azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/ucryo/onboarding-baselines/WIN-709JUVCJ2DQ-20260603T004420.json
Mike Swanson 0413df8459 sync: auto-sync from GURU-5070 at 2026-06-02 18:44:13 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 18:44:13
2026-06-02 18:44:21 -07:00

682 lines
22 KiB
JSON
Raw Blame History

{
"host": "WIN-709JUVCJ2DQ",
"collected_at_utc": "2026-06-03T00:43:19Z",
"os": {
"caption": "Microsoft Windows Server 2012 R2 Essentials",
"version": "6.3.9600",
"build": "9600",
"install_date": "2016-05-20T01:24:32Z",
"last_boot_utc": "2026-04-27T12:14:06Z",
"architecture": "64-bit"
},
"facts": {
"builtin_admin_enabled": null,
"defender": {
"available": false
},
"pending_updates": 0,
"pending_reboot": false,
"uptime_days": 36.5,
"acg_managed_tools": [
"ScreenConnect / ConnectWise Control",
"Splashtop (SOS/Streamer)",
"Syncro / Kabuto"
],
"hardware": {
"model": "PowerEdge 2950",
"manufacturer": "Dell Inc.",
"bios_date": "2008-04-29",
"cpu_logical": 4,
"bios_version": "2.3.1",
"cpu_cores": 4,
"ram_gb": 32,
"serial": "762F0G1",
"cpu": "Intel(R) Xeon(R) CPU E5450 @ 3.00GHz"
},
"os_build": "9600",
"secure_boot": null,
"backup_agents": [
{
"label": "Veeam",
"service": "VeeamBackupSvc",
"state": "Stopped"
},
{
"label": "Veeam",
"service": "VeeamCatalogSvc",
"state": "Stopped"
},
{
"label": "Veeam",
"service": "VeeamCloudSvc",
"state": "Stopped"
},
{
"label": "Veeam",
"service": "VeeamDeploySvc",
"state": "Running"
},
{
"label": "Veeam",
"service": "VeeamHvIntegrationSvc",
"state": "Running"
},
{
"label": "Veeam",
"service": "VeeamMountSvc",
"state": "Stopped"
},
{
"label": "Veeam",
"service": "VeeamNFSSvc",
"state": "Running"
},
{
"label": "Veeam",
"service": "VeeamTransportSvc",
"state": "Running"
}
],
"autoruns_run_keys": [
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "VirtualCloneDrive",
"value": "\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
}
],
"physical_disks": [
{
"health": "Healthy",
"model": "PhysicalDisk0",
"media_type": "UnSpecified"
},
{
"health": "Healthy",
"model": "PhysicalDisk1",
"media_type": "UnSpecified"
},
{
"health": "Healthy",
"model": "PhysicalDisk2",
"media_type": "UnSpecified"
}
],
"scheduled_tasks_count": 6,
"volumes": [
{
"drive": "\u0000:",
"size_gb": 0.3,
"free_pct": 20.6,
"free_gb": 0.1
},
{
"drive": "F:",
"size_gb": 1395.7,
"free_pct": 33.3,
"free_gb": 464.8
},
{
"drive": "M:",
"size_gb": 4657.5,
"free_pct": 94.8,
"free_gb": 4417.1
},
{
"drive": "C:",
"size_gb": 878.6,
"free_pct": 95.4,
"free_gb": 837.8
},
{
"drive": "E:",
"size_gb": 983.6,
"free_pct": 4.1,
"free_gb": 40.4
}
],
"network_adapters": [
{
"dhcp": false,
"description": "Hyper-V Virtual Ethernet Adapter #2",
"gateway": [
"172.29.0.1"
],
"mac": "00:1E:C9:3E:75:52",
"ip": [
"172.29.0.4",
"fe80::a8c1:e232:97d6:976"
],
"dns": [
"8.8.8.8",
"4.4.8.8"
]
}
],
"failed_autostart_services": [
{
"name": "VeeamBackupSvc",
"display": "Veeam Backup Service",
"state": "Stopped"
},
{
"name": "VeeamCatalogSvc",
"display": "Veeam Guest Catalog Service",
"state": "Stopped"
},
{
"name": "VeeamCloudSvc",
"display": "Veeam Cloud Connect Service",
"state": "Stopped"
},
{
"name": "VeeamMountSvc",
"display": "Veeam Mount Service",
"state": "Stopped"
}
],
"stability_14d": {
"unexpected_shutdowns": 0,
"disk_errors": 0,
"bugchecks": 0
},
"exposure": {
"smb1_enabled": true,
"laps_present": false,
"rdp_enabled": true,
"uac_enabled": true,
"rdp_nla": true
},
"accounts_password_never_expires": [],
"installed_software": [
{
"publisher": "Microsoft",
"name": "D3DX10",
"version": "15.4.2368.0902"
},
{
"publisher": "Google Inc.",
"name": "Google Update Helper",
"version": "1.3.25.5"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Application Error Reporting",
"version": "12.0.6015.5000"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Silverlight",
"version": "5.1.50918.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2008 R2 (64-bit)",
"version": ""
