sync: auto-sync from HOWARD-HOME at 2026-06-29 14:23:40

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-29 14:23:40
This commit is contained in:
2026-06-29 14:24:12 -07:00
parent 602c5e5bd6
commit 00af39d369
12 changed files with 2873 additions and 3 deletions

View File

@@ -0,0 +1,744 @@
{
"host": "DESKTOP-GG4LKSL",
"collected_at_utc": "2026-06-29T21:17:50Z",
"os": {
"caption": "Microsoft Windows 11 Pro",
"version": "10.0.26200",
"build": "26200",
"install_date": "2025-06-30T15:13:20Z",
"last_boot_utc": "2026-06-29T14:27:52Z",
"architecture": "64-bit"
},
"facts": {
"builtin_admin_enabled": false,
"os_eol": {
"eol_date": "2027-10-12",
"release": "Win11 25H2"
},
"pending_updates": 4,
"pending_reboot": false,
"uptime_days": 0.3,
"acg_managed_tools": "ScreenConnect / ConnectWise Control",
"hardware": {
"model": "HP Pavilion Gaming Desktop TG01-2xxx",
"manufacturer": "HP",
"bios_date": "2023-07-11",
"cpu_logical": 16,
"bios_version": "F.21",
"cpu_cores": 8,
"ram_gb": 31.8,
"serial": "4CE136C774",
"cpu": "11th Gen Intel(R) Core(TM) i7-11700F @ 2.50GHz"
},
"third_party_av_active": false,
"os_build": "26200",
"secure_boot": false,
"backup_agents": null,
"autoruns_run_keys": [
{
"key": "HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "SecurityHealth",
"value": "C:\\WINDOWS\\system32\\SecurityHealthSystray.exe"
},
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "QuickFinder Scheduler",
"value": "\"c:\\Program Files (x86)\\Corel\\WordPerfect Office 2021\\Programs\\QFSCHD210.EXE\""
}
],
"physical_disks": [
{
"health": "Healthy",
"model": "Seagate Backup+ BK",
"media_type": "Unspecified"
},
{
"health": "Healthy",
"model": "WD Green SN350 1TB 2G0C",
"media_type": "SSD"
}
],
"local_users": [
{
"last_logon": "",
"name": "Administrator",
"password_never_expires": false,
"enabled": false
},
{
"last_logon": "",
"name": "DefaultAccount",
"password_never_expires": false,
"enabled": false
},
{
"last_logon": "2025-06-30",
"name": "Guest",
"password_never_expires": false,
"enabled": false
},
{
"last_logon": "2026-06-29",
"name": "Localadmin",
"password_never_expires": false,
"enabled": true
},
{
"last_logon": "2026-06-29",
"name": "owner",
"password_never_expires": false,
"enabled": true
},
{
"last_logon": "",
"name": "WDAGUtilityAccount",
"password_never_expires": false,
"enabled": false
}
],
"scheduled_tasks_count": 18,
"volumes": [
{
"drive": "D:",
"size_gb": 465.8,
"free_pct": 14.6,
"free_gb": 68.1
},
{
"drive": "[unlabeled]",
"size_gb": 0.7,
"free_pct": 8.3,
"free_gb": 0.1
},
{
"drive": "[unlabeled]",
"size_gb": 0.1,
"free_pct": 38.7,
"free_gb": 0
},
{
"drive": "C:",
"size_gb": 930.6,
"free_pct": 74.2,
"free_gb": 690.6
}
],
"network_adapters": [
{
"dhcp": false,
"description": "Intel(R) Wi-Fi 6 AX201 160MHz",
"gateway": [
"192.168.1.1"
],
"mac": "4C:44:5B:57:C8:D0",
"ip": [
"192.168.1.135",
"fe80::b290:dac4:8c2:f9d6"
],
"dns": [
null
]
}
],
"failed_autostart_services": [
{
"name": "GoogleUpdaterInternalService150.0.7863.0",
"display": "Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)",
"state": "Stopped"
},
{
"name": "GoogleUpdaterService150.0.7863.0",
"display": "Google Updater Service (GoogleUpdaterService150.0.7863.0)",
"state": "Stopped"
},
{
"name": "Intel(R) TPM Provisioning Service",
"display": "Intel(R) TPM Provisioning Service",
"state": "Stopped"
}
],
"stability_14d": {
"unexpected_shutdowns": 1,
"disk_errors": 0,
"bugchecks": 0
},
"exposure": {
"smb1_enabled": false,
"laps_present": true,
"rdp_enabled": false,
"uac_enabled": true,
"rdp_nla": true
},
"accounts_password_never_expires": [],
"installed_software": [
{
"publisher": "Adobe",
"name": "Adobe Acrobat (64-bit)",
"version": "26.001.21691"
},
{
"publisher": "Adobe Systems Incorporated",
"name": "Adobe Refresh Manager",
"version": "1.8.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Copilot",
"version": "149.0.4022.80"
},
{
"publisher": "Corel corporation",
"name": "Corel Update Manager",
"version": "2.14.630"
},
{
"publisher": "Google LLC",
"name": "Google Chrome",
"version": "149.0.7827.197"
},
{
"publisher": "",
"name": "HP LaserJet Professional P1100-P1560-P1600 Series",
"version": ""
},
{
"publisher": "Vantage Linguistics",
