23 lines
619 B
Markdown
23 lines
619 B
Markdown
|
# Powershell Logs
|
||
|
|
||
|
## Powershell User History
|
||
|
|
||
|
```sh
|
||
|
cd $env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
|
||
|
```
|
||
|
|
||
|
## Transcript Logs
|
||
|
|
||
|
* Enable via
|
||
|
```sh
|
||
|
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /t REG_DWORD /d 0x1 /f
|
||
|
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v OutputDirectory /t REG_SZ /d C:/ /f
|
||
|
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableInvocationHeader /t REG_DWORD /d 0x1 /f
|
||
|
```
|
||
|
|
||
|
## Usage
|
||
|
|
||
|
```sh
|
||
|
Get-EventLog -List
|
||
|
```
|