Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use the WQL comparison operators with Windows PowerShell in a WQL query and in a filter.
Hey, Scripting Guy! Your WMI blogs this week have been awesome. I have learned a lot about using WMI that I did not know. One thing you mentioned yesterday was the operators, but you only talked about using the equals’ operator. I would like to see some examples of using the different operators.
—SM
Hello SM,
Microsoft Scripting Guy, Ed Wilson, is here. The Scripting Wife decided to surprise me this morning. She told me that she was going to take me out to lunch. Now this is something she never does. In fact, on many days during the week, she will actually bring food to my desk to keep me working through lunch. I, on the other hand, prefer to get up from my desk and actually enjoy eating my food elsewhere during lunch. I also like to do a bit of reading while I am eating lunch. Currently, I have the Encyclopedia Mysteriosa on the table. The short articles are perfect for perusing during lunch. I am not doing anything like actually reading through in sequence; instead, I open random pages and begin reading. It is the literary equivalent to diving into a box of assorted chocolates without reading the schematic on the lid (sorry Forest Gump). So the Scripting Wife found a new German Restaurant that we went to for lunch. I love German food, so it was a special treat (although we had iced tea instead of one of the other beverages that Germany is famous for).
Understanding and using WQL operators in a WQL query
The WQL operators are fairly straightforward to use. It really only takes a bit of practice to use them effectively. In addition, the comparison operators are pretty basic, and they do not have many idiosyncrasies.
Using not equal
For example, to use the not equal operator (<>), you express a condition on the left side of the operator and specify that that condition does not equal what is placed on the right side of the operator. This is easier than it sounds. For example, the clause appearing here says that the state is not equal to stopped. If this condition was for services, running and paused services would be allowed through the filter, but stopped services would be filtered out of the result.
where state <> ‘stopped’
The query that follows returns the name and the state properties from services, but it only does this if the state of the service is not equal to stopped. The Get-WmiObject cmdlet is used to perform the query, and a table is created that lists the name and the state of each service.
$query = “Select name,state from win32_service where state <> ‘stopped'”
Get-WmiObject -Query $query | Format-Table name, state
The image that follows illustrates running this query and shows a sample of the output from the query.
The following table lists comparison operators that are used in WQL.
Operator |
Meaning |
= |
Equal |
<> |
Not equal |
< |
Less than |
> |
Greater than |
<= |
Less than or equal |
>= |
Greater than or equal |
!= |
Not equal |
This table shows that the not equal operator (<>) can also be written as (!=). This is shown here:
$query = “Select name,state from win32_service where state != ‘stopped'”
Get-WmiObject -Query $query | Format-Table name, state
Using the greater than or less than operators
The greater than and the less than operators work with letters and numbers. For example, in the following query, the name of each process is selected from all the Win32_Process objects. But this only takes place if the name is less than the letter ‘e’. To make it easier to understand, the results show that the Select-Object cmdlet selects the name, and the Sort-Object cmdlet sorts the output based on the name property. The query and the results from calling the query are shown here.
PS C:\> $query = “select name from win32_process where name < ‘e'”
PS C:\> Get-WmiObject -Query $query | select name | sort name
name
—-
armsvc.exe
BTStackServer.exe
BTTray.exe
btwdins.exe
conhost.exe
csrss.exe
csrss.exe
CxAudMsg64.exe
dpupdchk.exe
dwm.exe
DZSVC64.EXE
Flipping the operator from less than to greater than, produces a list of the other processes. The only thing that appears a bit strange is that the explorer.exe process appears in this listing. But that is because “ex” is “greater than” ‘e’. The query is shown here:
$query = “select name from win32_process where name > ‘e'”
Get-WmiObject -Query $query | select name | sort name
Using the less than or equal to operator
The less than or equal to operator filter values that are equivalent to or less than a particular value. In the query that follows, the name and the processID properties from the Win32_Process class are chosen, but only if the processID value is less than or equal to 1004. When evaluating numbers, they do not need to be placed inside quotation marks. The query, and the information associated with the query are shown here:
PS C:\> $query = “select name, processID from win32_process where processID <= 1004”
PS C:\> Get-WmiObject -Query $query | select name, processID | sort processID
name processID
—- ———
System Idle Process 0
System 4
smss.exe 316
svchost.exe 336
csrss.exe 448
svchost.exe 456
svchost.exe 504
wininit.exe 572
csrss.exe 580
services.exe 620
lsass.exe 644
lsm.exe  
0 comments