"name": "iSEEK AnswerWorks English Runtime",
"version": "010.000.0101"
},
{
"publisher": "Chaos Software Group, Inc.",
"name": "Legal Billing",
"version": ""
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft 365 Apps for business - en-us",
"version": "16.0.20026.20182"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Edge",
"version": "149.0.4022.98"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Edge WebView2 Runtime",
"version": "149.0.4022.98"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft OneDrive",
"version": "26.106.0603.0003"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Update Health Tools",
"version": "5.72.0.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual Basic for Applications 7.1 (x86)",
"version": "7.1.00.00"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual Basic for Applications 7.1 (x86) English",
"version": "7.1.0.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211",
"version": "14.44.35211.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211",
"version": "14.44.35211.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "NVIDIA Corporation",
"name": "NVIDIA Control Panel 391.35",
"version": "391.35"
},
{
"publisher": "NVIDIA Corporation",
"name": "NVIDIA Display Container",
"version": "1.2"
},
{
"publisher": "NVIDIA Corporation",
"name": "NVIDIA Display Container LS",
"version": "1.2"
},
{
"publisher": "NVIDIA Corporation",
"name": "NVIDIA Display Session Container",
"version": "1.2"
},
{
"publisher": "NVIDIA Corporation",
"name": "NVIDIA Display Watchdog Plugin",
"version": "1.2"
},
{
"publisher": "NVIDIA Corporation",
"name": "NVIDIA Install Application",
"version": "2.1002.275.2323"
},
{
"publisher": "Microsoft Corporation",
"name": "Office 16 Click-to-Run Extensibility Component",
"version": "16.0.20026.20076"
},
{
"publisher": "Intuit",
"name": "Quicken 2013",
"version": "22.1.12.7"
},
{
"publisher": "ScreenConnect Software",
"name": "ScreenConnect Client (1912bf3444b41a08)",
"version": "26.3.11.9650"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021",
"version": "21.0.0.81"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Common Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Common Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - IPM",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - IPM Content",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Lightning Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Lightning Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Presentations Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Presentations Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Quattro Pro Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Quattro Pro Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Redists",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Setup Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - WordPerfect Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - WordPerfect Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - WPD format Props x64",
"version": "21.0"
},
{
"publisher": " Corel Corporation",
"name": "WordPerfect Office 2021 - Writing Tools",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office IFilter 32-bit",
"version": "1.8"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office IFilter 64-bit",
"version": "1.8"
}
],
"tpm": {
"enabled": true,
"ready": true,
"present": true
},
"local_groups": [
"Access Control Assistance Operators",
"Administrators",
"Backup Operators",
"Cryptographic Operators",
"Device Owners",
"Distributed COM Users",
"Event Log Readers",
"Guests",
"Hyper-V Administrators",
"IIS_IUSRS",
"Network Configuration Operators",
"OpenSSH Users",
"Performance Log Users",
"Performance Monitor Users",
"Power Users",
"Remote Desktop Users",
"Remote Management Users",
"Replicator",
"System Managed Accounts Group",
"User Mode Hardware Operators",
"Users"
],
"battery": {
"present": false
},
"activation": {
"edition": "Microsoft Windows 11 Pro",
"description": "Windows(R) Operating System, OEM_DM channel",
"licensed": true,
"license_status_code": 1
},
"time_source": "time1.aliyun.com",
"chassis_types": [
3
],
"last_hotfix": {
