This time it was necessary to apply GPO to computers in the specific IP subnet. In the simplest case, when the subnet is a part of a separate Active Directory site (and this is the only subnet in the site) you can assign your GPO to the AD site. It is a simple and easy method. In our case, we can’t apply the policy to the whole AD site since several IP subnets is bound to it. We’ll have to use the feature of filtering policies using WMI filters.
Earlier we have considered using WMI filters to apply the specific Group Policy only to the certain Windows versions. In this case, in the same way you have to create a WMI filter and change the query so that it contains the condition to check IP addresses.
- Open GPMC.msc (Group Policy Management) console and find WMI Filters section.
- Create a new filter. To do it, right-click the section and select New in the context menu.
- Specify the filter name and its description.
- To add a WMI query click Add.
- Leave root\CIMv2 as a namespace, and copy the following code to the query window:
Select * FROM Win32_IP4RouteTable
AND (Destination Like '191.168.55.%' OR Destination Like '191.168.56.%'))Note. In this example, we created a filter that allows to apply the policy to clients using IP address templates with masks 191.168.55.x and 191.168.56.x. Replace these subnets with your own ones.
- Save the query.
- In GPMC console, select the policy you want to apply.
- In the WMI Filtering section of this policy settings, select the created filter in the dropdown list and assign the policy to the OU containing the computers.
Now you have to update the policies on the clients (gpupdate /force) and make sure they are applied. (To make sure if your GPO has been applied, you can use the standard utility gpresult).
So using a simple WMI filter we can assign a Group Policy to clients in the specific IP networks or to a range of IP addresses.