Active Directory/Documentation/Item-Level Targeting
Jump to navigation
Jump to search
Item-Level Targeting (which is always under the "Common" tab) appears to be the hidden jewel of Group Policy Preferences. Item-Level Targeting allows you to specify a custom filter set for each individual setting within the Preferences portion of the GPO.
- Any individual filtering item can be evaluated true (Is) or false (Is Not).
- Filtering items can be group with ANDs and ORs.
- Collections are used to provide paranthetical groupings.
This allows the filters to be as simple or as complex as you want them to be:
- Simple Example
- "the user is a member of the security group WOLFTECH\Domain Admins"
- Complex Example
- "this collection is true (the CPU speed is greater than or equal to 1000 MHz AND the day of the week is Sunday) OR this collection is false (free disk space is greater than or equal to 80GB on the X: drive AND the portable compluter docking state is Undocked)"
Example Uses
- Just about all drive mappings can be done in a single GPO filtered off of security groups
- Finer grain control over when to apply certain settings to mobile devices
- MAC Address range can be used to apply only to virtual machines
- User context printers filtering by site or IP address allow physical proximity printer targeting for laptops
- Scheduled tasks can be set to run only while on campus, while docked
Targeting Types
- Battery Present
- Computer Name
- CPU Speed
- Date Match
- Dial-Up Connection
- Disk Space
- Domain
- Environment Variable
- File Match
- IP Address Range
- Language
- LDAP Query
- MAC Address Range
- MSI Query
- Operating System
- Organizational Unit
- PCMCIA Present
- Portable Computer
- Processing Mode
- RAM
- Registry Match
- Security Group
- Site
- Terminal Session
- Time Range
- User
- WMI Query