How to configure PowerShell Transcription with Microsoft Intune. When securing you organization the PowerShell Transcription is an important setting you want to configure. It makes sure, all PowerShell commands and their corresponding output that are executed are recorded. In this blog post we are going to have a look, How to configure PowerShell Transcription with Microsoft Intune.
Table of Contents
What is PowerShell Transcription?
PowerShell Transcription is a feature in Microsoft PowerShell language that allows you to record all the commands and their corresponding output that you execute during a PowerShell session. When transcription is enabled, PowerShell records all input and output to a specified file, capturing both the commands you run and their resulting output.
It’s worth noting that transcription captures everything that happens in the PowerShell session, including errors, so it can be a valuable tool for debugging as well. However, since it record everything, including sensitive information for example password, it’s essential to use caution when sharing or storing transcript files.
What are we going to set up?
In this blog post we will show you, How to configure PowerShell Transcription with Microsoft Intune. We will configure the following:
- Step 1: Consider where to save the transcription
- Step 2: Create configuration profile
- Step 3: Check PowerShell Transcriptions
How to configure PowerShell Transcription with Microsoft Intune
In this section we will show you the process of configure the PowerShell Transcription with Microsoft Intune. If you already know where you want to save the files you can skip step 1.
Consider where to save the transcription [Optional]
The PowerShell Transcription is going to need somewhere to save the transcript log files. In generall you have two options.
- Save the PowerShell Transcription on a fileserver.
- Save the PowerShell Transcription on the local machine.
For this blog post I will save it on the local machine. In generall you can store the Transcription everywhere you want. I highly suggest to save it somewhere the default user cannot edit the files. A very good folder would be in the C:\Windows\Logs directory. I will deploy a PowerShell script which will create a new directory in C:\Windows\Logs\PowerShellTranscription. This will make sure that the Transcriptions are saved in that directory.
- Create a new PowerShell script
- Copy the script below
- Save the PowerShell script
New-Item -Path "C:\Windows\Logs" -Name "PowerShellTranscription" -ItemType "directory"
Now you can deploy this PowerShell script to your devices. To deploy it with Microsoft Intune just follow:
- o to intune.microsoft.com
- Click on Devices
- Click on Windows
- Click on Scripts and remediations
- Click on Platform script
- Click on Add
- On the Basics tab enter a Name and Description (Optional) and click on Next.
- Click on the script location and upload the created script.
- Run this script using the logged on credentials: No
- Enforce script signature check: No
- Run script in 64 bit PowerShell Host: Yes
Create configuration profile
We now know, where we want to save the PowerShell Transcriptions. For this blog post we will store it in C:\windows\logs\PowerShellTranscription. In this step we are going to create the configuration policy in Microsoft Intune. Just follow the steps below:
- Go to intune.microsoft.com
- Click on Devices
- Click on Windows
- Click on Configuration profiles
- Click on Create
- Click on New Policy
- Platform: Windows 10 and later
- Profile type: Settings catalog
Give it a meaningful name and description. Click on Next.
On the Configuration settings tab do the following:
- Click on Add settings
- Search for PowerShell Transcription
- Choose Administrative Templates\Windows Components\Windows PowerShell
- Click on Turn on PowerShell Transcription
- On the left site Enabel Turn on PowerShell Transcription
- On the Transcription output directory enter the filestorage where you want to save the PowerShell Transcriptions. For me I will enter C:\Windows\Logs\PowerShellTranscription.
- Define your Scope if applicable and click on Next
- On the Assignments tab assign the Policy to a Group or to All Users / All Devices
- And Review + Create the Policy
Congratulations! You have successfully deployed the policy.
Check PowerShell Transcriptions
For every PowerShell session the PowerShell Transcription will create a new file in specified folder. I would suggest, just test it. Open a PowerShell session and enter some command. You can than check in the folder. A new file should have been created. You can open it and see all the commands you entered and what their output was. Just a small example of such an Transcription logging.
Conclusion
You learned How to configure PowerShell Transcription with Microsoft Intune. We created a PowerShell script which created a new folder in C:\Windows\Logs. We configured the PowerShell Transcription with the Microsoft Intune Configuration profile. Did you enjoy this article? Dont forget to follow us and share this article. You may also like the following articles.
