azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/ucryo/onboarding-baselines/UC2-SERVER-20260603T004304.json
Mike Swanson 0413df8459 sync: auto-sync from GURU-5070 at 2026-06-02 18:44:13 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 18:44:13
2026-06-02 18:44:21 -07:00

578 lines
19 KiB
JSON
Raw Blame History

{
"host": "UC2-SERVER",
"collected_at_utc": "2026-06-03T00:41:48Z",
"os": {
"caption": "Microsoft Windows Server 2012 R2 Essentials",
"version": "6.3.9600",
"build": "9600",
"install_date": "2016-05-27T08:40:20Z",
"last_boot_utc": "2026-04-27T12:16:28Z",
"architecture": "64-bit"
},
"facts": {
"builtin_admin_enabled": null,
"defender": {
"available": false
},
"pending_updates": 0,
"pending_reboot": true,
"uptime_days": 36.5,
"acg_managed_tools": [
"ScreenConnect / ConnectWise Control",
"Splashtop (SOS/Streamer)",
"Syncro / Kabuto"
],
"hardware": {
"model": "Virtual Machine",
"manufacturer": "Microsoft Corporation",
"bios_date": "2012-05-23",
"cpu_logical": 6,
"bios_version": "090006 ",
"cpu_cores": 6,
"ram_gb": 18,
"serial": "4644-9206-3161-7423-6607-4293-62",
"cpu": "Intel(R) Xeon(R) CPU E5450 @ 3.00GHz"
},
"local_administrators": [
"Accounting",
"Administrator",
"arthur",
"Domain Admins",
"Enterprise Admins",
"greg",
"kirby",
"localadmin",
"paul",
"richard",
"VPND",
"William"
],
"os_build": "9600",
"secure_boot": null,
"backup_agents": null,
"autoruns_run_keys": [],
"physical_disks": [
{
"health": "Healthy",
"model": "PhysicalDisk0",
"media_type": "UnSpecified"
},
{
"health": "Healthy",
"model": "PhysicalDisk1",
"media_type": "UnSpecified"
}
],
"scheduled_tasks_count": 8,
"volumes": [
{
"drive": "\u0000:",
"size_gb": 0.3,
"free_pct": 20.6,
"free_gb": 0.1
},
{
"drive": "E:",
"size_gb": 931.5,
"free_pct": 39,
"free_gb": 363.3
},
{
"drive": "C:",
"size_gb": 499.7,
"free_pct": 74.8,
"free_gb": 374
}
],
"network_adapters": [
{
"dhcp": false,
"description": "Microsoft Hyper-V Network Adapter",
"gateway": [
"172.29.0.1"
],
"mac": "00:15:5D:00:04:01",
"ip": [
"172.29.0.5",
"fe80::ed92:3fe4:fb92:fef6"
],
"dns": [
"172.29.0.5",
"8.8.8.8"
]
}
],
"failed_autostart_services": [
{
"name": "CertSvc",
"display": "Active Directory Certificate Services",
"state": "Stopped"
},
{
"name": "IISADMIN",
"display": "IIS Admin Service",
"state": "Stopped"
},
{
"name": "ShellHWDetection",
"display": "Shell Hardware Detection",
"state": "Stopped"
}
],
"stability_14d": {
"unexpected_shutdowns": 0,
"disk_errors": 0,
"bugchecks": 0
},
"exposure": {
"smb1_enabled": true,
"laps_present": false,
"rdp_enabled": true,
"uac_enabled": true,
"rdp_nla": true
},
"accounts_password_never_expires": [],
"installed_software": [
{
"publisher": "Adobe Systems Incorporated",
"name": "Adobe Flash Player 11 ActiveX",
"version": "11.3.300.268"
},
{
"publisher": "Piriform",
"name": "Defraggler",
"version": "2.22"
},
{
"publisher": "Google LLC",
"name": "Google Chrome",
"version": "109.0.5414.168"
},
{
"publisher": "Google Inc.",
"name": "Google Update Helper",
"version": "1.3.25.5"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Silverlight",
"version": "5.1.50918.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2005 Redistributable",
"version": "8.0.61001"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17",
"version": "9.0.30729"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161",
"version": "9.0.30729.6161"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219",
"version": "10.0.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030",
"version": "11.0.61030.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030",
"version": "11.0.61030"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030",
"version": "11.0.61030"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501",
"version": "12.0.30501.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501",
"version": "12.0.30501.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212",
"version": "14.0.24212.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212",
"version": "14.0.24212"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212",
"version": "14.0.24212"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35112",
"version": "14.44.35112.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35112",
"version": "14.44.35112"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35112",
"version": "14.44.35112"
},
{
"publisher": "Arizona Computer Guru",
"name": "Online Backup 8.6",
"version": "8.6"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks",
"version": "24.0.4003.2403"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks",
"version": "30.0.4006.3000"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks Runtime Redistributable",
