I'm trying to write a WMI filter to prevent a GPO from applying to certain users
SELECT * from Win32_ComputerSystem WHERE NOT UserName LIKE 'domain\\user1_%' AND NOT UserName LIKE 'domain\\user2_%'
This works correctly if the user is logged onto the console but always returns false if the user is logged on via RDP.
Mark
EDIT:
There does seem to be a way to achieve this, it's described in method two of this article. Though, I am unsure of how to construct the query using Win32_Process?
Best Answer
Don't use a WMI filter for that. Use an Access Control Entry for "Apply Group Policy" permission on the GPO object to specify a group for which the GPO should be applied/denied. You would also need to ensure that loopback policy processing is enabled.