azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/ucryo/onboarding-baselines/UC2-SERVER-20260603T004304.md
Mike Swanson 0413df8459 sync: auto-sync from GURU-5070 at 2026-06-02 18:44:13 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 18:44:13
2026-06-02 18:44:21 -07:00

8.1 KiB
Raw Blame History

Onboarding Diagnostic Baseline - UC2-SERVER

  • Grade: RED

  • Host: UC2-SERVER

  • Client: Universal Cryogenics (ucryo)

  • Collected (UTC): 2026-06-03T00:41:48Z

  • Agent ID: 64cff183-429c-44bf-aebd-55386417a494

  • Command ID: 0b9a2d62-b7cc-4f79-bd11-6f9902dd4bf7

  • Findings: 1 critical / 5 warning / 12 info / 2 unknown

  • OS: Microsoft Windows Server 2012 R2 Essentials (build 9600)

CRITICAL (1)

SMBv1 is ENABLED

  • Category: security
  • ID: sec.exposure.smb1
  • SMBv1 is an obsolete, insecure protocol (WannaCry/EternalBlue vector). Disable it: Set-SmbServerConfiguration -EnableSMB1Protocol $false and remove the SMB1 feature.
Get-SmbServerConfiguration EnableSMB1Protocol=True

WARNING (5)

Defender status unavailable

  • Category: security
  • ID: sec.defender.unavailable
  • Get-MpComputerStatus returned nothing. Defender may be disabled, replaced by a 3rd-party AV, or the cmdlet is unavailable. Confirm an active AV exists (see security-center check).
Get-MpComputerStatus returned null

RDP is enabled

  • Category: security
  • ID: sec.exposure.rdp_on
  • Remote Desktop is enabled (NLA required). Confirm it is restricted to VPN or specific source IPs and not exposed to the internet.
fDenyTSConnections=0; UserAuthentication=1

Reboot pending

  • Category: health
  • ID: health.reboot_uptime.pending
  • A reboot is pending. Pending reboots can block patches and leave the system in a half-updated state. Schedule a restart.
CBS RebootPending; WU RebootRequired; PendingFileRenameOperations

Uptime is 36.5 days

  • Category: health
  • ID: health.reboot_uptime.long_uptime
  • Uptime exceeds 30 days. Long uptime usually means pending updates have not been applied (reboots deferred). Schedule maintenance.
LastBootUpTime=2026-04-27 05:16:28Z

3 auto-start service(s) not running

  • Category: health
  • ID: health.failed_services.stopped
  • These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
CertSvc (Active Directory Certificate Services) = Stopped
IISADMIN (IIS Admin Service) = Stopped
ShellHWDetection (Shell Hardware Detection) = Stopped

INFO (12)

No AV products registered in Security Center

  • Category: security
  • ID: sec.av_products.none_registered
  • SecurityCenter2 returned no AntiVirusProduct entries. This is normal on Windows Server SKUs (Security Center is a client feature). On a workstation, confirm Defender or a managed AV is active.
root\SecurityCenter2 AntiVirusProduct: none

No competitor/leftover management agents detected

  • Category: security
  • ID: sec.foreign_agents.none
  • No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service

Expected ACG management tooling present: ScreenConnect / ConnectWise Control

  • Category: security
  • ID: sec.foreign_agents.acg.screenconnect_connectwise_control
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running

Expected ACG management tooling present: Splashtop (SOS/Streamer)

  • Category: security
  • ID: sec.foreign_agents.acg.splashtop_sos_streamer_
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: Splashtop Streamer 3.5.8.0
service: SplashtopRemoteService (Splashtop? Remote Service) Running

Expected ACG management tooling present: Syncro / Kabuto

  • Category: security
  • ID: sec.foreign_agents.acg.syncro_kabuto
  • This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
program: Syncro 1.0.201.18410
program: Syncro 1.0.0.0
service: Syncro (Syncro) Running

All firewall profiles enabled

  • Category: security
  • ID: sec.firewall.ok
  • Domain, Private, and Public firewall profiles are all enabled.
Private=True; Domain=True; Public=True

Local administrators (12)

  • Category: security
  • ID: sec.local_admins.list
  • Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
Accounting
Administrator
arthur
Domain Admins
Enterprise Admins
greg
kirby
localadmin
paul
richard
VPND
William

Last hotfix: KB5031003

  • Category: security
  • ID: sec.patch.last_hotfix
  • Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
KB5031003 installed 2026-06-02T07:00:00Z

LAPS not detected

  • Category: security
  • ID: sec.exposure.no_laps
  • No LAPS (Windows LAPS or legacy AdmPwd) detected. Without LAPS, the local admin password is likely static/shared across the fleet. Consider deploying LAPS to randomize and escrow local admin passwords.
No LAPS registry keys, CSE, or service found

No stability events in the last 14 days

  • Category: health
  • ID: health.stability.clean
  • No unexpected shutdowns, BSODs, or disk errors logged.
Unexpected shutdowns (id 41)=0; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0

Time service source

  • Category: health
  • ID: health.time.source
  • Current Windows Time service source.
Source=VM IC Time Synchronization Provider

No backup agent detected

  • Category: health
  • ID: health.backup.none
  • No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
No matching backup service in Win32_Service

UNKNOWN (2)

BitLocker status unavailable

  • Category: security
  • ID: sec.bitlocker.unavailable
  • Get-BitLockerVolume failed for the OS volume. BitLocker may not be installed (Home edition) or the cmdlet is unavailable. Verify encryption manually (manage-bde -status).
MountPoint=C:, Get-BitLockerVolume returned null

OS build not in EOL map: 9600

  • Category: security
  • ID: sec.patch.os_build_unknown
  • The build number is not in the local EOL reference map. Verify support status manually. This may be a Server SKU or a build newer than the map.
Microsoft Windows Server 2012 R2 Essentials build 9600

Inventory Baseline Summary

  • Manufacturer / Model: Microsoft Corporation / Virtual Machine
  • Serial: 4644-9206-3161-7423-6607-4293-62
  • CPU: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz (6 cores / 6 logical)
  • RAM (GB): 18
  • BIOS: 090006 (2012-05-23)
  • Chassis is laptop: false
  • TPM present / Secure Boot: ? / ?
  • Domain joined: true (ucryo.local)
  • OS activation licensed: true
  • Uptime (days): 36.5
  • Pending reboot: true
  • Installed software count: 39
  • Scheduled tasks (non-MS, enabled): 8
  • Local administrators: Accounting, Administrator, arthur, Domain Admins, Enterprise Admins, greg, kirby, localadmin, paul, richard, VPND, William

Fixed volumes

  • <EFBFBD>: - 0.1 GB free of 0.3 GB (20.6%)
  • E: - 363.3 GB free of 931.5 GB (39%)
  • C: - 374 GB free of 499.7 GB (74.8%)

Network adapters

  • Microsoft Hyper-V Network Adapter - IP: 172.29.0.5, fe80::ed92:3fe4:fb92:fef6 - DNS: 172.29.0.5, 8.8.8.8 - DHCP: false

Diff vs Prior Baseline

  • No prior baseline found for this host. This is the first baseline.

Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: UC2-SERVER-20260603T004304.json (immutable).

Reference in New Issue View Git Blame Copy Permalink