Skip to content
/ PS_logging_reg Public

A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed

16 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

matthewdunwoody/PS_logging_reg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
PS_logging.reg
PS_logging.reg
 
 
README.md
README.md
 
 

Repository files navigation

PS_logging.reg

A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed. This file will modify the registry to enable:

  • Module logging for all modules
  • Script block logging
  • Transcription with:
    • Default directory selected (user's documents folder)
    • Invocation header enabled

Usage

Import using regedit - either through the UI (file -> import) or command line (regedit.exe PS_logging.reg)

To change the output directory for transcripts, set the value for: "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\PowerShell\Transcription" -> "OutputDirectory"=""

References

https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

About

A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed

Resources

Readme
Activity

Stars

16 stars

Watchers

7 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published