"hotfix_id": "KB5094126",
"installed_on": "2026-06-10T07:00:00Z"
},
"scheduled_tasks": [
{
"path": "\\",
"name": "Adobe Acrobat Update Task",
"state": "Ready"
},
{
"path": "\\",
"name": "CorelUpdateHelperTask-6FE3C4EAF0EA6F48A355A006CED9B153",
"state": "Ready"
},
{
"path": "\\",
"name": "CorelUpdateHelperTaskCore",
"state": "Ready"
},
{
"path": "\\",
"name": "MicrosoftEdgeUpdateTaskMachineCore",
"state": "Ready"
},
{
"path": "\\",
"name": "MicrosoftEdgeUpdateTaskMachineUA",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Per-Machine Standalone Update Task",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Reporting Task-S-1-5-21-176541868-3255397159-941698718-1001",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Reporting Task-S-1-5-21-176541868-3255397159-941698718-1002",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Startup Task-S-1-5-21-176541868-3255397159-941698718-1001",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Startup Task-S-1-5-21-176541868-3255397159-941698718-1002",
"state": "Ready"
},
{
"path": "\\",
"name": "RtkAudUService64_BG",
"state": "Running"
},
{
"path": "\\",
"name": "ZoomUpdateTaskUser-S-1-5-21-176541868-3255397159-941698718-1002",
"state": "Ready"
},
{
"path": "\\GoogleSystem\\GoogleUpdater\\",
"name": "GoogleUpdaterTaskSystem150.0.7863.0{187F8684-438D-4B52-A213-1183A437F60E}",
"state": "Ready"
},
{
"path": "\\GoogleUserPEH\\",
"name": "RunPlatformExperienceHelperOnUnlock",
"state": "Ready"
},
{
"path": "\\GoogleUserPEH\\",
"name": "RunPlatformExperienceHelper_Daily",
"state": "Ready"
},
{
"path": "\\GoogleUserPEH\\",
"name": "RunPlatformExperienceHelper_Metrics",
"state": "Ready"
},
{
"path": "\\SoftLanding\\S-1-5-21-176541868-3255397159-941698718-1002\\",
"name": "SoftLandingCreativeManagementTask",
"state": "Ready"
},
{
"path": "\\SoftLanding\\S-1-5-21-176541868-3255397159-941698718-1002\\",
"name": "SoftLandingDeferralTask-{7f5041b8-2c64-40bd-a455-a605b3186491}",
"state": "Ready"
}
],
"antivirus_products": [
"Windows Defender"
],
"domain_joined": false,
"defender": {
"antispyware_signature_age": 0,
"tamper_protected": true,
"real_time_protection": true,
"nis_enabled": true,
"available": true,
"antivirus_enabled": true,
"am_service_enabled": true
},
"bitlocker": {
"os_volume": "C:",
"key_protectors": [],
"recovery_key_present": false,
"available": true,
"encryption_percent": 0,
"protection_status": "Off"
},
"is_laptop": false,
"installed_software_count": 50,
"local_administrators": [
"DESKTOP-GG4LKSL\\Administrator",
"DESKTOP-GG4LKSL\\Localadmin",
"DESKTOP-GG4LKSL\\owner"
],
"firewall_profiles": {
"Private": true,
"Domain": true,
"Public": true
},
"domain": "WORKGROUP",
"foreign_agents": null
},
"findings": [
{
"id": "sec.defender.ok",
"category": "security",
"severity": "info",
"title": "Defender active and current",
"detail": "Real-time protection on, service running, signatures current.",
"evidence": "RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=0 days; IsTamperProtected=True"
},
{
"id": "sec.av_products.defender_only",
"category": "security",
"severity": "info",
"title": "Defender is the only registered AV",
"detail": "Only Microsoft/Windows Defender is registered in Security Center.",
"evidence": "Windows Defender"
},
{
"id": "sec.foreign_agents.none",
"category": "security",
"severity": "info",
"title": "No competitor/leftover management agents detected",
"detail": "No known competitor RMM or unmanaged remote-access agents found in installed programs or services.",
"evidence": "Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service"
},
{
"id": "sec.foreign_agents.acg.screenconnect_connectwise_control",
"category": "security",
"severity": "info",
"title": "Expected ACG management tooling present: ScreenConnect / ConnectWise Control",
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
"evidence": "program: ScreenConnect Client (1912bf3444b41a08) 26.3.11.9650\nservice: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running"
},
{
"id": "sec.firewall.ok",
"category": "security",
"severity": "info",
"title": "All firewall profiles enabled",
"detail": "Domain, Private, and Public firewall profiles are all enabled.",
