Options to monitor any instance of Powershell

All replies

• 

  

  1

  Sign in to vote

  If you want to log every PowerShell cmdlet executed on a machine, use Transcription Logging. You can enable it using a Group Policy Object.

  References:
  https://docs.microsoft.com/en-us/powershell/wmf/5.0/audit_script
  https://sid-500.com/2017/11/07/powershell-enabling-transcription-logging-by-using-group-policy/

  
  

  • Proposed as answer by jrv Thursday, August 23, 2018 1:33 PM

  Thursday, August 23, 2018 1:32 PM
• 

  

  0

  Sign in to vote

  Good article John linked, but note the comment about alternate credentials in PowerShell scripts also being logged.

  ---

  Richard Mueller - MVP Enterprise Mobility (Identity and Access)

  Thursday, August 23, 2018 1:43 PM
• 

  

  0

  Sign in to vote

  Thank you John. Unfortunately, the computer is running Windows 7 that doesnt seem to support powershell transcription.

  Do you know of any 3rd party programs that could take care of that?

  Thursday, August 23, 2018 8:54 PM
• 

  

  0

  Sign in to vote

  Thank you John. Unfortunately, the computer is running Windows 7 that doesnt seem to support powershell transcription.

  Do you know of any 3rd party programs that could take care of that?

  
  I believe this is a feature of PowerShell V5, which is not shipped with Windows 7 by default, but you can install it. PowerShell transcription should work for Windows 7.
  

  • Edited by John Seerden Thursday, August 23, 2018 9:14 PM Typo

  Thursday, August 23, 2018 9:14 PM
• 

  

  0

  Sign in to vote

  WMF 5.1 is the latest and is here.

  ---

  \_(ツ)_/

  Thursday, August 23, 2018 9:16 PM