Understanding Script Block Logging (Part 7)

by Jul 2, 2018

This is part 7 of our mini-series covering PowerShell script block logging. We now just need some cleanup tool that can clear the script block logging log. For this, you need Administrator privileges.

Before you clear the log: this will clear the entire PowerShell log. If you do not own the machine, make sure it is OK to delete this information. It may be used by others for forensic security analysis.

Here is a function that clears the log:

function Clear-PowerShellLog
      Ckears the entire PowerShell operational log including 
      script blog logging entries. 
      Administrator privileges required.

      Clears the complete content of the log 
      This includes all logged script block code.

      Clears the entire log Microsoft-Windows-PowerShell/Operational.
    $ErrorActionPreference = 'Stop'
    wevtutil cl Microsoft-Windows-PowerShell/Operational
    Write-Warning "Administrator privileges required. Run this command from an elevated PowerShell."