"evidence": "Private=True; Domain=True; Public=True"
},
{
"id": "sec.bitlocker.unencrypted",
"category": "security",
"severity": "warning",
"title": "OS volume is NOT encrypted with BitLocker",
"detail": "The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. Enable BitLocker and escrow the recovery key.",
"evidence": "Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors="
},
{
"id": "sec.local_admins.list",
"category": "security",
"severity": "info",
"title": "Local administrators (3)",
"detail": "Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).",
"evidence": "DESKTOP-GG4LKSL\\Administrator\nDESKTOP-GG4LKSL\\Localadmin\nDESKTOP-GG4LKSL\\owner"
},
{
"id": "sec.patch.os_supported",
"category": "security",
"severity": "info",
"title": "OS build supported: Win11 25H2",
"detail": "Build 26200 (Win11 25H2) is in support until 2027-10-12.",
"evidence": "Microsoft Windows 11 Pro build 26200"
},
{
"id": "sec.patch.pending",
"category": "security",
"severity": "warning",
"title": "4 pending Windows updates",
"detail": "Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.",
"evidence": "Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 4"
},
{
"id": "sec.patch.last_hotfix",
"category": "security",
"severity": "info",
"title": "Last hotfix: KB5094126",
"detail": "Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).",
"evidence": "KB5094126 installed 2026-06-10T07:00:00Z"
},
{
"id": "sec.exposure.smb1_off",
"category": "security",
"severity": "info",
"title": "SMBv1 disabled",
"detail": "SMBv1 server protocol is disabled.",
"evidence": "EnableSMB1Protocol=False"
},
{
"id": "sec.exposure.laps_present",
"category": "security",
"severity": "info",
"title": "LAPS detected",
"detail": "A LAPS mechanism is present.",
"evidence": "Windows LAPS reg key"
},
{
"id": "health.disk_space.D",
"category": "health",
"severity": "warning",
"title": "Disk low: D: at 14.6% free",
"detail": "Less than 15 percent free. Plan cleanup or expansion.",
"evidence": "D: free 68.1 GB of 465.8 GB (14.6%)"
},
{
"id": "health.stability.some",
"category": "health",
"severity": "warning",
"title": "Stability events present in the last 14 days",
"detail": "One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.",
"evidence": "Unexpected shutdowns (id 41)=1; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0"
},
{
"id": "health.failed_services.stopped",
"category": "health",
"severity": "warning",
"title": "3 auto-start service(s) not running",
"detail": "These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.",
"evidence": "GoogleUpdaterInternalService150.0.7863.0 (Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)) = Stopped\nGoogleUpdaterService150.0.7863.0 (Google Updater Service (GoogleUpdaterService150.0.7863.0)) = Stopped\nIntel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped"
},
{
"id": "health.domain.workgroup",
"category": "health",
"severity": "info",
"title": "Not domain-joined (workgroup)",
"detail": "This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.",
"evidence": "PartOfDomain=False; Domain=WORKGROUP"
},
{
"id": "health.time.source",
"category": "health",
"severity": "info",
"title": "Time service source",
"detail": "Current Windows Time service source.",
"evidence": "Source=time1.aliyun.com"
},
{
"id": "health.backup.none",
"category": "health",
"severity": "info",
"title": "No backup agent detected",
"detail": "No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.",
"evidence": "No matching backup service in Win32_Service"
}
]
}

View File

@@ -0,0 +1,226 @@
# Onboarding Diagnostic Baseline - DESKTOP-GG4LKSL
- **Grade:** AMBER
- **Host:** DESKTOP-GG4LKSL
- **Client:** Michael Johnson (`michaeljohnson`)
- **Collected (UTC):** 2026-06-29T21:17:50Z
- **Agent ID:** 09c08484-2b51-404b-a294-6e39f498867c
- **Command ID:** 67f70181-51cd-470e-a9e2-edd2d53df135
- **Findings:** 0 critical / 5 warning / 13 info / 0 unknown
- **OS:** Microsoft Windows 11 Pro (build 26200)
---
## WARNING (5)
### OS volume is NOT encrypted with BitLocker
- **Category:** security
- **ID:** `sec.bitlocker.unencrypted`
- The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. Enable BitLocker and escrow the recovery key.
