Note: Don’t use Win32_Product. It’s not a good idea, and even Microsoft warn against using it.
WMI filtering on Group Policy Objects is an incredibly useful and powerful feature within Active Directory, but going nuts with your queries could affect your end users.
One thing to be mindful of is the WMI query execution time, keeping in mind that filters are evaluated every group policy refresh interval. By default, this is every 90 minutes with an added random offset of 0-30 minutes.
An example of this was a query I was testing this week; It’s common to search the Win32_Product WMI class to see if a particular piece of software is installed. This technique is even listed in the sample code in the TechNet article on WMI Filtering. This method often takes quite a while to return a result, so I decided to use an alternative method.
The alternative is simply to test if the application’s executable file exists. This can also be extended to test for a specific file version if necessary. Below are the results of the testing:
Method 1: Find software by searching Win32_Product
PS C:> Measure-Command { gwmi win32_product -Filter "name like '%shoretel%'" } Days : 0 Hours : 0 Minutes : 2 Seconds : 54 Milliseconds : 706 Ticks : 1747066394 TotalDays : 0.00202206758564815 TotalHours : 0.0485296220555556 TotalMinutes : 2.91177732333333 TotalSeconds : 174.7066394 TotalMilliseconds : 174706.6394
Method 2: Check for existence of executable file
PS C:> Measure-Command { gwmi cim_datafile -Filter "name = 'C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe'" } Days : 0 Hours : 0 Minutes : 0 Seconds : 0 Milliseconds : 666 Ticks : 6668044 TotalDays : 7.71764351851852E-06 TotalHours : 0.000185223444444444 TotalMinutes : 0.0111134066666667 TotalSeconds : 0.6668044 TotalMilliseconds : 666.8044
Results
As shown above, the Win32_Product method took almost 3 minutes to return a result, where the second method merely took 666 milliseconds.
The resulting WMI filter for the GPO would look something like this:
SELECT Name FROM CIM_DataFile WHERE Name = "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe"
Notes
Make sure you escape your backslash characters in the WMI query as shown above. If you’re testing for the presence of a folder, you’ll want to use the Win32_Directory WMI class instead.
PowerShell is a great way to test your WMI queries. Simply use the Get-WmiObject cmdlet. Another great tool to use is WMI Explorer.