"version": "1.00.0000"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks Server 2014",
"version": "24.0.4003.2403"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks Server 2020",
"version": "30.0.4006.3000"
},
{
"publisher": "ScreenConnect Software",
"name": "ScreenConnect Client (1912bf3444b41a08)",
"version": "26.1.24.9579"
},
{
"publisher": "Dassault Systemes SolidWorks Corp",
"name": "SOLIDWORKS SolidNetWork License Manager",
"version": "27.30.0052"
},
{
"publisher": "Splashtop Inc.",
"name": "Splashtop Streamer",
"version": "3.5.8.0"
},
{
"publisher": "Servably, Inc.",
"name": "Syncro",
"version": "1.0.0.0"
},
{
"publisher": "Servably, Inc.",
"name": "Syncro",
"version": "1.0.201.18410"
},
{
"publisher": "Helios",
"name": "TextPad 8",
"version": "8.0.2"
},
{
"publisher": "win.rar GmbH",
"name": "WinRAR 7.22 (64-bit)",
"version": "7.22.0"
},
{
"publisher": "Antibody Software",
"name": "WizTree v4.31",
"version": "4.31"
},
{
"publisher": "Fresh Software",
"name": "X-NetStat Pro 5.63",
"version": "5.63"
}
],
"tpm": {
"enabled": false,
"ready": false,
"present": false
},
"local_groups": [],
"battery": {
"present": false
},
"activation": {
"edition": "Microsoft Windows Server 2012 R2 Essentials",
"description": "Windows(R) Operating System, OEM_COA_NSLP channel",
"licensed": true,
"license_status_code": 1
},
"time_source": "VM IC Time Synchronization Provider",
"chassis_types": [
3
],
"last_hotfix": {
"hotfix_id": "KB5031003",
"installed_on": "2026-06-02T07:00:00Z"
},
"scheduled_tasks": [
{
"path": "\\",
"name": "Adobe Flash Player Updater",
"state": "Ready"
},
{
"path": "\\",
"name": "GoogleUpdateTaskMachineCore",
"state": "Ready"
},
{
"path": "\\",
"name": "GoogleUpdateTaskMachineUA",
"state": "Ready"
},
{
"path": "\\",
"name": "Optimize Start Menu Cache Files-S-1-5-21-1051390473-2587535097-844096240-1108",
"state": "Ready"
},
{
"path": "\\",
"name": "Optimize Start Menu Cache Files-S-1-5-21-1051390473-2587535097-844096240-1117",
"state": "Ready"
},
{
"path": "\\",
"name": "Optimize Start Menu Cache Files-S-1-5-21-1051390473-2587535097-844096240-500",
"state": "Ready"
},
{
"path": "\\",
"name": "ShadowCopyVolume{a863bf0a-2533-11e6-80bd-806e6f6e6963}",
"state": "Ready"
},
{
"path": "\\",
"name": "ShadowCopyVolume{bc8958b8-23e3-11e6-80b4-806e6f6e6963}",
"state": "Ready"
}
],
"antivirus_products": [],
"domain_joined": true,
"local_users": [],
"bitlocker": {
"available": false,
"os_volume": "C:"
},
"is_laptop": false,
"installed_software_count": 39,
"secure_channel_ok": null,
"firewall_profiles": {
"Private": true,
"Domain": true,
"Public": true
},
"domain": "ucryo.local",
"foreign_agents": null
},
"findings": [
{
"id": "sec.defender.unavailable",
"category": "security",
"severity": "warning",
"title": "Defender status unavailable",
"detail": "Get-MpComputerStatus returned nothing. Defender may be disabled, replaced by a 3rd-party AV, or the cmdlet is unavailable. Confirm an active AV exists (see security-center check).",
"evidence": "Get-MpComputerStatus returned null"
},
{
"id": "sec.av_products.none_registered",
"category": "security",
"severity": "info",
"title": "No AV products registered in Security Center",
"detail": "SecurityCenter2 returned no AntiVirusProduct entries. This is normal on Windows Server SKUs (Security Center is a client feature). On a workstation, confirm Defender or a managed AV is active.",
"evidence": "root\\SecurityCenter2 AntiVirusProduct: none"
},
{
"id": "sec.foreign_agents.none",
"category": "security",
"severity": "info",
"title": "No competitor/leftover management agents detected",
"detail": "No known competitor RMM or unmanaged remote-access agents found in installed programs or services.",
"evidence": "Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service"
},
{
"id": "sec.foreign_agents.acg.screenconnect_connectwise_control",
"category": "security",
"severity": "info",
"title": "Expected ACG management tooling present: ScreenConnect / ConnectWise Control",
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
"evidence": "program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579\nservice: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running"
},
{
"id": "sec.foreign_agents.acg.splashtop_sos_streamer_",
"category": "security",
"severity": "info",
"title": "Expected ACG management tooling present: Splashtop (SOS/Streamer)",
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
"evidence": "program: Splashtop Streamer 3.5.8.0\nservice: SplashtopRemoteService (Splashtop? Remote Service) Running"
},
{
"id": "sec.foreign_agents.acg.syncro_kabuto",
"category": "security",
