Transcript design guidance needed

This topic contains 1 reply, has 2 voices, and was last updated by  Don Jones 3 years, 7 months ago.

  • Author
    Posts
  • #14910

    GS
    Participant

    Hello,

    I'm trying to implement global logging for any commands which are being executed via powershell web access or WinRM remoting. I would like to be emailed everything what is being done during those connections. How do I do it most effectivily?
    Is there an option to start transcript and then end transcript and send it over email via some profile script of something?

    Greg

  • #14915

    Don Jones
    Keymaster

    Not that straightforward, no. Starting a remote session doesn't run a profile, for example. You'd probably have to create a custom endpoint, and either (a) always connect to it, or (b) replace the default endpoint Microsoft sets up for you. In that endpoint, you could probably run a script that possibly did some logging.

    This isn't easy, as a transcript per se wouldn't necessarily work. Transcripts are run by the console app (-ish), not PowerShell itself. So you couldn't just run start-transcript. In reality, this would possibly involve building a custom PowerShell host to use instead of wsmprovhost.exe – not straightforward at all. PowerShell just isn't built with this in mind.

    BeyondTrust makes what is essentially a remoting proxy server, that can log everything going through remoting. That's what you want, although building that yourself wouldn't be simple.

You must be logged in to reply to this topic.