In one of my previous posts “PowerShell: Documenting your work with Start-Transcript” I’ve described how to manually configure PowerShell Transcripting by using the command Start-Transcript. In this article I show how to use Group Policy for configuring Transcription logging for all PowerShell users.
Turn on PowerShell Transcription
Open cmd or PowerShell and type gpedit.msc. This will open the Group Policy Editor.
gpedit.msc
Navigate to Computer Configuration – Administrative Templates – Windows Components – Windows PowerShell and double-klick “Turn on PowerShell Transcription”. Click on Enable and enter your prefered Output Directory. You can also activate “Include invocation headers”. I will explain this later.
Click OK twice. To make sure, that your settings are applied run
gpupdate /force
Testing the functionality
Open Windows PowerShell. Enter some commands and then review your output directory. You should see one or more files.
The Invokation Headers
If you activate Invokation headers, then each command is recorded with a command start time.
The first screenshot shows Transcription Logging without invokation headers activated:
The second one shows logging with invokation headers activated:
See also
Another way to configure transcripting is to include the command start-transcript in your PowerShell Profile, which I described here: How to create PowerShell Profiles.
See also my English article about Start-Transcript PowerShell: Documenting your work with Start-Transcript or if you prefer German see my article PowerShell: Sitzung aufzeichnen mit start-transcript.
Categories: PowerShell
sorry for the doubles. the page didn’t seem to like my login
LikeLike
can you use wildcards in the path to create a separate folder for every user? adding the username to a folder or the log file name would be helpful to be able to differentiate between 20 users running scripts on the same RDP server.
LikeLike
May I know whether this policy will record EMS command?
LikeLike
Thank you for your comment. This is new to me.
LikeLike
Are you aware CIS policy actually recommends and check that PS transcripting is disabled in their compliance template. As if someone pass creds, etc in a PS script it’s recorded and easily viewable.
Thoughts?
PN
LikeLike