```
Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors=
```
### 4 pending Windows updates
- **Category:** security
- **ID:** `sec.patch.pending`
- Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.
```
Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 4
```
### Disk low: D: at 14.6% free
- **Category:** health
- **ID:** `health.disk_space.D`
- Less than 15 percent free. Plan cleanup or expansion.
```
D: free 68.1 GB of 465.8 GB (14.6%)
```
### Stability events present in the last 14 days
- **Category:** health
- **ID:** `health.stability.some`
- One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.
```
Unexpected shutdowns (id 41)=1; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0
```
### 3 auto-start service(s) not running
- **Category:** health
- **ID:** `health.failed_services.stopped`
- These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
```
GoogleUpdaterInternalService150.0.7863.0 (Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)) = Stopped
GoogleUpdaterService150.0.7863.0 (Google Updater Service (GoogleUpdaterService150.0.7863.0)) = Stopped
Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped
```
## INFO (13)
### Defender active and current
- **Category:** security
- **ID:** `sec.defender.ok`
- Real-time protection on, service running, signatures current.
```
RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=0 days; IsTamperProtected=True
```
### Defender is the only registered AV
- **Category:** security
- **ID:** `sec.av_products.defender_only`
- Only Microsoft/Windows Defender is registered in Security Center.
```
Windows Defender
```
### No competitor/leftover management agents detected
- **Category:** security
- **ID:** `sec.foreign_agents.none`
- No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
```
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service
```
### Expected ACG management tooling present: ScreenConnect / ConnectWise Control
- **Category:** security
- **ID:** `sec.foreign_agents.acg.screenconnect_connectwise_control`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: ScreenConnect Client (1912bf3444b41a08) 26.3.11.9650
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running
```
### All firewall profiles enabled
- **Category:** security
- **ID:** `sec.firewall.ok`
- Domain, Private, and Public firewall profiles are all enabled.
```
Private=True; Domain=True; Public=True
```
### Local administrators (3)
- **Category:** security
- **ID:** `sec.local_admins.list`
- Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
```
DESKTOP-GG4LKSL\Administrator
DESKTOP-GG4LKSL\Localadmin
DESKTOP-GG4LKSL\owner
```
### OS build supported: Win11 25H2
- **Category:** security
- **ID:** `sec.patch.os_supported`
- Build 26200 (Win11 25H2) is in support until 2027-10-12.
```
Microsoft Windows 11 Pro build 26200
```
### Last hotfix: KB5094126
- **Category:** security
- **ID:** `sec.patch.last_hotfix`
- Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
```
KB5094126 installed 2026-06-10T07:00:00Z
```
### SMBv1 disabled
- **Category:** security
- **ID:** `sec.exposure.smb1_off`
- SMBv1 server protocol is disabled.
```
EnableSMB1Protocol=False
```
### LAPS detected
- **Category:** security
- **ID:** `sec.exposure.laps_present`
- A LAPS mechanism is present.
```
Windows LAPS reg key
```
### Not domain-joined (workgroup)
- **Category:** health
- **ID:** `health.domain.workgroup`
- This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.
```
PartOfDomain=False; Domain=WORKGROUP
```
### Time service source
- **Category:** health
- **ID:** `health.time.source`
- Current Windows Time service source.
