PowerShellscripting~15 mins

Script block logging in PowerShell - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Script Block Logging Setup in PowerShell

📖 Scenario: You are a system administrator who wants to enable script block logging on a Windows machine to monitor PowerShell script execution for security auditing.

🎯 Goal: Enable script block logging via PowerShell commands and verify that the logging is active by checking the registry setting.

📋 What You'll Learn

Create a registry path variable for script block logging

Create a configuration variable to enable logging

Set the registry key to enable script block logging

Verify and output the registry value to confirm logging is enabled

💡 Why This Matters

🌍 Real World

Script block logging helps security teams monitor and audit PowerShell script execution to detect suspicious activity.

💼 Career

System administrators and security engineers use script block logging to enhance security monitoring and compliance on Windows systems.

Progress0 / 4 steps

Create the registry path variable

Create a variable called $regPath and set it to the string 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'.

PowerShell

# Create a variable called $regPath with the registry path string
# Your code here

Need a hint?

Use single quotes around the registry path string and assign it to $regPath.

Create the configuration variable to enable logging

Create a variable called $enableLogging and set it to the integer 1 to enable script block logging.

PowerShell

$regPath = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
# Create a variable called $enableLogging and set it to 1
# Your code here

Need a hint?

Set $enableLogging to 1 to turn on logging.

Set the registry key to enable script block logging

Use the New-Item cmdlet with -Path $regPath and -Force to create the registry key if it does not exist. Then use New-ItemProperty with -Path $regPath, -Name 'EnableScriptBlockLogging', -Value $enableLogging, -PropertyType DWord, and -Force to set the registry value.

PowerShell

$regPath = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
$enableLogging = 1
# Create the registry key and set EnableScriptBlockLogging to $enableLogging
# Your code here

Need a hint?

Use New-Item to create the key and New-ItemProperty to set the DWORD value.

Verify and output the registry value

Use Get-ItemProperty with -Path $regPath and store the result in $result. Then print the value of $result.EnableScriptBlockLogging using Write-Output.

PowerShell

$regPath = 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging'
$enableLogging = 1
New-Item -Path $regPath -Force | Out-Null
New-ItemProperty -Path $regPath -Name 'EnableScriptBlockLogging' -Value $enableLogging -PropertyType DWord -Force | Out-Null
# Get the registry property and output the EnableScriptBlockLogging value
# Your code here

Need a hint?

Use Get-ItemProperty to read the registry and Write-Output to print the value.