Author Posts

April 30, 2014 at 1:34 pm

Hello,

I'm trying to implement global logging for any commands which are being executed via powershell web access or WinRM remoting. I would like to be emailed everything what is being done during those connections. How do I do it most effectivily?
Is there an option to start transcript and then end transcript and send it over email via some profile script of something?

Greg

May 1, 2014 at 4:04 am

Not that straightforward, no. Starting a remote session doesn't run a profile, for example. You'd probably have to create a custom endpoint, and either (a) always connect to it, or (b) replace the default endpoint Microsoft sets up for you. In that endpoint, you could probably run a script that possibly did some logging.

This isn't easy, as a transcript per se wouldn't necessarily work. Transcripts are run by the console app (-ish), not PowerShell itself. So you couldn't just run start-transcript. In reality, this would possibly involve building a custom PowerShell host to use instead of wsmprovhost.exe – not straightforward at all. PowerShell just isn't built with this in mind.

BeyondTrust makes what is essentially a remoting proxy server, that can log everything going through remoting. That's what you want, although building that yourself wouldn't be simple.