Reporting on JEA

In order to report on the state of your JEA configuration, you can use:

  1. Get-PSSessionConfiguration to return a list of all registered endpoints on a given machine.
  2. Get-PSSessionCapability to report on the capabilities any given user has on a specific endpoint.

Here’s an example of Get-PSSessionCapability:

Get-PSSessionCapability -ConfigurationName Maintenance -Username "CONTOSO\JohnDoe"

CommandType     Name                                               Version    Source           
-----------     ----                                               -------    ------           
Alias           clear -> Clear-Host                                                            
Alias           cls -> Clear-Host                                                              
Alias           exsn -> Exit-PSSession                                                         
Alias           gcm -> Get-Command                                                             
Alias           measure -> Measure-Object                                                      
Alias           select -> Select-Object                                                        
Function        Clear-Host                                                                     
Function        Exit-PSSession                                                                 
Function        Get-Command                                                                    
Function        Get-FormatData                                                                 
Function        Get-Help                                                                       
Function        Get-UserInfo                                                                   
Function        Measure-Object                                                                 
Function        Out-Default                                                                    
Function        Select-Object                                                                  
Cmdlet          Restart-Service                                    3.0.0.0 Microsof...

To report on the actions users took during a JEA session, you can:

  1. Enable the "over-the-shoulder" transcripts for that JEA endpoint and consult the transcript directory for a full log of each user's actions
  2. Turn on PowerShell module logging and inspect the PowerShell event logs.