PowerShell Security: Enabling Transcription Logging by using Group Policy

In one of my previous posts “PowerShell: Documenting your work with Start-Transcript” I’ve described how to manually configure PowerShell Transcripting by using the command Start-Transcript. In this article I show how to use Group Policy for configuring Transcription logging for all PowerShell users.

Turn on PowerShell Transcription

Open cmd or PowerShell and type gpedit.msc. This will open the Group Policy Editor.


Navigate to Computer Configuration – Administrative Templates – Windows Components –  Windows PowerShell and double-klick “Turn on PowerShell Transcription”. Click on Enable and enter your prefered Output Directory. You can also activate “Include invocation headers”. I will explain this later.


Click OK twice. To make sure, that your settings are applied run

gpupdate /force

Testing the functionality

Open Windows PowerShell. Enter some commands and then review your output directory. You should see one or more files.


The Invokation Headers

If you activate Invokation headers, then each command is recorded with a command start time.

The first screenshot shows Transcription Logging without invokation headers activated:


The second one shows logging with invokation headers activated:


See also

Another way to configure transcripting is to include the command start-transcript in your PowerShell Profile, which I described here: How to create PowerShell Profiles.

See also my English article about Start-Transcript PowerShell: Documenting your work with Start-Transcript or if you prefer German see my article PowerShell: Sitzung aufzeichnen mit start-transcript.

Categories: PowerShell

Tagged as: ,

7 replies »

  1. can you use wildcards in the path to create a separate folder for every user? adding the username to a folder or the log file name would be helpful to be able to differentiate between 20 users running scripts on the same RDP server.


  2. Are you aware CIS policy actually recommends and check that PS transcripting is disabled in their compliance template. As if someone pass creds, etc in a PS script it’s recorded and easily viewable.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.