Is it possible to log all powershell commands run on a machine? - powershell

We have some .net applications running on a server that run powershell scripts. Is there a setting where we can log every single powershell command run on that machine, without modifying our existing applications? I already tried start-transcript . That command only captures the commands run in the current session.

I believe Microsoft calls what you're after "Over the Shoulder Transcription". It's described here, and will be available in WMF5.

Related

How to install programs as admin in Powershell

I started to write a powershell script to automate the deployment of new Windows 10 PCs.
I've done a script to install the corporate apps and mapping the network folders and printers.
But I have a problem that I must input the admin password for each program I wish to install.
I've searched the internet and all I found was the runas command, I see that is similar to the su of Linux but I can't push the password.
This is how I made the install of all applications:
Set-Content "$DESTINO\program.bat" -value 'msiexec -i C:\progtemp\program.msi /quiet'
Start-Process $DESTINO\program.bat -Wait
Do you know a better method?
The two main ways to run something as an admin automated are as follows:
Create a Scheduled task to run a script, you can choose to run this escalated and store the credentials as required
Create a startup script using powershell (or batch file if you must!)
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789190(v=ws.11)
Startup scripts run as the user system which is the highest privilege possible. Be aware that network access may not be available at startup and some things may not be accessible to system on your local network etc.
Highly recommend looking at Chocolatey https://www.chocolatey.org and possibly boxstarter: https://boxstarter.org/
to get you started with some automation and package management.
Microsoft also have a similar technology in early stages:
https://learn.microsoft.com/en-us/windows/package-manager/
But frankly Chocolatey is an open framework and its well established and mature at this stage.

Silent bat file execute powershell command

We have an application server running as a service, when some configuration is loaded it starts a bat script which has to run the powershell command Stop-ClusterGroup DRMSERVICES and then start it again.
The bat file works flawless when I manually execute it by dobbelt clicking. But when the service is running the bat, it does not finish, or execute the powershell command.
Bat file looks as follows
#echo off
powershell -command Stop-ClusterGroup DRMSERVICES
powershell -command Start-ClusterGroup DRMSERVICES
The service runs the bat file in silent mode, as a main difference.
I have tried with various switches including the -ExecutionPolicy Unrestricted and START /wait etc
Creating a seperate ps1 file and have the bat execute this instead.
All with the same output:
Manually executing the bat works
When the service executes the bat, it does not work.
I know the bat file is executed by the service, as inserting NET STOP servicename is working correct.
In the powershell event viewer I can also see event of the powershell commands take place.
The difference between manually executing and have the service execute the command in the event viewer, is event id 800 which states info about 'execution pipe' this is not present when the service is executing the bat.
The service does not wait for the powershell, and thus it does not have time to stop the cluster before exiting.
I'm lost whether this is a permission issue, syntax error or whatever.
Hopefully somebody can help
UPDATE:
I have tried with all proposed solutions, all with same result, the bat file works when double clicked, but the service does not execute the powershell command. Pure cmd is executed, as I can pipe to a txt file. I even got to a point when trying runas that the output log text wrote "insert administrator password"
I even managed to have our software guy change our software to call a powershell directly instead of a bat, same result. Powershell won't execute the command, this tells me it probably is permission, but everything have been set to log in as admin and run as admin for the sake of success, but still nothing.
I solved the problem.
Because the service is a 32bit process, it will execute a 32bit powershell.
FailoverClusters module only exists as a 64bit module.
By using %SystemRoot%\sysnative\WindowsPowershell\v1.0\powershell.exe
The service is able to open a 64bit session, and thus use the failover cluster module.
As a side note, the sysnative folder is only visible from a 32bit session, therefore it cannot be found via browsing in a 64bit os.
I think i have dealt with this kind of issue before, after the,
powershell -command Stop-ClusterGroup DRMSERVICES
you need to have cmd wait for a certain number of seconds, and then test if the DRMSERVICES is now stopped, if it is stopped then to start the DRMSERVICES again. This way cmd will keep waiting, and then check if the service has stopped.
After a certain number of tries, maybe have a way to stop checking and exit the script, for example it is trying to stop the service, and has run into a problem.
There is a timeout command in cmd

What is the App-V 5.0 alternative to sfttray \launch without the \exe parameter in PowerShell?

I'm trying to transition a set of Powershell scripts that launches App-V applications, after upgrading the App-V server from version 4.x to 5.x. Previously, I used the following command to do so:
sfttray.exe /launch $appName
The sfttray command introduced an optional /exe switch when running the /launch command:
Used with /LAUNCH to specify that an executable program is to be started in
the virtual environment when a virtual application is started in place of
the target file specified in the OSD.
I've read that App-V 5.x has done away with the sfttray.exe, and my alternative is to use the Start-AppvVirtualProcess cmdlet. It seems that Start-AppvVirtualProcess requires two parameters: AppvClientObject and FilePath. Every example I've seen so far has been of the following format:
Start-AppvVirtualProcess -FilePath "C:\Calc.exe" -AppvClientObject $appVObj
This launches Calc.exe within the passed in App-V Object, and seems to be the App-V 5.x equivalent of:
sfttray.exe /launch $appVObj.Name /exe Calc.exe
But what if I don't want to launch an alternate program? How do I get the file path to the target application in the .appv package?
There are three ways of launching a local system process inside of an App-V package. Thes first is the one you described, but you can also launch any process with /appvve: command switch, and windows will open it in the specified application package or connection group.
cmd.exe /appvve:<PACKAGEGUID_VERSIONGUID>
cmd.exe /appvve:aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-55555555
For more information see this Microsoft Support Article.

Run a script to load commands into my main script

I have a powershell file that I have downloaded from ScriptCenter that allows me to control and query virtual desktops on my machine (https://gallery.technet.microsoft.com/scriptcenter/Powershell-commands-to-d0e79cc5).
Using their example, I can run that ps1 file at the start of my script to use those commands that the script creates. All fine here.
The only issue with this is that when I run my script, it asks to confirm to run it. This is something I don't want my script to do.
To work around this, I tried using the "PowerShell" command with "-ExecutionPolicy Bypass" set. This removes the prompt to approve the script, however it stops the script from being loaded into my scripts session as I can't use any of the commands it make available by running it.
How do I either run the script first, without it prompting, or execute the powershell command so that it is run in the session space of my script so that its commands are available?
Thanks

Need to run sikuli script on remote PC using PsExec

I have maintained a sikuli script which runs good for a GUI application on my PC, say PC-A. Also I have PsExec installed on it. My GUI application is installed on PC-B.
What I need to do is, run the sikuli script (on PC-A) to execute for GUI app on (PC-B) using PsExec as mediator, which should pass on my commands at every single line and return the results back to PC-A from GUI application.
SikuliX Script(PC-A) ====== PsExec.exe(PC-A) ======= GUI App(PC-B)
Regards,
Bharath
To run interactively in a specific session of a remote PC you'll need to know the session id on the remote system.
You can then use psexec's -i option to run in that session. From psexec -?
-i Run the program so that it interacts with the desktop of the
specified session on the remote system. If no session is
specified the process runs in the console session.