Sunday, November 09, 2014

WMI filters, OS versions and BuildNumber oddities...

Hi all.

From time to time, we use WMI filters to target a GPO to specific OS versions. Usually, you to do a comparison for Version numbers or for the Win32_OperatingSystem.BuildNumber property, as demo'ed at Florians blog.

I use this type of filtering very often, because we tend to target GPOs for 2003, Win7, 2008R2 and now 2012R2 individually. This usually ends up with WMI queries like

SELECT * FROM Win32_OperatingSystem WHERE BuildNumber >= 7000 AND BuildNumber < 8000 AND ProductType > 1

This query targets all flavors of Server 2008 R2. And as you can see, we not only target for a lower boundary of BuildNumber, but for an upper boundary, too. This way, we ensure that a GPO designed for e.g. Win7 does not apply to Win 8.

If you are wondering why we are not simply targeting for BuildNumber=7601: We have learned that BuildNumbers as well as OS versions are subject to change when service packs are applied. This at least was true for Vista/2008 (6000/6001/6002) and Win7/2008R2 (7600/7601).

As Windows 10 is up and coming, we do not know what the BuildNumber of RTM will be (today it is 9841, but that will eventually change), but it might start with 10. So for 2012 R2, I created the following query:

SELECT * FROM Win32_OperatingSystem WHERE BuildNumber >= 9000 AND BuildNumber < 10000 AND ProductType > 1


But on testing, this filter evaluated to FALSE. What's going on here? 2012 R2 BuildNumber is 9600 which for sure is greater than 9000 and smaller than 10000...A little bit of research on Win32_OperatingSystem.BuildNumber: Heck, this BuildNumber property (despite its name containing "Number") is a - guess what - yes - it is a STRING!

This means we do not compare numbers, we compare strings. And of course, 1 is smaller than 9 in terms of string comparison, so BuildNumber < 10000 evaluates to FALSE. So I converted all our filters that query for BuildNumber from math comparison to string comparison:


SELECT * FROM Win32_OperatingSystem WHERE BuildNumber LIKE "9%" AND ProductType > 1

Problem solved, filters now working as expected.

That's all for now...

PS: ProductType in fact is a number (uint32), so the math comparison ">" is fine for that property.

1 comment: