how to troubleshoot powershell script not executed

PowerShell Help
1

In our Windows Service code, we execute a command line that execute a powershell script.
The powershell script is basic, it created a file, the file name is a timestamp.

My problem is that the file is not created, I dont see errors on Event Viewer (I would expect security/permission errors).
When I look in Event Viewer under “PowerShell” I can see the following rows:

Provider "Registry" is Started. 
Provider "Alias" is Started. 
Provider "Environment" is Started. 
Provider "FileSystem" is Started. 
Provider "Function" is Started. 
Provider "Variable" is Started. 
Engine state is changed from None to Available. 
Engine state is changed from Available to Stopped.

The path for the exe is valid, Is there a way to troubleshoot it?
These log lines probably means that powershell was executed successfully, so the problem maybe not be in powershell itself.

I thought about the next:

  1. run procmon and make sure powershell is started
  2. make sure all permissions are ok, user has permission to execute the file, to write to target dir etc.
  3. make a simple script, or just open powershell with sleep for 2 minutes and check the process is up.
  4. Maybe there is a security policy that is blocking ? If so, why the powershell logs are being written.
Are there additional ways to troubleshoot this issue?

This is the output of 1 sample event viewer:

Provider "Registry" is Started. 

Details: 
ProviderName=Registry
NewProviderState=Started

SequenceNumber=1

HostName=ConsoleHost
HostVersion=5.1.14393.3053
HostId=2289b4be-cd08-4b9f-a697-f600b5b08e84
HostApplication=PowerShell.exe -ExecutionPolicy Bypass D:\Scripts\Protect_Nothing.ps1 7.6
155
Test de script Powershell vide pour Windows
15/11/2019 16:16:08
15/11/2019 16:01:52
XXX.local\svc_admin
D:\Infra\_Tests Scripts \test41
D:\Infra\_Tests Scripts \test41
test41
svc_admin
XXX.local

EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
2

PowerShell Scripts by default doesn’t generate the logs in the Event Viewer unless you explicitly writing to it.

Can you please provide some details about the script which the exe is calling and what it does?

Thank you.

3

The script is not the problem its just a test script i can put in the script whatever.

The problem is how i know that powershell was executed? in event viewer under powershell, if i see these entires i mentioned, this indicates powershell was executed?

 

4

maybe add Start-Transcript -path c:\demp\dump.txt in the begining of the script to see if it launches at all. If not, then you have problem before the script.

5

Is it possible to enable something like Start-Transcript for all powershell sessions (Globally for one machine)?

I have a windows service that execute powershell script, i would like to record the sessions that are opened from that service. in event viewer i can see it executed powershell, but since the window is hidden, i cant trace the powershell output.

6

Use Transcript Logging:

https://sid-500.com/2017/11/07/powershell-enabling-transcription-logging-by-using-group-policy/