We recommend setting the maximum log size of PowerShell logs to 150MB. To do this, follow the steps outlined below.
- Log in to any computer that has the GPMC with domain admin credentials.
- Open the GPMC and, based on your setup, edit the:
- Default Domain Controllers Policy to enable module logging on a DC.
- ADAuditPlusMSPolicy to enable module logging on a Windows server.
- In the Group Policy Management Editor, go to Computer Configuration > Preferences > Windows Settings, and right-click Registry > New > Registry Item.
- In Action field of the New Registry Properties wizard, select Update from the drop-down. In the Hive field, select HKEY_LOCAL_MACHINE from the drop-down. In the Key Path field,
enter:SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PowerShell\Operational. In the Value name field, uncheck the box beside Default, and type in MaxSize. In the Value type field, select REG_DWORD from the drop-down. In the Value data field, type in 153616384. In the Base field, select Decimal, and then click Apply.
