Windows 10, how can I find out what ran a powershell script at a certain time

windows-10 windows logging powershell event-log

Solution 1:

Users write to logs not an executable.

If you want to track PowerShell code (command/script) actions, you need to enable full Powershell Logging/Auditing via GPO/LPO as well as transcript logging and then as noted, dig at event logs or set alerts to notify you.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_eventlogs?view=powershell-5.1

https://adamtheautomator.com/powershell-logging-2 enter image description here

Lastly, powershell.exe is not Powershell. powershell.exe is just a host to run PowerShell code/commands.

https://www.youtube.com/watch?v=54xwcNMb1wo https://leanpub.com/thebigbookofpowershellgotchas

One can write my own PowerShell host and run any PowerShell command/script(s) one chooses.

Heck, one could just rename powershell.exe to something else to run it.

Related

Extract string after a delimiter like "/ " OpenOffice Calc
Where is the data used in secure boot process stored?
How to print PDF to postscript in OSX?
Git Install only command line tools
What does laptop HDD "Specification supported SPC-4" means?
Prevent chainloading by grub after rEFind
Why is my backup file larger than the capacity of all backed up hard drives?
Excel 2013 slow when Cell Editing
(how to) Change back to Win + N shortcut in OneNote 2013 to create new Quick Note?
How to make it to where players can place a lever on a certain block? Adventure Mode [duplicate]
How to change the message "*!* whispers to you"?
How do I get a map with specific X and Z centers in the Bedrock Engine? [duplicate]