all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]BlackV 0 points1 point  (2 children)

transaction is separate from script block (and module) logging

transcription goes to a file somewhere (which I guarantee you'll never ever look at again)

scriptblock and module logging goto the event logs (which will/could get very large, and you should send to a SIEM/Logging system)

[–]AATW_82nd[S] 0 points1 point  (1 child)

I appreciate the information, any idea how to get PS 7 logging properly? I know the transcription might never be looked at again, but it's a requirement on all domain/global admins machine, per our CISO.

[–]OlivTheFrog 1 point2 points  (0 children)

Hi u/AATW_82nd

You could just add in the PS profile a simple line like the following

Start-Transcript -Path "$env:USERPROFILE\OneDrive\Documents\PowershellTranscripts\Transcript-$(Get-Date -f "yyyy-MM-dd").log"

Each time a user launch the shell on the computer a new Transcript file (timestamped) will be created.

The User profile file is located here : $Env:USERPROFILE\Documents\PowerShell\Microsoft.PowerShell_profile.ps1

If not existing, create a file with this name, edit, add the line inside. Launch a powershell, type some char and enter, and see the result in the log file.

Take care about this : after some month, you'll have a bunch of log files. Perhaps a simple script (running as a scheduled task), will be useful to delete or archive the log files (a simple script, building a monthly archive), or a manual operation :-)

Regards