Learning PowerShell – Lesson Four


PowerShell Lesson Four

By: Steven Aiello

Teach Your Self PowerShell – More PowerShell Commands

Additional PowerShell Commands

Piping “|” and Export-Csv

As you work with PowerShell you will need to do more than simply get system services and process information, or you will need more information than is presented on the screen. In reality PowerShell knows much more about information than it can fit on the screen. For example let’s take the command


This command has much more information than what’s showed when we execute the command which is status, name, and display name. If we wanted to know the other pieces of information how would we find them? This is where PowerShell can again help. If you remember the previous lesson we can execute the command

Get-Help Get-Service

This will display all the fields that can be used with the PowerShell command; however,, what if you needed to communicate this information to another person and you wanted to include all the data. It would be almost impossible. That’s where our next command comes into play.


The Export-Csv command will include all the information that PowerShell didn’t have room to fit on the screen. This also makes this feature very handy for looking through at leisure to see what fields of information are available to search for.

So how would we export this information?

Get-Service | Export-Csv c:Get-Service.csv

As you can see here we have used the pipe operator “|” to pass the results from one command to the next command. Here we are executing two commands one right after another. First the Get-Service command is executed and then the results are passed to the Export-Csv command which writes all the information to the requested file. In this case we placed the data at c:Get-Service.csv.

You will find yourself using this pipe “|” operator very frequently. This operator should be very familiar to you if you came from a Linux background, as it is frequently used there.

Using Select-Object to Filter Data

So while having all the data that Windows can throw at us is better than none, but really we want to find data that we care about. In order to do that we need some sort of filtering method; this is where the command:


comes into play. The great thing about PowerShell is that it doesn’t pass back strings of text like the Linux command shell does. PowerShell passes you objects that you can search through. If you’ve ever worked with Linux you can appreciate what a huge improvement this is over BASH. Much of the scripting in Linux consists of text parsing which isn’t directly related to the goal you’re trying to achieve. Instead of having to parse text with PowerShell you can simply tell the script what information you care about and that’s what you will get. For example if you only wanted to display the names of the processes in your system you could execute the command:

Get-Process | Select-Object Name

As you can see you will only get the names of the processes running on your system and no other information.

So far we’ve been able to select all the names of the processes on the system, but what if we want all the information about one process? This is where the “WHERE” keyword comes into play.

Note: The “WHERE” keyword is very important! It is a fundamental building block on which many advanced PowerShell actions are built on. It is not recommended that you move on until you fully understand this concept.

The “WHERE” keyword is fairly straight forward to use, however, the actual way it’s typed out can be slightly confusing. Don’t worry we will go slow and break it down piece by piece. Here’s an example:

Select-Process | WHERE {$_.ProcessName –eq “Dropbox”}

Now you’re kicking yourself if you didn’t do the homework from lesson two! That’s ok, let’s break this line down step by step:

Select-Process |

You should have a solid grasp on by this point so what’s going on next? What’s happening here is actually a loop which you will learn about soon. For the purpose of this lesson a loop is something that just repeats over and over until you tell it to stop. The “WHERE” is the kind of loop we are using in this instance. Don’t worry too much about loops at this point, we’re going to cover them in depth in the next lesson.

Next we have an opening “{“ this is an indication that we are about to enter into a code block. Again, don’t worry about this at this point, but it will play an important piece in the future. Now we’re on to the meat:

$_. < — Look here this is important!

This is important and what can be sometimes confusing to people. The “$_.” is a symbol that references one object and works with it as PowerShell goes through all the objects that have been passing through your screen:

So when you execute the command:

Select-Process | WHERE {$_.ProcessName –eq “Dropbox”}

What’s happening is PowerShell looks at “auditog” and asks the question: Is this process named Dropbox? No? Then let’s move onto the next item in the list. Is BTStackServer the process named Dropbox? No again. PowerShell goes though all these processes in a row from top to bottom until it hits the process with the name that you told it to look for in this case Dropbox. Once it finds the process with the name Dropbox it will give you all the information it has about that process and display it to you either on the screen or in a csv file if you choose to export it.

At this point you can do some pretty powerful things with PowerShell. You can select objects based on their name, you can select only a column of data that you find important, and you can save all the data to csv files for later processing.


Leave a reply

fifty six − forty nine =

This site uses Akismet to reduce spam. Learn how your comment data is processed.