```
Source=time1.aliyun.com
```
### No backup agent detected
- **Category:** health
- **ID:** `health.backup.none`
- No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
```
No matching backup service in Win32_Service
```
---
## Inventory Baseline Summary
- **Manufacturer / Model:** HP / HP Pavilion Gaming Desktop TG01-2xxx
- **Serial:** 4CE136C774
- **CPU:** 11th Gen Intel(R) Core(TM) i7-11700F @ 2.50GHz (8 cores / 16 logical)
- **RAM (GB):** 31.8
- **BIOS:** F.21 (2023-07-11)
- **Chassis is laptop:** false
- **TPM present / Secure Boot:** true / ?
- **Domain joined:** false (WORKGROUP)
- **OS activation licensed:** true
- **Uptime (days):** 0.3
- **Pending reboot:** false
- **Installed software count:** 50
- **Scheduled tasks (non-MS, enabled):** 18
- **Local administrators:** DESKTOP-GG4LKSL\Administrator, DESKTOP-GG4LKSL\Localadmin, DESKTOP-GG4LKSL\owner
### Fixed volumes
- D: - 68.1 GB free of 465.8 GB (14.6%)
- [unlabeled] - 0.1 GB free of 0.7 GB (8.3%)
- [unlabeled] - 0 GB free of 0.1 GB (38.7%)
- C: - 690.6 GB free of 930.6 GB (74.2%)
### Network adapters
- Intel(R) Wi-Fi 6 AX201 160MHz - IP: 192.168.1.135, fe80::b290:dac4:8c2:f9d6 - DNS: - DHCP: false
---
## Diff vs Prior Baseline
- No prior baseline found for this host. This is the first baseline.
---
_Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: `DESKTOP-GG4LKSL-20260629T211835.json` (immutable)._

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,254 @@
# Onboarding Diagnostic Baseline - MJ-PARALEGAL
- **Grade:** RED
- **Host:** MJ-PARALEGAL
- **Client:** Michael Johnson (`michaeljohnson`)
- **Collected (UTC):** 2026-06-29T21:17:55Z
- **Agent ID:** 4537ac34-e548-484c-b4e9-fd91e7f97a23
- **Command ID:** a3095ece-7fd3-4751-acc6-867a1b41507b
- **Findings:** 2 critical / 4 warning / 14 info / 0 unknown
- **OS:** Microsoft Windows 11 Pro (build 26200)
---
## CRITICAL (2)
### Firewall disabled on profile(s): Private, Public
- **Category:** security
- **ID:** `sec.firewall.disabled`
- One or more firewall profiles are OFF. The endpoint is exposed to lateral movement and inbound attacks on those networks. Re-enable all profiles.
```
Profile states: Private=False; Domain=True; Public=False
```
### Disk critically low: E: at 0% free
- **Category:** health
- **ID:** `health.disk_space.E`
- Less than 8 percent free. Risk of failed updates, crashes, and corruption. Free space or expand the volume urgently.
```
E: free 0 GB of 255.6 GB (0%)
```
## WARNING (4)
### OS volume is NOT encrypted with BitLocker
- **Category:** security
- **ID:** `sec.bitlocker.unencrypted`
- The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. Enable BitLocker and escrow the recovery key.
```
Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors=
```
### 2 pending Windows updates
- **Category:** security
- **ID:** `sec.patch.pending`
- Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.
```
Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 2
```
### Stability events present in the last 14 days
- **Category:** health
- **ID:** `health.stability.some`
- One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.
```
Unexpected shutdowns (id 41)=1; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0
```
### 6 auto-start service(s) not running
- **Category:** health
- **ID:** `health.failed_services.stopped`
- These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
```
AsusUpdateCheck (AsusUpdateCheck) = Stopped
GoogleUpdaterInternalService150.0.7863.0 (Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)) = Stopped
GoogleUpdaterService150.0.7863.0 (Google Updater Service (GoogleUpdaterService150.0.7863.0)) = Stopped
IBMPMSVC (Lenovo PM Service) = Stopped
Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped
LPlatSvc (Lenovo Platform Service) = Stopped
```
## INFO (14)
### Defender active and current
- **Category:** security
- **ID:** `sec.defender.ok`
- Real-time protection on, service running, signatures current.
