azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/ucryo/onboarding-baselines/HOBBES-20260603T004835.md
Mike Swanson 0413df8459 sync: auto-sync from GURU-5070 at 2026-06-02 18:44:13 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 18:44:13
2026-06-02 18:44:21 -07:00

8.0 KiB
Raw Blame History

Onboarding Diagnostic Baseline - HOBBES

  • Grade: RED

  • Host: HOBBES

  • Client: Universal Cryogenics (ucryo)

  • Collected (UTC): 2026-06-03T00:47:28Z

  • Agent ID: a336deb1-6d09-4ade-b2c3-0b258664f4bd

  • Command ID: c9af21ee-ad06-4e61-bdff-36bd7146de27

  • Findings: 2 critical / 5 warning / 15 info / 0 unknown

  • OS: Microsoft Windows 10 Pro (build 19045)

CRITICAL (2)

OS volume is NOT encrypted with BitLocker

  • Category: security
  • ID: sec.bitlocker.unencrypted
  • The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. This is a laptop (portable chassis), so the data-at-rest risk if lost or stolen is high. Enable BitLocker and escrow the recovery key.
Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors=

OS build is end-of-life: Win10 22H2

  • Category: security
  • ID: sec.patch.os_eol
  • This OS build (19045, Win10 22H2) passed end-of-servicing on 2025-10-14. It no longer receives security updates. Plan a feature update or OS upgrade.
Microsoft Windows 10 Pro build 19045; EOL 2025-10-14

WARNING (5)

1 pending Windows updates

  • Category: security
  • ID: sec.patch.pending
  • Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.
Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 1

RDP is enabled

  • Category: security
  • ID: sec.exposure.rdp_on
  • Remote Desktop is enabled (NLA required). Confirm it is restricted to VPN or specific source IPs and not exposed to the internet.
fDenyTSConnections=0; UserAuthentication=1

Stability events present in the last 14 days

  • Category: health
  • ID: health.stability.some
  • One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.
Unexpected shutdowns (id 41)=1; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=1

Reboot pending

  • Category: health
  • ID: health.reboot_uptime.pending
  • A reboot is pending. Pending reboots can block patches and leave the system in a half-updated state. Schedule a restart.
PendingFileRenameOperations

1 auto-start service(s) not running

  • Category: health
  • ID: health.failed_services.stopped
  • These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
gpsvc (Group Policy Client) = Stopped

INFO (15)

Defender active and current

  • Category: security
  • ID: sec.defender.ok
  • Real-time protection on, service running, signatures current.
RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=0 days; IsTamperProtected=True

Defender is the only registered AV

  • Category: security
  • ID: sec.av_products.defender_only
  • Only Microsoft/Windows Defender is registered in Security Center.
Windows Defender

No competitor/leftover management agents detected

  • Category: security
  • ID: sec.foreign_agents.none
  • No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service

Expected ACG management tooling present: ScreenConnect / ConnectWise Control

  • Category: security
  • ID: sec.foreign_agents.acg.screenconnect_connectwise_control
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running

Expected ACG management tooling present: Splashtop (SOS/Streamer)

  • Category: security
  • ID: sec.foreign_agents.acg.splashtop_sos_streamer_
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: Splashtop Software Updater 1.5.6.23
program: Splashtop Streamer 3.8.2.0
service: SplashtopRemoteService (Splashtop? Remote Service) Running
service: SSUService (Splashtop Software Updater Service) Running

Expected ACG management tooling present: Syncro / Kabuto

  • Category: security
  • ID: sec.foreign_agents.acg.syncro_kabuto
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: Syncro 1.0.201.18410
service: Syncro (Syncro) Running

All firewall profiles enabled

  • Category: security
  • ID: sec.firewall.ok
  • Domain, Private, and Public firewall profiles are all enabled.
Private=True; Domain=True; Public=True

Local administrators (4)

  • Category: security
  • ID: sec.local_admins.list
  • Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
HOBBES\Administrator
HOBBES\localadmin
HOBBES\paul
UCRYO\Domain Admins

Last hotfix: KB5072653

  • Category: security
  • ID: sec.patch.last_hotfix
  • Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
KB5072653 installed 2025-11-18T07:00:00Z

SMBv1 disabled

  • Category: security
  • ID: sec.exposure.smb1_off
  • SMBv1 server protocol is disabled.
EnableSMB1Protocol=False

LAPS detected

  • Category: security
  • ID: sec.exposure.laps_present
  • A LAPS mechanism is present.
Windows LAPS reg key

Domain secure channel healthy

  • Category: health
  • ID: health.domain.secure_channel_ok
  • Machine trust relationship with the domain is intact.
Domain=ucryo.local

Time service source

  • Category: health
  • ID: health.time.source
  • Current Windows Time service source.
Source=UC2-SERVER.ucryo.local

Battery present

  • Category: health
  • ID: health.battery.present
  • Battery detected. (Wear-level / design-vs-full-capacity requires a powercfg battery report, not collected here.)
EstimatedChargeRemaining=224%; BatteryStatus=2

No backup agent detected

  • Category: health
  • ID: health.backup.none
  • No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
No matching backup service in Win32_Service

Inventory Baseline Summary

  • Manufacturer / Model: Dell Inc. / Precision M4800
  • Serial: CTWRT32
  • CPU: Intel(R) Core(TM) i7-4910MQ CPU @ 2.90GHz (4 cores / 8 logical)
  • RAM (GB): 15.9
  • BIOS: A16 (2015-12-01)
  • Chassis is laptop: true
  • TPM present / Secure Boot: ? / true
  • Domain joined: true (ucryo.local)
  • OS activation licensed: true
  • Uptime (days): 0.2
  • Pending reboot: true
  • Installed software count: 117
  • Scheduled tasks (non-MS, enabled): 19
  • Local administrators: HOBBES\Administrator, HOBBES\localadmin, HOBBES\paul, UCRYO\Domain Admins

Fixed volumes

  • [unlabeled] - 0.1 GB free of 0.5 GB (15.4%)
  • C: - 748.2 GB free of 931 GB (80.4%)
  • [unlabeled] - 0.1 GB free of 0.1 GB (72%)
  • [Recovery] - 0.5 GB free of 0.5 GB (97.4%)

Network adapters

  • Intel(R) Ethernet Connection I217-LM - IP: 172.29.0.137, fe80::529a:39b9:465d:500b - DNS: 172.29.0.5, 8.8.8.8 - DHCP: true

Diff vs Prior Baseline

  • No prior baseline found for this host. This is the first baseline.

Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: HOBBES-20260603T004835.json (immutable).

Reference in New Issue View Git Blame Copy Permalink