How are people parsing the powershell transcriptions files which have a large amount of command executions within the file?
For those not familiar, Powershell Transcription will create a log file once a user starts their powershell transaction.
It will log the users name at the top of the file and will not close the file until the command is closed.
In some cases we have a MMC running open all week and this can produce 100's of commands within the powershell transaction file.
Unfortunately, it only logs the user name who initially executed the command at the start at the launch of the process. The subsequent entries just show the command and output.
How do you associate the users name with each of these commands if you want to keep them as separate events?
Or are you just bundling all of those commands into one event?
Or has someone found a way to associate the username to each command?