Turn on PowerShell TranscriptionID: oval:org.secpod.oval:def:82075 | Date: (C)2022-07-15 (M)2023-12-12 |
Class: COMPLIANCE | Family: windows |
This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other
applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents
directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent
to calling the Start-Transcript cmdlet on each Windows PowerShell session.
If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled
through the Start-Transcript cmdlet.
If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users
from viewing the transcripts of other users or computers.
Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows PowerShell\Turn on PowerShell Transcription
(2) REG: HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription!EnableTranscripting
(2) REG: HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription!OutputDirectory
Platform: |
Microsoft Windows Server 2019 |