A. Yes, PowerShell can create a transcript of all session activity through the transcript cmdlets.
To start logging session information, execute the Start-Transcript command, run the commands you want to capture, then run the Stop-Transcript command. By default, PowerShell will store the transcripts in a Users\ Users\john> Start-Transcript The output was: Transcript started, output file is C:\Users\john\Documents\PowerShell_transcript.20080504100855.txt Then I entered: Users\john> get-process w* The output was: Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName Next I entered: Users\john> date The output was: Sunday, May 04, 2008 10:09:23 AM Then I entered: Users\john> stop-transcript The output was: Transcript stopped, output file is C:\Users\john\Documents\PowerShell_transcript.20080504100855.txt Next I entered: Users\john> type C:\Users\john\Documents\PowerShell_transcript.20080504100855.txt The output was: ********************** Users\john> get-process w* Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName Users\john> date Sunday, May 04, 2008 10:09:23 AM Users\john> stop-transcript **********************
------- ------ ----- ----- ----- ------ -- -----------
103 8 1932 5140 60 0.17 584 wininit
130 7 3092 7456 62 0.39 772 winlogon
938 47 27140 33196 168 2.65 2412 winss
136 12 5236 9020 85 0.39 4040 winssnotify
262 16 5432 9988 85 0.14 4784 WLLoginProxy
123 8 3744 7024 47 0.05 2200 WmiPrvSE
127 7 4004 8044 47 0.11 2956 WmiPrvSE
866 54 46980 69544 221 29.87 4816 wmplayer
Windows PowerShell Transcript Start
Start time: 20080504100855
Username : SAVILLTECH\john
Machine : SAVDALWKS20 (Microsoft Windows NT 6.0.6001 Service Pack 1)
**********************
Transcript started, output file is C:\Users\john\Documents\PowerShell_transcript.20080504100855.txt
------- ------ ----- ----- ----- ------ -- -----------
103 8 1932 5140 60 0.17 584 wininit
130 7 3092 7456 62 0.39 772 winlogon
938 47 27140 33196 168 2.65 2412 winss
136 12 5236 9020 85 0.39 4040 winssnotify
262 16 5432 9988 85 0.14 4784 WLLoginProxy
123 8 3744 7024 47 0.05 2200 WmiPrvSE
127 7 4004 8044 47 0.11 2956 WmiPrvSE
866 54 46980 69544 221 29.87 4816 wmplayer
Windows PowerShell Transcript End
End time: 20080504100927
**********************