about_Nfc_Tokens_Filter
Describes the syntax and behavior of the NFC token search filter that is supported by the SystoLOCK module for Windows PowerShell.
Some commands in the SystoLOCK module use the Filter parameter to search for tokens. The Filter parameter was implemented to provide support for PowerShell variables, rich data types, improved error checking, and an extended form of the PowerShell Expression Language.
Using token filters allows you to improve the performance of a token lookup operation by moving the actual filtering logic to the server side.
The following syntax descriptions use the Backus-Naur form to show the SystoLOCK Expression Language for the Filter parameter.
<Filter> ::= '{' <FilterComponentList> '}'
<FilterComponentList> ::= <FilterComponent>
| <FilterComponent> <JoinOperator> <FilterComponent>
| <NotOperator> <FilterComponent>
<FilterComponent> ::= <PropertyName> <FilterOperator> <Value>
| '(' <FilterComponent> ')'
<FilterOperator> ::= '-eq' | '=='
| '-le' | '<='
| '-ge' | '>='
| '-ne' | '!=' | '<>'
| '-lt' | '<'
| '-gt' | '>'
| '-approx' | '~='
| '-bor' | '|'
| '-band' | '&'
| '-recursivematch'
| '-like' | '~'
| '-notlike' | '-nlike' | '!~'
<JoinOperator> ::= <AndOperator> | <OrOperator>
<AndOperator> ::= '-and' | '&&'
<OrOperator> ::= '-or' | '||'
<NotOperator> ::= '-not' | '!'
<Value> ::= *
| $null
| $true | false
| NUMBER | 0xHEXNUMBER
| IDENTIFIER | '<STRING>' | "<STRING>"
| $PowerShellVariable
Algorithm: Algorithm used to encrypt the token.AnswerToReset: The answer to reset command for the token.CreationTime: Time when a token was created.DisableTime: Value indicating when the token was disabled.FriendlyName: Token friendly name.HasPin: Indicates whether the token has a PIN.Identifier: Token unique identifier.LastTimeUsed: The last time the token was used.LockTime: Value indicating when the token was locked.NotAfter: Time when a token becomes valid.NotBefore: Time when a token becomes invalid.NumberOfTransactions: Maximum number of times the token can be used.PerformedTransactions: Number of successfully completed transactions.SerialNumber: Serial number of the token.Type: Type of the token.User: Identifier of the user assigned to this token.| Operator name | Description | Example |
|---|---|---|
Present |
Checks if a property present | Identifier -eq * |
Absent |
Checks if a property absent | Identifier -ne * |
Equal |
Compares a property for equality | NumberOfTransactions -eq 6 |
LessThanOrEqual |
Checks whether a property is less than or equal to a value | NumberOfTransactions -le 4 |
GreaterThanOrEqual |
Checks whether a property is greater than or equal to a value | NumberOfTransactions -ge 8 |
NotEqual |
Compares a property for inequality | NumberOfTransactions -ne 6 |
LessThan |
Checks whether a property is less than a value | PerformedTransactions -lt 15 |
GreaterThan |
Checks whether a property is greater than a value | PerformedTransactions -gt 16 |
Approx |
Checks whether a property is approximately equal to a value | PerformedTransaction ~= 11 |
BinaryOr |
Performs bitwise or operation | NumberOfTransactions -bor 23 |
BinaryAnd |
Performs bitwise and operation | NumberOfTransactions -band 42 |
RecursiveMatch |
Performs a recursive equality match | User -recursivematch 'cn=User,dc=example' |
Like |
Allows wildcard comparisons with * | FriendlyName -like '*external' |
NotLike |
Allows negated wildcard comparisons with * | FriendlyName -notlike '*external' |
And |
Joins conditions using AND | PerformedTransactions <= 23 -and LockTime == * |
Or |
Joins conditions using OR | NumberOfTransactions >= 42 -or LockTime == * |
Not |
Negates condition | -not Algorithm == Aes128 |
Get-SystoLockNfcToken -Filter 'Identifier -like YSN*'
Get-SystoLockNfcToken -Filter ' NumberOfTransactions -ge 8' | Measure-Object
$monthAgo = [DateTime]::UtcNow.AddDays(-30)
Get-SystoLockNfcToken -Filter 'LastTimeUsed -lt $monthAgo'
The following section gives examples of how to use the filters in common queries.
- Get-SystoLockNfcToken