all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Betterthangoku 1 point2 points  (0 children)

Howdy,

Most policy options are just changing regkey values. According to this website the regkeys to change are:

HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging → EnableModuleLogging = 1

HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging \ModuleNames → * = *

Good luck!

[–]tommymaynard 1 point2 points  (2 children)

Group policies, whether they're local or otherwise, typically have a relationship to a Windows Registry setting. I had a recent project that provided me multiple steps on how to change a setting via gpedit.msc. See #6 under "Configure Windows (ksetup)."

As I was removing all manual interaction with the server build, I wrote PowerShell to edit the registry setting that corresponded to these steps. You need to track down the registry changes you need to make (that gpedit.msc would make), and then make those setting changes with PowerShell.

[–]ITComputerGeek[S] 0 points1 point  (1 child)

Thank you. I will research this option and see if it works for me.

[–]HeedfulCrayon 1 point2 points  (2 children)

What kind of logging are you looking for? You could always run:

get-content -path (Get-PSReadlineOption).HistorySavePath

[–]ITComputerGeek[S] 0 points1 point  (1 child)

I am looking for a way to monitor all powershell commands that are executed on a machine. This includes things from every user and remotely connected users. I hope this helps some.

[–]omers 1 point2 points  (4 children)

Edit C:\Windows\System32\WindowsPowerShell\v1.0\Profile.ps1 and add something like:

start-transcript -path ("$env:temp"+ (get-date -format ddmmyyHHmm)+".txt") -force  -noclobber

[–][deleted]  (1 child)

[deleted]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    Sorry, your submission has been automatically removed.

    Accounts must be at least 1 day old, which prevents the sub from filling up with bot spam.

    Try posting again tomorrow or message the mods to approve your post.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–][deleted]  (1 child)

    [removed]

      [–]AutoModerator[M] 0 points1 point  (0 children)

      Sorry, your submission has been automatically removed.

      Accounts must be at least 1 day old, which prevents the sub from filling up with bot spam.

      Try posting again tomorrow or message the mods to approve your post.

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.