I'm trying to write a WMI filter to prevent a GPO from applying to certain users
SELECT * from Win32_ComputerSystem WHERE NOT UserName LIKE 'domain\\user1_%' AND NOT UserName LIKE 'domain\\user2_%'
This works correctly if the user is logged onto the console but always returns false if the user is logged on via RDP.
Mark
EDIT:
There does seem to be a way to achieve this, it's described in method two of this article. Though, I am unsure of how to construct the query using Win32_Process?