Filtering Objects in the Pipeline

In this IT Pro Challenge virtual lab, you will get hands-on experience crafting Windows PowerShell commands that take advantage of the pipeline function and filtering with the Where-Object cmdlet. You will also use combinations of filters and parameters to find very specific detail regarding groups, processes, services, features, objects, and logs.

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


Lab Overview:

In this lab, you are an administrator in an Azure environment. (Note: Temporary Azure portal credentials are provided in your lab instructions.) You will use Windows PowerShell commands and send them to the pipeline (i.e., writing a command and putting a pipe ‘|’ after it, to send the output into another command or set of commands). This allows you, as an administrator, to explore tactics for effectively managing your Windows environment. You will become familiar with the following commands:

  • Get-LocalGroup
  • Get-Process
  • Get-Service
  • Get-EventLog
  • Get-WmiObject
  • Get-ChildItem

The tasks accomplished in this hands-on lab will prepare you for being a systems administrator, security analyst, or a penetration tester.

Understand the scenario

You are a system administrator for a company that needs to manage many servers. In preparation for this process, you need to determine which Windows PowerShell commands are required to filter objects on a single server. First, you will use simplified filtering syntax in Windows PowerShell to search for different types of objects and then filter the results based on one condition. Next, you will use standard filtering in queries that have multiple conditions. In these examples, you will be experimenting with just a few object types. The filtering commands can handle almost any kind of object that you send them.

Configure your environment

In this task, you will log in to the Azure portal and connect, over RDP, to a pre-configured Windows Server virtual machine. On the VM, you will use Windows PowerShell to create a new directory to operate within. Once you create the new directory, using the New-Item command, you will navigate to that directory.

Search for objects using simplified syntax

In this task, you will first run a command without using the pipeline operation. Then, you will run another command that results in the same output but uses a pipeline operation. This allows you to compare functionality, and to ultimately understand the structure of using the pipeline to perform increasingly complicated tasks. You will also practice using parameters in your commands, such as: -eq (equals), -gt (greater than), and -Like and -NotLike, which allows you to match (or not match) using wildcard characters. Finally, you’ll learn to manipulate your output by using the Format-Table command, which allows you to specify the detail and order in which data is output.

Create queries that have multiple conditions using standard syntax

For this task, you will run commands, send their output to the pipeline, use the Where-Object standard syntax, and practice using the PSItem variable ($_.) to filter on specific criteria, such as processes that are named “svchost” and have a paged memory value greater than 5 megabytes. You will also learn to manipulate the output by using the sort command. Finally, you will use -and and -or conditions, and you will learn how to take action on an object, such as start or stop a service that is found to match your filtering criteria.

Lab Summary

In this hands-on challenge, you will learn how to effectively use the pipeline to filter on objects, resulting in insights and actions based on criteria that you specify. You will learn to run several commands, send their output to the pipeline to further filter and return results in the desired format. The Where-Object cmdlet will be used, along with the $_. (PSItem) variable, to allow you to craft very specific filters.