azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/ucryo/onboarding-baselines/KIRBY-20260603T003656.md
Mike Swanson 0413df8459 sync: auto-sync from GURU-5070 at 2026-06-02 18:44:13 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 18:44:13
2026-06-02 18:44:21 -07:00

8.0 KiB
Raw Blame History

Onboarding Diagnostic Baseline - KIRBY

  • Grade: RED

  • Host: KIRBY

  • Client: Universal Cryogenics (ucryo)

  • Collected (UTC): 2026-06-03T00:35:40Z

  • Agent ID: 82f16929-ec3c-434b-81f9-84b63e0af56d

  • Command ID: b7cf0191-c81c-414f-9a3b-0fe2d0205552

  • Findings: 2 critical / 4 warning / 17 info / 0 unknown

  • OS: Microsoft Windows 10 Pro (build 19045)

CRITICAL (2)

OS volume is NOT encrypted with BitLocker

  • Category: security
  • ID: sec.bitlocker.unencrypted
  • The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. This is a laptop (portable chassis), so the data-at-rest risk if lost or stolen is high. Enable BitLocker and escrow the recovery key.
Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors=

OS build is end-of-life: Win10 22H2

  • Category: security
  • ID: sec.patch.os_eol
  • This OS build (19045, Win10 22H2) passed end-of-servicing on 2025-10-14. It no longer receives security updates. Plan a feature update or OS upgrade.
Microsoft Windows 10 Pro build 19045; EOL 2025-10-14

WARNING (4)

4 pending Windows updates

  • Category: security
  • ID: sec.patch.pending
  • Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.
Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 4

RDP is enabled

  • Category: security
  • ID: sec.exposure.rdp_on
  • Remote Desktop is enabled (NLA required). Confirm it is restricted to VPN or specific source IPs and not exposed to the internet.
fDenyTSConnections=0; UserAuthentication=1

Reboot pending

  • Category: health
  • ID: health.reboot_uptime.pending
  • A reboot is pending. Pending reboots can block patches and leave the system in a half-updated state. Schedule a restart.
PendingFileRenameOperations

Uptime is 35.3 days

  • Category: health
  • ID: health.reboot_uptime.long_uptime
  • Uptime exceeds 30 days. Long uptime usually means pending updates have not been applied (reboots deferred). Schedule maintenance.
LastBootUpTime=2026-04-28 10:03:48Z

INFO (17)

Defender active and current

  • Category: security
  • ID: sec.defender.ok
  • Real-time protection on, service running, signatures current.
RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=0 days; IsTamperProtected=True

Defender is the only registered AV

  • Category: security
  • ID: sec.av_products.defender_only
  • Only Microsoft/Windows Defender is registered in Security Center.
Windows Defender

No competitor/leftover management agents detected

  • Category: security
  • ID: sec.foreign_agents.none
  • No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service

Expected ACG management tooling present: ScreenConnect / ConnectWise Control

  • Category: security
  • ID: sec.foreign_agents.acg.screenconnect_connectwise_control
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running

Expected ACG management tooling present: Splashtop (SOS/Streamer)

  • Category: security
  • ID: sec.foreign_agents.acg.splashtop_sos_streamer_
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: Splashtop Streamer 3.8.2.0
service: SplashtopRemoteService (Splashtop? Remote Service) Running

Expected ACG management tooling present: Syncro / Kabuto

  • Category: security
  • ID: sec.foreign_agents.acg.syncro_kabuto
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: Syncro 1.0.201.18410
service: Syncro (Syncro) Running

All firewall profiles enabled

  • Category: security
  • ID: sec.firewall.ok
  • Domain, Private, and Public firewall profiles are all enabled.
Private=True; Domain=True; Public=True

Local administrators (4)

  • Category: security
  • ID: sec.local_admins.list
  • Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
KIRBY\Administrator
KIRBY\localadmin
KIRBY\paul
UCRYO\Domain Admins

Last hotfix: KB5072653

  • Category: security
  • ID: sec.patch.last_hotfix
  • Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
KB5072653 installed 2025-11-20T07:00:00Z

SMBv1 disabled

  • Category: security
  • ID: sec.exposure.smb1_off
  • SMBv1 server protocol is disabled.
EnableSMB1Protocol=False

LAPS detected

  • Category: security
  • ID: sec.exposure.laps_present
  • A LAPS mechanism is present.
Windows LAPS reg key

No stability events in the last 14 days

  • Category: health
  • ID: health.stability.clean
  • No unexpected shutdowns, BSODs, or disk errors logged.
Unexpected shutdowns (id 41)=0; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0

All auto-start services running

  • Category: health
  • ID: health.failed_services.ok
  • No automatic-start services found stopped (excluding known trigger-start/update services).
Win32_Service StartMode=Auto State!=Running -> none significant

Domain secure channel healthy

  • Category: health
  • ID: health.domain.secure_channel_ok
  • Machine trust relationship with the domain is intact.
Domain=ucryo.local

Time service source

  • Category: health
  • ID: health.time.source
  • Current Windows Time service source.
Source=UC2-SERVER.ucryo.local

Battery present

  • Category: health
  • ID: health.battery.present
  • Battery detected. (Wear-level / design-vs-full-capacity requires a powercfg battery report, not collected here.)
EstimatedChargeRemaining=94%; BatteryStatus=2

No backup agent detected

  • Category: health
  • ID: health.backup.none
  • No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
No matching backup service in Win32_Service

Inventory Baseline Summary

  • Manufacturer / Model: LENOVO / 82K8
  • Serial: PF40739R
  • CPU: AMD Ryzen 7 5800H with Radeon Graphics (8 cores / 16 logical)
  • RAM (GB): 31.4
  • BIOS: HACN42WW (2023-11-17)
  • Chassis is laptop: true
  • TPM present / Secure Boot: true / true
  • Domain joined: true (ucryo.local)
  • OS activation licensed: true
  • Uptime (days): 35.3
  • Pending reboot: true
  • Installed software count: 82
  • Scheduled tasks (non-MS, enabled): 15
  • Local administrators: KIRBY\Administrator, KIRBY\localadmin, KIRBY\paul, UCRYO\Domain Admins

Fixed volumes

  • C: - 282.7 GB free of 474.4 GB (59.6%)
  • [WINRE_DRV] - 1.1 GB free of 2 GB (56.5%)
  • [unlabeled] - 0.1 GB free of 0.1 GB (72%)
  • [unlabeled] - 0.1 GB free of 0.5 GB (16.6%)

Network adapters

  • MediaTek Wi-Fi 6 MT7921 Wireless LAN Card - IP: 172.29.0.148, fe80::d7aa:6bcd:882c:e640 - DNS: 172.29.0.5, 8.8.8.8 - DHCP: true

Diff vs Prior Baseline

  • No prior baseline found for this host. This is the first baseline.

Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: KIRBY-20260603T003656.json (immutable).

Reference in New Issue View Git Blame Copy Permalink