This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation. If you disable this policy setting, logging of PowerShell script input is disabled. If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting. Vulnerability: Enabling or not configuring this setting allows logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log, which may not meet the security requirements of your organization. Extensive logging consumes system resources and may be used as a Denial of Service (DoS) attack. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: PowerShell script input logging is disabled. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows PowerShellTurn on PowerShell Script Block Logging (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsPowerShellScriptBlockLogging!EnableScriptBlockLogging

[enable/disable, enable/disable]

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows PowerShell\Turn on PowerShell Script Block Logging (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging!EnableScriptBlockLogging