azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/ucryo/onboarding-baselines/LILO-20260603T005456.md
Mike Swanson 0413df8459 sync: auto-sync from GURU-5070 at 2026-06-02 18:44:13 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 18:44:13
2026-06-02 18:44:21 -07:00

279 lines
8.2 KiB
Markdown
Raw Blame History

# Onboarding Diagnostic Baseline - LILO
- **Grade:** RED
- **Host:** LILO
- **Client:** Universal Cryogenics (`ucryo`)
- **Collected (UTC):** 2026-06-03T00:52:27Z
- **Agent ID:** 5d0bdfc0-cb58-496f-b9bd-d585eb643d85
- **Command ID:** c3002dde-bb3b-4ce5-b54c-e8ea4714a071
- **Findings:** 2 critical / 5 warning / 16 info / 0 unknown
- **OS:** Microsoft Windows 10 Pro (build 19045)
---
## CRITICAL (2)
### OS volume is NOT encrypted with BitLocker
- **Category:** security
- **ID:** `sec.bitlocker.unencrypted`
- The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. This is a laptop (portable chassis), so the data-at-rest risk if lost or stolen is high. Enable BitLocker and escrow the recovery key.
```
Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors=
```
### OS build is end-of-life: Win10 22H2
- **Category:** security
- **ID:** `sec.patch.os_eol`
- This OS build (19045, Win10 22H2) passed end-of-servicing on 2025-10-14. It no longer receives security updates. Plan a feature update or OS upgrade.
```
Microsoft Windows 10 Pro build 19045; EOL 2025-10-14
```
## WARNING (5)
### 1 pending Windows updates
- **Category:** security
- **ID:** `sec.patch.pending`
- Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.
```
Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 1
```
### RDP is enabled
- **Category:** security
- **ID:** `sec.exposure.rdp_on`
- Remote Desktop is enabled (NLA required). Confirm it is restricted to VPN or specific source IPs and not exposed to the internet.
```
fDenyTSConnections=0; UserAuthentication=1
```
### Reboot pending
- **Category:** health
- **ID:** `health.reboot_uptime.pending`
- A reboot is pending. Pending reboots can block patches and leave the system in a half-updated state. Schedule a restart.
```
PendingFileRenameOperations
```
### Uptime is 82.3 days
- **Category:** health
- **ID:** `health.reboot_uptime.long_uptime`
- Uptime exceeds 30 days. Long uptime usually means pending updates have not been applied (reboots deferred). Schedule maintenance.
```
LastBootUpTime=2026-03-12 10:25:21Z
```
### 3 auto-start service(s) not running
- **Category:** health
- **ID:** `health.failed_services.stopped`
- These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
```
gpsvc (Group Policy Client) = Stopped
Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped
LPlatSvc (Lenovo Platform Service) = Stopped
```
## INFO (16)
### Defender active and current
- **Category:** security
- **ID:** `sec.defender.ok`
- Real-time protection on, service running, signatures current.
```
RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=0 days; IsTamperProtected=True
```
### Defender is the only registered AV
- **Category:** security
- **ID:** `sec.av_products.defender_only`
- Only Microsoft/Windows Defender is registered in Security Center.
```
Windows Defender
```
### No competitor/leftover management agents detected
- **Category:** security
- **ID:** `sec.foreign_agents.none`
- No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
```
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service
```
### Expected ACG management tooling present: ScreenConnect / ConnectWise Control
- **Category:** security
- **ID:** `sec.foreign_agents.acg.screenconnect_connectwise_control`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running
```
### Expected ACG management tooling present: Splashtop (SOS/Streamer)
- **Category:** security
- **ID:** `sec.foreign_agents.acg.splashtop_sos_streamer_`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: Splashtop Streamer 3.8.2.0
service: SplashtopRemoteService (Splashtop? Remote Service) Running
```
### Expected ACG management tooling present: Syncro / Kabuto
- **Category:** security
- **ID:** `sec.foreign_agents.acg.syncro_kabuto`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: Syncro 1.0.201.18410
service: Syncro (Syncro) Running
```
### All firewall profiles enabled
- **Category:** security
- **ID:** `sec.firewall.ok`
- Domain, Private, and Public firewall profiles are all enabled.
```
Private=True; Domain=True; Public=True
```
### Local administrators (5)
- **Category:** security
- **ID:** `sec.local_admins.list`
- Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
```
LILO\Administrator
LILO\localadmin
LILO\me
LILO\paul
UCRYO\Domain Admins
```
### Last hotfix: KB5072653
- **Category:** security
- **ID:** `sec.patch.last_hotfix`
- Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
```
KB5072653 installed 2025-11-18T07:00:00Z
```
### SMBv1 disabled
- **Category:** security
- **ID:** `sec.exposure.smb1_off`
- SMBv1 server protocol is disabled.
```
EnableSMB1Protocol=False
```
### LAPS detected
- **Category:** security
- **ID:** `sec.exposure.laps_present`
- A LAPS mechanism is present.
```
Windows LAPS reg key
```
### No stability events in the last 14 days
- **Category:** health
- **ID:** `health.stability.clean`
- No unexpected shutdowns, BSODs, or disk errors logged.
```
Unexpected shutdowns (id 41)=0; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0
```
### Domain secure channel healthy
- **Category:** health
- **ID:** `health.domain.secure_channel_ok`
- Machine trust relationship with the domain is intact.
```
Domain=ucryo.local
```
### Time service source
- **Category:** health
- **ID:** `health.time.source`
- Current Windows Time service source.
```
Source=UC2-SERVER.ucryo.local
```
### Battery present
- **Category:** health
- **ID:** `health.battery.present`
- Battery detected. (Wear-level / design-vs-full-capacity requires a powercfg battery report, not collected here.)
```
EstimatedChargeRemaining=99%; BatteryStatus=2
```
### No backup agent detected
- **Category:** health
- **ID:** `health.backup.none`
- No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
```
No matching backup service in Win32_Service
```
---
## Inventory Baseline Summary
- **Manufacturer / Model:** LENOVO / 20EQS12M00
- **Serial:** PC0G9X3B
- **CPU:** Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz (4 cores / 8 logical)
- **RAM (GB):** 31.8
- **BIOS:** N1EETA2W (1.75 ) (2024-03-18)
- **Chassis is laptop:** true
- **TPM present / Secure Boot:** true / true
- **Domain joined:** true (ucryo.local)
- **OS activation licensed:** true
- **Uptime (days):** 82.3
- **Pending reboot:** true
- **Installed software count:** 105
- **Scheduled tasks (non-MS, enabled):** 21
- **Local administrators:** LILO\Administrator, LILO\localadmin, LILO\me, LILO\paul, UCRYO\Domain Admins
### Fixed volumes
- [unlabeled] - 0.1 GB free of 0.6 GB (13.8%)
- [Recovery] - 0.5 GB free of 0.5 GB (97.4%)
- [unlabeled] - 0.1 GB free of 0.1 GB (72%)
- C: - 679.3 GB free of 930.3 GB (73%)
### Network adapters
- Intel(R) Dual Band Wireless-AC 8260 - IP: 172.29.0.129, fe80::a46c:9046:12ba:7f13 - DNS: 172.29.0.5, 8.8.8.8 - DHCP: true
---
## Diff vs Prior Baseline
- No prior baseline found for this host. This is the first baseline.
---
_Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: `LILO-20260603T005456.json` (immutable)._
Reference in New Issue View Git Blame Copy Permalink