TL;DR - is there a way to pull the definition for the script or script block that Invoke-Command runs, in the context of the remote session?
I’m working on building a framework for delegated, constrained endpoints in our organization. Â The basic idea would be to provide granular access to end users who cannot be provided this access through the system itself.
I would like to head off any requests to log this activity. Â Presumably management will want to know who initiates commands if the commands run with a service account.
It seems like interactive sessions are easy enough to handle by adding logging functions to the end block of out-default (or all the commands necessary for interactive sessions), assuming I don’t whitelist anything that precludes the use of this.
I’m having trouble logging everything that takes place from Invoke-Command. Â Ideally, I could call some variable that stores the definition of the scriptblock or script being run in the session. Â Another option would be to add a logging function to the functions I define. Â This is a bit of a pain as $myinvocation.line does not appear to be populated in remote sessions.
Any suggestions? Â Has anyone else set up a logging system for delegated sessions? Â Your insight would be greatly appreciated!