89 lines
3.3 KiB
PowerShell
89 lines
3.3 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
Configures PowerShell transcript logging for remote sessions.
|
|
|
|
.DESCRIPTION
|
|
Enables comprehensive transcript logging via registry settings,
|
|
creates the logging directory with proper permissions, and sets up
|
|
automatic log rotation.
|
|
|
|
.NOTES
|
|
Author: ClaudeTools Automation
|
|
Version: 1.0
|
|
Run as Administrator
|
|
#>
|
|
|
|
$ErrorActionPreference = 'Stop'
|
|
$transcriptPath = "C:\ClaudeTools\Logs\Transcripts"
|
|
|
|
Write-Host "Configuring PowerShell Transcript Logging..." -ForegroundColor Cyan
|
|
|
|
# Create transcript directory
|
|
if (-not (Test-Path $transcriptPath)) {
|
|
New-Item -ItemType Directory -Path $transcriptPath -Force | Out-Null
|
|
Write-Host "Created transcript directory: $transcriptPath" -ForegroundColor Green
|
|
}
|
|
|
|
# Set permissions on transcript directory
|
|
# Administrators: Full Control, SYSTEM: Full Control, Remote Management Users: Read/Write
|
|
$acl = Get-Acl $transcriptPath
|
|
$acl.SetAccessRuleProtection($true, $false) # Disable inheritance
|
|
|
|
# Add Administrators - Full Control
|
|
$adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
|
|
"Administrators", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
|
|
)
|
|
$acl.AddAccessRule($adminRule)
|
|
|
|
# Add SYSTEM - Full Control
|
|
$systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
|
|
"SYSTEM", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
|
|
)
|
|
$acl.AddAccessRule($systemRule)
|
|
|
|
# Add Remote Management Users - Modify (so they can write transcripts)
|
|
$rmRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
|
|
"Remote Management Users", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow"
|
|
)
|
|
$acl.AddAccessRule($rmRule)
|
|
|
|
Set-Acl $transcriptPath $acl
|
|
Write-Host "Set permissions on transcript directory" -ForegroundColor Green
|
|
|
|
# Configure PowerShell transcript logging via registry
|
|
$psPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription"
|
|
|
|
if (-not (Test-Path $psPath)) {
|
|
New-Item -Path $psPath -Force | Out-Null
|
|
}
|
|
|
|
# Enable transcription
|
|
Set-ItemProperty -Path $psPath -Name "EnableTranscripting" -Value 1 -Type DWord
|
|
Set-ItemProperty -Path $psPath -Name "EnableInvocationHeader" -Value 1 -Type DWord
|
|
Set-ItemProperty -Path $psPath -Name "OutputDirectory" -Value $transcriptPath -Type String
|
|
|
|
Write-Host "Enabled PowerShell transcription via registry" -ForegroundColor Green
|
|
|
|
# Also enable module logging for additional audit trail
|
|
$modulePath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging"
|
|
if (-not (Test-Path $modulePath)) {
|
|
New-Item -Path $modulePath -Force | Out-Null
|
|
}
|
|
Set-ItemProperty -Path $modulePath -Name "EnableModuleLogging" -Value 1 -Type DWord
|
|
|
|
# Enable script block logging
|
|
$scriptPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
|
|
if (-not (Test-Path $scriptPath)) {
|
|
New-Item -Path $scriptPath -Force | Out-Null
|
|
}
|
|
Set-ItemProperty -Path $scriptPath -Name "EnableScriptBlockLogging" -Value 1 -Type DWord
|
|
|
|
Write-Host "Enabled module and script block logging" -ForegroundColor Green
|
|
|
|
Write-Host "`nTranscript logging configuration complete!" -ForegroundColor Green
|
|
Write-Host "Transcripts will be saved to: $transcriptPath"
|
|
|
|
# Display current settings
|
|
Write-Host "`n--- Current Settings ---" -ForegroundColor Yellow
|
|
Get-ItemProperty -Path $psPath | Select-Object EnableTranscripting, EnableInvocationHeader, OutputDirectory
|