Log all PowerShell commands and outputs and write them in text files

PowerShell is becoming more and more popular and replaces the previously known command prompt commands in many areas. For various reasons, it would sometimes be advisable to log all PowerShell commands and their outputs and results .

This PowerShell protocol really exists, but very few Windows users know that. You can use Windows Group Policy to have everything that is done in the PowerShell console automatically written to text files . This short article describes how this works.

To turn on PowerShell logging , you need to go to the following group policy. It is in the GPO path

Computer Configuration / Administrative Templates / Windows Components / Windows PowerShell

and the GPO bears the name

Activate PowerShell recording

Activate PowerShell recording

If you activate this GPO ” Activate PowerShell recording “, you still have to specify the path where Windows should write the PowerShell log files.

Microsoft has released the following information about this PowerShell Group Policy.

This policy setting allows you to capture the input and output of Windows PowerShell commands in text-based recordings .

If you enable this policy setting, Windows PowerShell enables recordings for Windows PowerShell, Windows PowerShell ISE, and all other
applications that use the Windows PowerShell module. By default, Windows PowerShell records the recording output in
each user’s My Documents directory . In addition to ‘PowerShell_transcript’, the file name contains the computer name and the start time. Enabling this policy is equivalent
to calling the Start Transcript cmdlet for each Windows PowerShell session.

If you disable this policy setting, PowerShell-based application recording is disabled by default, although it
can still be enabled using the Start Transcript cmdlet.

If you enable recording logging in a common location via the OutputDirectory setting , you should restrict access to this directory to prevent users from viewing
the recordings of other users or computers.

Note: This policy setting is available in the Group Policy Editor under both “Computer Configuration” and “User Configuration”. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.

After activation, the logging of all PowerShell entries is already active. We have shown you this as an example below.

PowerShell log file

As you can see, after executing a PowerShell command in the PowerShell console, a subdirectory is automatically created under the specified log directory (here C: PowerShell log) with the current date.

In this new directory there is then a PowerShell transcript , i.e. a text file with all the necessary information on the date, time, PC name, executing user, Windows build version, computer name, etc.

Furthermore, the exact date , the exact time and the issued PowerShell command are logged . The result of the command is also written into the text file .

So with this GPO you have the perfect control instrument for PowerShell commands and scripts and you can easily track everything without having to worry about it.

Finally, you will find more PowerShell posts here that we have only recently published.

– Disable pre-scrolling in the command prompt and PowerShell console
– Legacy console – Additional console settings and improvements to the command prompt & PowerShell console
– Change the transparent display of the prompt or the PowerShell console
– Quickly call up the command prompt (CMD) and PowerShell as a administrator
– Command prompt or PowerShell in full-screen mode open
– in the Win + X menu replace command prompt with PowerShell
– replace command prompt with Powershell in the start menu