```
RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=1 days; IsTamperProtected=True
```
### Defender is the only registered AV
- **Category:** security
- **ID:** `sec.av_products.defender_only`
- Only Microsoft/Windows Defender is registered in Security Center.
```
Windows Defender
```
### No competitor/leftover management agents detected
- **Category:** security
- **ID:** `sec.foreign_agents.none`
- No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
```
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service
```
### Expected ACG management tooling present: ScreenConnect / ConnectWise Control
- **Category:** security
- **ID:** `sec.foreign_agents.acg.screenconnect_connectwise_control`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: ScreenConnect Client (1912bf3444b41a08) 26.3.11.9650
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running
```
### Expected ACG management tooling present: Splashtop (SOS/Streamer)
- **Category:** security
- **ID:** `sec.foreign_agents.acg.splashtop_sos_streamer_`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: Splashtop Streamer 3.8.4.0
service: SplashtopRemoteService (Splashtop? Remote Service) Running
```
### Expected ACG management tooling present: Syncro / Kabuto
- **Category:** security
- **ID:** `sec.foreign_agents.acg.syncro_kabuto`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: Syncro 1.0.201.18410
service: Syncro (Syncro) Running
```
### Local administrators (3)
- **Category:** security
- **ID:** `sec.local_admins.list`
- Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
```
MJ-PARALEGAL\Administrator
MJ-PARALEGAL\localadmin
MJ-PARALEGAL\Paralegal
```
### OS build supported: Win11 25H2
- **Category:** security
- **ID:** `sec.patch.os_supported`
- Build 26200 (Win11 25H2) is in support until 2027-10-12.
```
Microsoft Windows 11 Pro build 26200
```
### Last hotfix: KB5094126
- **Category:** security
- **ID:** `sec.patch.last_hotfix`
- Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
```
KB5094126 installed 2026-06-10T07:00:00Z
```
### SMBv1 disabled
- **Category:** security
- **ID:** `sec.exposure.smb1_off`
- SMBv1 server protocol is disabled.
```
EnableSMB1Protocol=False
```
### LAPS detected
- **Category:** security
- **ID:** `sec.exposure.laps_present`
- A LAPS mechanism is present.
```
Windows LAPS reg key
```
### Not domain-joined (workgroup)
- **Category:** health
- **ID:** `health.domain.workgroup`
- This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.
```
PartOfDomain=False; Domain=WORKGROUP
```
### Time service source
- **Category:** health
- **ID:** `health.time.source`
- Current Windows Time service source.
```
Source=time.windows.com,0x9
```
### No backup agent detected
- **Category:** health
- **ID:** `health.backup.none`
- No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
```
No matching backup service in Win32_Service
```
---
## Inventory Baseline Summary
- **Manufacturer / Model:** ASUS / System Product Name
- **Serial:** System Serial Number
- **CPU:** Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz (6 cores / 12 logical)
- **RAM (GB):** 15.8
- **BIOS:** 1620 (2021-07-09)
- **Chassis is laptop:** false
- **TPM present / Secure Boot:** true / true
- **Domain joined:** false (WORKGROUP)
- **OS activation licensed:** true
- **Uptime (days):** 0.3
- **Pending reboot:** false
- **Installed software count:** 98
- **Scheduled tasks (non-MS, enabled):** 24
- **Local administrators:** MJ-PARALEGAL\Administrator, MJ-PARALEGAL\localadmin, MJ-PARALEGAL\Paralegal
### Fixed volumes
- E: - 0 GB free of 255.6 GB (0%)
- [unlabeled] - 0.2 GB free of 1 GB (18.7%)
- D: - 0 GB free of 0 GB (75.5%)
- C: - 70 GB free of 464.2 GB (15.1%)
- [unlabeled] - 0.1 GB free of 0.1 GB (64%)
- [unlabeled] - 0.1 GB free of 0.5 GB (16.6%)
### Network adapters
- Realtek PCIe GBE Family Controller - IP: 192.168.1.136, fe80::b20c:8d0b:48bf:1aea - DNS: 172.16.132.1 - DHCP: true
---
## Diff vs Prior Baseline
- No prior baseline found for this host. This is the first baseline.
---
_Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: `MJ-PARALEGAL-20260629T211845.json` (immutable)._