deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-windowspowershell.md
Vinay Pamnani d60b9559e0 2303 CSP Updates
2023-03-23 12:13:46 -04:00

108 lines
4.8 KiB
Markdown
Raw Blame History

---
title: WindowsPowerShell Policy CSP
description: Learn more about the WindowsPowerShell Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 03/23/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
ms.topic: reference
---
<!-- Auto-Generated CSP Document -->
<!-- WindowsPowerShell-Begin -->
# Policy CSP - WindowsPowerShell
> [!TIP]
> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!-- WindowsPowerShell-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- WindowsPowerShell-Editable-End -->
<!-- TurnOnPowerShellScriptBlockLogging-Begin -->
## TurnOnPowerShellScriptBlockLogging
<!-- TurnOnPowerShellScriptBlockLogging-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
<!-- TurnOnPowerShellScriptBlockLogging-Applicability-End -->
<!-- TurnOnPowerShellScriptBlockLogging-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
```
```Device
./Device/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
```
<!-- TurnOnPowerShellScriptBlockLogging-OmaUri-End -->
<!-- TurnOnPowerShellScriptBlockLogging-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
- If you enable this policy setting,
Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
- If you disable this policy setting, logging of PowerShell script input is disabled.
If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script
starts or stops. Enabling Invocation Logging generates a high volume of event logs.
> [!NOTE]
> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
<!-- TurnOnPowerShellScriptBlockLogging-Description-End -->
<!-- TurnOnPowerShellScriptBlockLogging-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- TurnOnPowerShellScriptBlockLogging-Editable-End -->
<!-- TurnOnPowerShellScriptBlockLogging-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- TurnOnPowerShellScriptBlockLogging-DFProperties-End -->
<!-- TurnOnPowerShellScriptBlockLogging-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | EnableScriptBlockLogging |
| Friendly Name | Turn on PowerShell Script Block Logging |
| Location | Computer and User Configuration |
| Path | Windows Components > Windows PowerShell |
| Registry Key Name | Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging |
| Registry Value Name | EnableScriptBlockLogging |
| ADMX File Name | PowerShellExecutionPolicy.admx |
<!-- TurnOnPowerShellScriptBlockLogging-AdmxBacked-End -->
<!-- TurnOnPowerShellScriptBlockLogging-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- TurnOnPowerShellScriptBlockLogging-Examples-End -->
<!-- TurnOnPowerShellScriptBlockLogging-End -->
<!-- WindowsPowerShell-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- WindowsPowerShell-CspMoreInfo-End -->
<!-- WindowsPowerShell-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)
Reference in New Issue View Git Blame Copy Permalink