A linha de comando do Windows AFAIK não possui histórico de comandos persistente.
History persistence between sessions
é um dos seus futuros.
Você não especificou o Windows que está usando, mas ...
Você pode experimentar o Windows Audit Policy
:% política deAudit process tracking
:
This policy setting enables auditing of detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
Success audits generate an event when the process being tracked succeeds. Failure audits generate an event when the process fails.
If you enable Audit process tracking in Windows Vista and Windows Server 2003 with SP1, Windows will also log information about the operating mode and status of the Windows Firewall component.
When enabled, the Audit process tracking setting generates a large number of events. This policy setting is typically configured to No Auditing. However, the information that this policy setting generates can be very beneficial during an incident response because it provides a detailed log of the processes that were started and when they were started.
How to set up a file audit on Windows server?
com referências pode ser um bom ponto de partida para configurar Audit process tracking
, mas saiba que ele pode seja caro para CPU.