I'm trying to implement global logging for any commands which are being executed via powershell web access or WinRM remoting. I would like to be emailed everything what is being done during those connections. How do I do it most effectivily?
Not that straightforward, no. Starting a remote session doesn't run a profile, for example. You'd probably have to create a custom endpoint, and either (a) always connect to it, or (b) replace the default endpoint Microsoft sets up for you. In that endpoint, you could probably run a script that possibly did some logging.
This isn't easy, as a transcript per se wouldn't necessarily work. Transcripts are run by the console app (-ish), not PowerShell itself. So you couldn't just run start-transcript. In reality, this would possibly involve building a custom PowerShell host to use instead of wsmprovhost.exe – not straightforward at all. PowerShell just isn't built with this in mind.
BeyondTrust makes what is essentially a remoting proxy server, that can log everything going through remoting. That's what you want, although building that yourself wouldn't be simple.
You must be logged in to reply to this topic.