8

I need to apply a GPO only to some computers in a specific network range.

I'm aware that there many other solutions for this issue. I could group them into an OU or use Sites. But the current situation doesn't allow me to act in any other way except to determine if the IP address of the client is in a specific network.

Therefore I assumed I could use a WMI filter and I asked my good friend Google for help: I found http://waynes-world-it.blogspot.ch/2008/03/wmi-filter-for-subnet-filtered-group.html but 

Select * FROM Win32_IP4RouteTable
WHERE ((Mask='255.255.255.255' AND NextHop='127.0.0.1')
AND (Destination Like '10.31.%'))

doesn't seem to work. The policy isn't applied to any computer due to the filter. Can anyone give me hint how this could be solved?

Thank you very much

CHfish
  • 353
  • 1
  • 3
  • 9
  • How about trying: Destination Like '10.31.%.%' – joeqwerty Aug 07 '12 at 23:17
  • Well to be honest I didn't try. But according to http://msdn.microsoft.com/en-us/library/windows/desktop/aa392263%28v=vs.85%29.aspx % should just work fine! – CHfish Aug 08 '12 at 11:36
  • Right, but in the link in your question it's parsing all 4 octets but in your string it looks like it's only parsing 3 octets so maybe it's not evaluating the ip address correctly. – joeqwerty Aug 08 '12 at 12:26

1 Answers1

7

Got it:

SELECT * from Win32_IP4RouteTable 
       WHERE ((Mask='0.0.0.0' AND NextHop LIKE '10.31.%'))

Works perfect. Seems the sample is either wrong or at least not applicable to Windows Server 2008 R2

voretaq7
  • 79,345
  • 17
  • 128
  • 213
CHfish
  • 353
  • 1
  • 3
  • 9