To totally unlock this section you need to Log-in
The primary tool for logging PowerShell activity has been the Start-Transcript cmdlet. Simply enter this cmdlet followed by a path and filename for the log file that you want to create. PowerShell will populate the log file with every subsequent command that is entered.
The transcripts that PowerShell generates are actually quite impressive. The Start-Transcript cmdlet writes a header to the log file. This header lists things like the username, machine name, and the date and time when the transcript was started (among other things).
As you enter commands into PowerShell, the transcription engine not only logs the commands, but also the command output. The transcript not only shows that a cmdlet was used, it also shows us the output that appeared within the PowerShell console when the command was run.
Obviously, the Start-Transcript cmdlet functionality can be very useful during script tests and even in production code.
Now let’s see a basic method using which we can transcript or record the PowerShell session. Let’s begin typing PowerShell in the Search bar in Windows and from the results that appear, click on PowerShell.
In the PowerShell command window, let’s type:
|Start-Transcript -Path “Desktop\transcript.txt”|
All the commands you have run with their outputs will be saved in the desktop as a text file. We can later view this in Notepad.
Adding -append switch at the end of transcript command allows adding new transcript at the end of an existing file without overwriting.
Add the following command in PowerShell:
|Start-Transcript -Path “Desktop\transcript.txt” -Append|
After entering the above command, now enter the other your everyday commands and scripts.
The above command will append the recent commands and their outputs in the existing text file without overwriting it.
You can add -Confirm switch parameter after the transcript command. It will ask for confirmation before executing the command.
|Start-Transcript -Path “Desktop\transcript.txt” -Confirm|
After quitting PowerShell session, the recording stops. You can stop recording manually by running Stop-Transcript.
In a PowerShell remote session, you can start recording on the remote host. The file is saved on the remote computer. We are logged on another server. We start a PowerShell Session to Example01 and run Start-Transcript. Look what happens:
Enter-PSSession -ComputerName Example01
To start recording every time when you start PowerShell session, simply modify your actual PowerShell Profile. To create a profile type:
|New-Item -Path $Profile -Force|
Next, add Start-Transcript to your profile.
|Add-Content -Path $Profile -Value “Start-Transcript”|
This will start recording automatically. Close PowerShell and open it again. You should see the following:
Powershell Transcript – GPO Approach
Rather than relying on the Start-Transcript cmdlet, you can instead enable transcription at the group policy level.
To do so, open the Group Policy Object Editor and then navigate through the console tree to Computer Configuration | Administrative Templates | Windows Components | Windows PowerShell. As you can see in the figure below, there is a group policy setting called Turn on PowerShell Transcription.
Enabling this setting results in the system wide transcription of PowerShell cmdlets. It also keeps you from having to manually start the transcription process.
You can enable PowerShell transcription at the group policy level by using the Turn on PowerShell Transcription setting. Once enabled, the system wide transcription feature logs PowerShell use on a per user basis. If a user enters a PowerShell command, a record of that command is written to a document within that user’s My Documents folder.
If you would rather log PowerShell usage in a more centralized way, then you can use the group policy setting to specify an output folder, as shown in the figure below. Just be sure to apply the appropriate permissions to the folder.
In case you are wondering, the system wide transcription functionality works the same way as using the Start-Transcript cmdlet. The only difference is that you do not have to manually enter the cmdlet, and transcriptions work across multiple sessions and even support PowerShell ISE.