From f56b7da0e9d21703fe185ba8bb5985e5cfc81aca Mon Sep 17 00:00:00 2001
From: Jimmy Fitzsimmons <44599392+jimmyfit@users.noreply.github.com>
Date: Mon, 23 Aug 2021 21:47:41 +1000
Subject: [PATCH] Add PowerShell logging registry keys

---
 arm-cloudsoe-image.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arm-cloudsoe-image.json b/arm-cloudsoe-image.json
index ad5fb56..08d851c 100644
--- a/arm-cloudsoe-image.json
+++ b/arm-cloudsoe-image.json
@@ -131,12 +131,16 @@
                         ]
                     },
                     {
-
                         //Enble PowerShell logging
                         "type": "PowerShell",
                         "name": "PowerShellLogging",
                         "runElevated": true,
                         "inline": [
+                            "New-Item -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows' -Name PowerShell",
+                            "New-Item -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows\\PowerShell' -Name ScriptBlockLogging",
+                            "New-Item -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows\\PowerShell' -Name ModuleLogging",
+                            "New-Item -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging' -Name ModuleNames",
+                            "New-Item -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows\\PowerShell' -Name Transcription",
                             "Set-ItemProperty -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging' -Name EnableScriptBlockLogging -Value 1 -Type 'DWord'",
                             "Set-ItemProperty -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging' -Name EnableModuleLogging -Value 1 -Type 'DWord'",
                             "Set-ItemProperty -Path 'HKLM:\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging\\ModuleNames' -Name '*' -Value '*' -Type 'String'",