Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
PowerShell

Using the PowerShell get-history Cmdlet

Sometimes it’s useful to have a record of the cmdlets that’s been run in a PowerShell session, either for your own reference or if required by a third party. In this Ask the Admin, I’ll show you how to use the PowerShell get-history cmdlet to get a quick rundown of your command history and how to record a session to a text file.

What is the Get-History PowerShell Cmdlet?

The easiest way to get a list of the commands run in a PowerShell session is to use the get-history cmdlet. Just type get-history in the PowerShell console window and press ENTER. By default, PowerShell retains the last 64 commands run in a session, but will only display the last 32 when using get-history. If you run more than 32 commands in a session, you can ask get-history to display the first block of 32 commands by specifying that it should start at command 32 and count backwards to the first command executed, using the –count parameter:

​ get-history 32 –count 32

If you’d like PowerShell to record more than 64 cmdlets in any given session, all you need to do is modify the value of the $MaximumHistoryCount variable. For example, at the command line type $MaximumHistoryCount = 500 and press ENTER to increase the count to five hundred.

The PowerShell get-history cmdlet in action

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The PowerShell get-history cmdlet in action. (Image: Russell Smith)

How to Create a PowerShell Transcript File

Although the get-history cmdlet is useful, it only displays the cmdlets run and any given parameters, but doesn’t provide any output that’s returned to the console. For more detailed information, you can configure PowerShell to record the session to a text file.

Transcripts can either be written to the computer’s local hard drive or offloaded to a file share for analysis. PowerShell logging can also be enabled, where information about each cmdlet executed is written to the system event log. For more information, see the Petri IT Knowledgebase article “How to Enable PowerShell Logging.”

Start a PowerShell Transcript

Use the following command to start a transcript of a session. Note that the folder must already exist where the transcript will be saved.

​ start-transcript -path c:transcriptstranscript1.txt

If you plan to generate multiple transcripts, then it may be useful to have PowerShell automatically create the filename using a timestamp as follows:

​ $date = get-date -format o | foreach {$_ -replace ":", "-"}
$filename = "c:transcripts" + $date + ".txt"
start-transcript -path $filename

The ‘o’ after –format represents the .NET Framework format specifier for timestamps. The foreach cmdlet filters out the semi-colons from the output of the get-date cmdlet and replaces them with filename-friendly hyphens. Then the full path is built using the result.

Other useful parameters, such as –noclobber (my favorite PowerShell parameter), and –append allow you to prevent the start-transcript cmdlet from overwriting an existing file and add to an existing file, respectively.

Stop a PowerShell Transcript

Once you’ve finished running the cmdlets you want to record, you can stop the transcript by typing stop-transcript and pressing ENTER.

Using PowerShell to Record the Output of .EXEs

One of the potential shortcomings of start-transcript is that it only records the output of true PowerShell functions and cmdlets, not other commands executed in the console window. Although this may not necessarily be a problem, you can force the output of non-PowerShell cmdlets to be recorded in the transcript, too. All you need to do is pipe the results of the .exe to the out-host cmdlet as shown below.

​ ipconfig /all | out-host

Creating a PowerShell Transcript for a Remote Session

The start-transcript cmdlet only works in interactive console sessions, so it can’t be used with invoke-command on a remote device.

​ ipconfig  | out-file $filename
get-culture  | out-file $filename -append

A workaround for this is to use the out-file cmdlet to pipe output to a file, although the actual commands executed will be missing from the resulting log.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: