Enabling Script Block Logging

by Sep 26, 2018

In the previous tips, we took a deep look at how PowerShell 5 script block logging works: in a nutshell, when enabled, all PowerShell code that executes on a machine is logged so you can browse through the source code and see what PowerShell code is used on your machine(s).

We baked this into a free PowerShell module that is available from the PowerShell Gallery, so to enable script block logging, all you need is a PowerShell 5.x console with Administrator privileges, and this code:

Install-Module -Name scriptblocklogginganalyzer -Scope CurrentUser
Set-SBLLogSize -MaxSizeMB 1000

Once script block logging is active, you can dump the log and examine the logged script code like this:

Get-SBLEvent | Out-GridView 

Twitter This Tip! ReTweet this Tip!