Use Group Policy Preferences with WMI Targeting to Copy Files

wmi-lastmodified-1

Here’s a quick and simple guide on how to update a file based on it’s “last modified” date (but it can also be tweaked to use any file attribute). It uses the Item-Level Targeting feature of Group Policy Preferences. The problem is, the Targeting Editor only has a “File Match” option that can check whether a file exists or is of a certain version. Luckily, we can implement a custom WMI query to check any of the files attributes using the CIM_DataFile.

Digging up attributes

I’ve got a file, e.g file.txt, on a group of PCs that needs updating but only on PCs were it hasn’t been modified since before a certain date. I use the following PowerShell command to quickly check the file’s attributes to find something I can target the policy with.

Get-WmiObject CIM_datafile -Filter "name='C:\\temp\\file.txt'" | select *
PSComputerName : PC123
Status : OK
Name : c:\temp\file.txt
Archive : True
Caption : c:\temp\file.txt
Compressed : False
CreationDate : 20140904122149.482326+060
Drive : c:
Encrypted : False
FileSize : 0
FileType : Text Document
Hidden : False
InstallDate : 20140904122149.482326+060
LastAccessed : 20140904122149.482326+060
LastModified : 20140904122149.482326+060
Version :

I can’t use the Version as text files don’t have them, however, CreationDate, LastAccessed and LastModified all have dates listed that I could use as part of my WMI Targeting. I’m going to pick LastModified as that makes the most sense for this case.

WMI and Dates

A quick side note on WMI dates. As you can see from the code above, at first glance they look like a complicated string of numbers. That’s because they are written in the UTC format. They are actually quite simple to read if you just work backwards, starting from the year, e.g.

LastModified : 20140904122149.482326+060
becomes
LastModified : 2014/09/04 12:21:49 .482326 +060
i.e.
LastModified : Year/Month/Day Hour:Minutes:Seconds .milliseconds + offset

Create the File Preference

Now I know what I’m going to search for, I can create the preference in the Group Policy Management Editor

  1. Open the Group Policy Management Console
  2. Create or open a group policy object
  3. Expand to Computer Configuration > Preferences > Windows Settings > Files
  4. Create a new File preference
  5. Fill out the General tab as follows
    1. Action: Replace
    2. Source: \\server\share\file.txt
    3. Destination: C:\temp\file.txt
      wmi-lastmodified-1
  6. Switch to the Common tab
  7. Tick the Item Level Targeting box
  8. Click the “Targeting…” button to open the Targeting Editor
    wmi-lastmodified-2
  9. The first thing we want to do is check the file exists before we bother trying to replace it
    1. Click “New Item > File Match”
    2. Match Type: File Exists
    3. Path: C:\temp\file.txt
  10. Secondly, we insert our query to check the Last modified date
    1. Click “New Item > WMI Query”
    2. Query: SELECT LastModified FROM CIM_DataFile WHERE name=”C:\\temp\\file.txt” AND LastModified < ‘20140901000000.000000+060’
    3. Namespace: Root\cimv2
    4. Property: leave blank
      wmi-lastmodified-3
  11. Click OK twice and you are done

Query Explanation

The hardest bit of this was working out the actual query. You want to be careful here because if the query is too complicated it will timeout and not apply. I’ll break down my query from 10.2 above to clarify what it is doing

  • SELECT LastModified
    • This part will narrow the search to only look at the LastModified attribute
  • FROM CIM_DataFile
    • CIM_DataFile is the WMI class that can look into files
  • WHERE name=”C:\\temp\\file.txt”
    • Specifies the path and file name to look for
    • You need to used backslashes (\) and surround in double quotes (“)
  • AND LastModified < ‘20140901000000.000000+060’
    • Checks the LastModified attribute is less than (<) 01/09/2014
    • You could change this to calculate greater than (>) or equals (=) or any other valid operator
    • I zeroed out the time part of the UTC date as it wasn’t necessary and makes it easier to read
    • Use single quotes (‘) around the date

If the WMI query finds the file and meets the criteria (i.e. the query returns True) then the file will be replaced

Conclusion

I wish we could use PowerShell to target items instead of WMI as this was a bit of a backwards step. Even better would be if the “File Match” item included a way to check any attribute of a file, not just exists or version. Maybe that’s coming in Server 2015 :/

The alternative method to achieve the same goal would be to create a script in the language of your choice to replace the file at startup but I prefer the visibility and flexibility of Item Level Targeting.

Let me know in the comments if you’ve got any WMI queries worth sharing, or if you’d like a deeper explanation on anything

 

Advertisements

One thought on “Use Group Policy Preferences with WMI Targeting to Copy Files

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s