azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/ucryo/onboarding-baselines/UC2-SERVER-20260603T004304.md
Mike Swanson 0413df8459 sync: auto-sync from GURU-5070 at 2026-06-02 18:44:13 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 18:44:13
2026-06-02 18:44:21 -07:00

262 lines
8.1 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Onboarding Diagnostic Baseline - UC2-SERVER
- **Grade:** RED
- **Host:** UC2-SERVER
- **Client:** Universal Cryogenics (`ucryo`)
- **Collected (UTC):** 2026-06-03T00:41:48Z
- **Agent ID:** 64cff183-429c-44bf-aebd-55386417a494
- **Command ID:** 0b9a2d62-b7cc-4f79-bd11-6f9902dd4bf7
- **Findings:** 1 critical / 5 warning / 12 info / 2 unknown
- **OS:** Microsoft Windows Server 2012 R2 Essentials (build 9600)
---
## CRITICAL (1)
### SMBv1 is ENABLED
- **Category:** security
- **ID:** `sec.exposure.smb1`
- SMBv1 is an obsolete, insecure protocol (WannaCry/EternalBlue vector). Disable it: Set-SmbServerConfiguration -EnableSMB1Protocol $false and remove the SMB1 feature.
```
Get-SmbServerConfiguration EnableSMB1Protocol=True
```
## WARNING (5)
### Defender status unavailable
- **Category:** security
- **ID:** `sec.defender.unavailable`
- Get-MpComputerStatus returned nothing. Defender may be disabled, replaced by a 3rd-party AV, or the cmdlet is unavailable. Confirm an active AV exists (see security-center check).
```
Get-MpComputerStatus returned null
```
### RDP is enabled
- **Category:** security
- **ID:** `sec.exposure.rdp_on`
- Remote Desktop is enabled (NLA required). Confirm it is restricted to VPN or specific source IPs and not exposed to the internet.
```
fDenyTSConnections=0; UserAuthentication=1
```
### Reboot pending
- **Category:** health
- **ID:** `health.reboot_uptime.pending`
- A reboot is pending. Pending reboots can block patches and leave the system in a half-updated state. Schedule a restart.
```
CBS RebootPending; WU RebootRequired; PendingFileRenameOperations
```
### Uptime is 36.5 days
- **Category:** health
- **ID:** `health.reboot_uptime.long_uptime`
- Uptime exceeds 30 days. Long uptime usually means pending updates have not been applied (reboots deferred). Schedule maintenance.
```
LastBootUpTime=2026-04-27 05:16:28Z
```
### 3 auto-start service(s) not running
- **Category:** health
- **ID:** `health.failed_services.stopped`
- These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
```
CertSvc (Active Directory Certificate Services) = Stopped
IISADMIN (IIS Admin Service) = Stopped
ShellHWDetection (Shell Hardware Detection) = Stopped
```
## INFO (12)
### No AV products registered in Security Center
- **Category:** security
- **ID:** `sec.av_products.none_registered`
- SecurityCenter2 returned no AntiVirusProduct entries. This is normal on Windows Server SKUs (Security Center is a client feature). On a workstation, confirm Defender or a managed AV is active.
```
root\SecurityCenter2 AntiVirusProduct: none
```
### No competitor/leftover management agents detected
- **Category:** security
- **ID:** `sec.foreign_agents.none`
- No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
```
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service
```
### Expected ACG management tooling present: ScreenConnect / ConnectWise Control
- **Category:** security
- **ID:** `sec.foreign_agents.acg.screenconnect_connectwise_control`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running
```
### Expected ACG management tooling present: Splashtop (SOS/Streamer)
- **Category:** security
- **ID:** `sec.foreign_agents.acg.splashtop_sos_streamer_`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: Splashtop Streamer 3.5.8.0
service: SplashtopRemoteService (Splashtop? Remote Service) Running
```
### Expected ACG management tooling present: Syncro / Kabuto
- **Category:** security
- **ID:** `sec.foreign_agents.acg.syncro_kabuto`
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
```
program: Syncro 1.0.201.18410
program: Syncro 1.0.0.0
service: Syncro (Syncro) Running
```
### All firewall profiles enabled
- **Category:** security
- **ID:** `sec.firewall.ok`
- Domain, Private, and Public firewall profiles are all enabled.