"severity": "info",
"title": "Expected ACG management tooling present: Syncro / Kabuto",
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
"evidence": "program: Syncro 1.0.201.18410\nprogram: Syncro 1.0.0.0\nservice: Syncro (Syncro) Running"
},
{
"id": "sec.firewall.ok",
"category": "security",
"severity": "info",
"title": "All firewall profiles enabled",
"detail": "Domain, Private, and Public firewall profiles are all enabled.",
"evidence": "Private=True; Domain=True; Public=True"
},
{
"id": "sec.bitlocker.unavailable",
"category": "security",
"severity": "unknown",
"title": "BitLocker status unavailable",
"detail": "Get-BitLockerVolume failed for the OS volume. BitLocker may not be installed (Home edition) or the cmdlet is unavailable. Verify encryption manually (manage-bde -status).",
"evidence": "MountPoint=C:, Get-BitLockerVolume returned null"
},
{
"id": "sec.local_admins.list",
"category": "security",
"severity": "info",
"title": "Local administrators (12)",
"detail": "Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).",
"evidence": "Accounting\nAdministrator\narthur\nDomain Admins\nEnterprise Admins\ngreg\nkirby\nlocaladmin\npaul\nrichard\nVPND\nWilliam"
},
{
"id": "sec.patch.os_build_unknown",
"category": "security",
"severity": "unknown",
"title": "OS build not in EOL map: 9600",
"detail": "The build number is not in the local EOL reference map. Verify support status manually. This may be a Server SKU or a build newer than the map.",
"evidence": "Microsoft Windows Server 2012 R2 Essentials build 9600"
},
{
"id": "sec.patch.last_hotfix",
"category": "security",
"severity": "info",
"title": "Last hotfix: KB5031003",
"detail": "Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).",
"evidence": "KB5031003 installed 2026-06-02T07:00:00Z"
},
{
"id": "sec.exposure.rdp_on",
"category": "security",
"severity": "warning",
"title": "RDP is enabled",
"detail": "Remote Desktop is enabled (NLA required). Confirm it is restricted to VPN or specific source IPs and not exposed to the internet.",
"evidence": "fDenyTSConnections=0; UserAuthentication=1"
},
{
"id": "sec.exposure.smb1",
"category": "security",
"severity": "critical",
"title": "SMBv1 is ENABLED",
"detail": "SMBv1 is an obsolete, insecure protocol (WannaCry/EternalBlue vector). Disable it: Set-SmbServerConfiguration -EnableSMB1Protocol $false and remove the SMB1 feature.",
"evidence": "Get-SmbServerConfiguration EnableSMB1Protocol=True"
},
{
"id": "sec.exposure.no_laps",
"category": "security",
"severity": "info",
"title": "LAPS not detected",
"detail": "No LAPS (Windows LAPS or legacy AdmPwd) detected. Without LAPS, the local admin password is likely static/shared across the fleet. Consider deploying LAPS to randomize and escrow local admin passwords.",
"evidence": "No LAPS registry keys, CSE, or service found"
},
{
"id": "health.stability.clean",
"category": "health",
"severity": "info",
"title": "No stability events in the last 14 days",
"detail": "No unexpected shutdowns, BSODs, or disk errors logged.",
"evidence": "Unexpected shutdowns (id 41)=0; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0"
},
{
"id": "health.reboot_uptime.pending",
"category": "health",
"severity": "warning",
"title": "Reboot pending",
"detail": "A reboot is pending. Pending reboots can block patches and leave the system in a half-updated state. Schedule a restart.",
"evidence": "CBS RebootPending; WU RebootRequired; PendingFileRenameOperations"
},
{
"id": "health.reboot_uptime.long_uptime",
"category": "health",
"severity": "warning",
"title": "Uptime is 36.5 days",
"detail": "Uptime exceeds 30 days. Long uptime usually means pending updates have not been applied (reboots deferred). Schedule maintenance.",
"evidence": "LastBootUpTime=2026-04-27 05:16:28Z"
},
{
"id": "health.failed_services.stopped",
"category": "health",
"severity": "warning",
"title": "3 auto-start service(s) not running",
"detail": "These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.",
"evidence": "CertSvc (Active Directory Certificate Services) = Stopped\nIISADMIN (IIS Admin Service) = Stopped\nShellHWDetection (Shell Hardware Detection) = Stopped"
},
{
"id": "health.time.source",
"category": "health",
"severity": "info",
"title": "Time service source",
"detail": "Current Windows Time service source.",
"evidence": "Source=VM IC Time Synchronization Provider"
},
{
"id": "health.backup.none",
"category": "health",
"severity": "info",
"title": "No backup agent detected",
"detail": "No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.",
"evidence": "No matching backup service in Win32_Service"
}
]
}
Reference in New Issue View Git Blame Copy Permalink