PowerShell Command Log
PowerShell commands executed by scripts, applications, or users can be collected by BusinessLog and displayed in the Working Log and Access Logs, provided that PowerShell module logging is enabled on the client machines.
1. To enable logging on client machines, specific registry keys must be configured in Registry Editor under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\
2. Create the “PowerShell” key, and under this key, create two additional keys named: Module-Logging e ModuleNames.
3. Within ModuleLogging create a DWORD value named “EnableModuleLogging” and set it to 1.
4. Within ModuleNames, create a string value with both name and value set to: "Microsoft.PowerShell.*".
These keys should be deployed through Group Policy to ensure distribution across all machines:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging] "EnableModuleL-ogging"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\Modu leNames]
"Microsoft.PowerShell.*"="Microsoft.PowerShell.*"
ATTENTION:
If the NinjaOne software is present in the network, PowerShell logging may generate several million log entries, leading to a significant increase in database size.
In such cases, the use of PowerShell logging is not recommended, as it may negatively affect application performance.