```
Private=True; Domain=True; Public=True
```
### Local administrators (12)
- **Category:** security
- **ID:** `sec.local_admins.list`
- Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
```
Accounting
Administrator
arthur
Domain Admins
Enterprise Admins
greg
kirby
localadmin
paul
richard
VPND
William
```
### Last hotfix: KB5031003
- **Category:** security
- **ID:** `sec.patch.last_hotfix`
- Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
```
KB5031003 installed 2026-06-02T07:00:00Z
```
### LAPS not detected
- **Category:** security
- **ID:** `sec.exposure.no_laps`
- No LAPS (Windows LAPS or legacy AdmPwd) detected. Without LAPS, the local admin password is likely static/shared across the fleet. Consider deploying LAPS to randomize and escrow local admin passwords.
```
No LAPS registry keys, CSE, or service found
```
### No stability events in the last 14 days
- **Category:** health
- **ID:** `health.stability.clean`
- No unexpected shutdowns, BSODs, or disk errors logged.
```
Unexpected shutdowns (id 41)=0; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0
```
### Time service source
- **Category:** health
- **ID:** `health.time.source`
- Current Windows Time service source.
```
Source=VM IC Time Synchronization Provider
```
### No backup agent detected
- **Category:** health
- **ID:** `health.backup.none`
- No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
```
No matching backup service in Win32_Service
```
## UNKNOWN (2)
### BitLocker status unavailable
- **Category:** security
- **ID:** `sec.bitlocker.unavailable`
- Get-BitLockerVolume failed for the OS volume. BitLocker may not be installed (Home edition) or the cmdlet is unavailable. Verify encryption manually (manage-bde -status).
```
MountPoint=C:, Get-BitLockerVolume returned null
```
### OS build not in EOL map: 9600
- **Category:** security
- **ID:** `sec.patch.os_build_unknown`
- The build number is not in the local EOL reference map. Verify support status manually. This may be a Server SKU or a build newer than the map.
```
Microsoft Windows Server 2012 R2 Essentials build 9600
```
---
## Inventory Baseline Summary
- **Manufacturer / Model:** Microsoft Corporation / Virtual Machine
- **Serial:** 4644-9206-3161-7423-6607-4293-62
- **CPU:** Intel(R) Xeon(R) CPU E5450 @ 3.00GHz (6 cores / 6 logical)
- **RAM (GB):** 18
- **BIOS:** 090006 (2012-05-23)
- **Chassis is laptop:** false
- **TPM present / Secure Boot:** ? / ?
- **Domain joined:** true (ucryo.local)
- **OS activation licensed:** true
- **Uptime (days):** 36.5
- **Pending reboot:** true
- **Installed software count:** 39
- **Scheduled tasks (non-MS, enabled):** 8
- **Local administrators:** Accounting, Administrator, arthur, Domain Admins, Enterprise Admins, greg, kirby, localadmin, paul, richard, VPND, William
### Fixed volumes
- : - 0.1 GB free of 0.3 GB (20.6%)
- E: - 363.3 GB free of 931.5 GB (39%)
- C: - 374 GB free of 499.7 GB (74.8%)
### Network adapters
- Microsoft Hyper-V Network Adapter - IP: 172.29.0.5, fe80::ed92:3fe4:fb92:fef6 - DNS: 172.29.0.5, 8.8.8.8 - DHCP: false
---
## Diff vs Prior Baseline
- No prior baseline found for this host. This is the first baseline.
---
_Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: `UC2-SERVER-20260603T004304.json` (immutable)._
Reference in New Issue View Git Blame Copy Permalink