * from Win32_PhysicalMemory WHERE (FormFactor != 12)
Laptops (devices using SODIMMs)
Select * from Win32_PhysicalMemory WHERE (FormFactor = 12)
Filter by Windows Desktop Operating Systems Filtering by Windows Desktop Operating Systems is useful if you have changed the default Computers Container to an OU with policies applied, doing this ensures that when Servers are joined to the domain and appear in an OU instead of a container they do not pickup group policies designed for desktops.
select * from Win32_OperatingSystem WHERE ProductType = "1"
Filter for Windows 10
select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1"
Filter for a specific build of windows 10 In this case windows 10 1909 useful if you want to control windows update with group policy.
select * from Win32_OperatingSystem where Version like "10.0.18363" and ProductType="1"
Filter for 64 Bit Windows Servers
select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND OSArchitecture = "64-bit"
From these you should find that you can filter just about all the various parts of your windows 10 infrastructure.
