In the previous tip we introduced the free ScriptBlockLoggingAnalyzer module which uncovers the code that PowerShell logs. By default, this is limited to only a few commands, but if you enable full Script Block Logging, then any code run by anyone on your machine is logged.
Here are the steps to take (applies to Windows PowerShell, run from a PowerShell with elevated privileges!):
#requires -RunAsAdministrator # install the module from the Gallery (only required once!) Install-Module ScriptBlockLoggingAnalyzer -Force # enable full script block logging Enable-SBL # extend the log size Set-SBLLogSize -MaxSizeMB 100 # clear the log (optional) Clear-SBLLog
From now on, all PowerShell code on this machine is logged. To view the logged code, use this:
PS> Get-SBLEvent | Out-GridView