PowerShell Command History

April 5, 2018 0 By Allan Kjaer

This is a little outside what I normally is writing about, but I think this is an important message for those there are using PowerShell, this also includes VMware PowerCLI, and other PowerShell extensions.

PowerShell v5 (included in Windows 10 and Windows Server 2016) by default saves the last 4096 command used in Powershell, including any username/password, that was used in the scripts, as clear text. This is a security cencern.

The command history is saved in clear text, so it’s easy find this information, the file is default found here:

%userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

If you are using ISE the history is saved in a seperate file.

Linux/Mac users that uses the PowerShell core, this also saves the history.

If you want more information, and also how to change the default settings, see the blog: http://woshub.com/powershell-commands-history/

Please share this page if you find it usefull: