When building a WQL query, string values must be quoted; numeric and Boolean values do not need quotes.
As the filter is also a string, this often means nesting quotes within one another. The following techniques may be used to avoid needing to use PowerShell's escape character.
For filters or queries containing fixed string values, use either of the following styles. Use single quotes outside and double quotes inside:
Get-CimInstance Win32_Process -Filter 'Name="powershell.exe"'
Alternatively, use double quotes outside and single quotes inside:
Get-CimInstance Win32_Process -Filter "Name='powershell.exe'"
For filters or queries containing PowerShell variables or sub-expressions, use double quotes outside, as variables within a single-quoted string that will not expand:
Get-CimInstance Win32_Process -Filter "ProcessId=$PID" Get-CimInstance Win32_Process -Filter "ExecutablePath LIKE '$($pshome -replace '', '')%'"
The regular expression '' represents a single literal '', as the backslash is normally the escape character. Each '' in the pshome path is replaced with '' to account for WQL using '' as an escape character as well.
Finally, if a filter contains several conditions, consider using the format operator, as shown in this splatting block:
$params = @{
ClassName = 'Win32_Process'
Filter = 'ExecutablePath LIKE "{0}%" AND WorkingSetSize<{1}' -f
($env:WINDIR -replace '', ''),
100MB
}
Get-CimInstance @params