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2008 R2 Native Client",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2008 R2 RsFx Driver",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2008 R2 Setup (English)",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2008 Setup Support Files ",
"version": "10.1.2731.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2012 Management Objects (x64)",
"version": "11.0.2100.60"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server Browser",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server VSS Writer",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Sync Framework 2.0 Core Components (x64) ENU ",
"version": "2.0.1578.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Sync Framework 2.0 Provider Services (x64) ENU ",
"version": "2.0.1578.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft System CLR Types for SQL Server 2012 (x64)",
"version": "11.0.2100.60"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219",
"version": "10.0.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Movie Maker",
"version": "16.4.3528.0331"
},
{
"publisher": "Microsoft",
"name": "MSVCRT110",
"version": "16.4.1108.0727"
},
{
"publisher": "Microsoft Corporation",
"name": "Photo Gallery",
"version": "16.4.3528.0331"
},
{
"publisher": "ScreenConnect Software",
"name": "ScreenConnect Client (1912bf3444b41a08)",
"version": "26.1.24.9579"
},
{
"publisher": "Microsoft Corporation",
"name": "Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)",
"version": "10.51.2500.0"
},
{
"publisher": "Splashtop Inc.",
"name": "Splashtop Software Updater",
"version": "1.5.6.19"
},
{
"publisher": "Splashtop Inc.",
"name": "Splashtop Streamer",
"version": "3.5.0.2"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2008 R2 SP1 Common Files",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2008 R2 SP1 Database Engine Services",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2008 R2 SP1 Database Engine Shared",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Sql Server Customer Experience Improvement Program",
"version": "10.50.1600.1"
},
{
"publisher": "Servably, Inc.",
"name": "Syncro",
"version": "1.0.201.18410"
},
{
"publisher": "Microsoft",
"name": "SyncToy 2.1 (x64)",
"version": "2.1.0"
},
{
"publisher": "Helios",
"name": "TextPad 8",
"version": "8.0.2"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Backup & Replication",
"version": "9.0.0.902"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Backup & Replication Console",
"version": "9.0.0.902"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Backup & Replication Server",
"version": "9.0.0.902"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Backup Catalog",
"version": "9.0.0.902"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Backup Transport",
"version": "9.0.0.902"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Backup vPowerNFS",
"version": "9.0.0.902"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Explorer for Microsoft Active Directory",
"version": "9.0.0.1307"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Explorer for Microsoft Exchange",
"version": "9.0.0.1307"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Explorer for Microsoft SharePoint",
"version": "9.0.0.1307"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Explorer for Microsoft SQL Server",
"version": "9.0.0.1307"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Explorer for Oracle",
"version": "9.0.0.1307"
},
{
"publisher": "Veeam Software AG",
"name": "Veeam Hyper-V Integration",
"version": "9.0.0.902"
},
{
"publisher": "videowinsoft.com",
"name": "Video Win Movie Maker 2016",
"version": ""
},
{
"publisher": "Elaborate Bytes",
"name": "VirtualCloneDrive",
"version": "5.5.0.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Windows Live Installer",
"version": "16.4.3528.0331"
},
{
"publisher": "Microsoft Corporation",
"name": "Windows Live Photo Common",
"version": "16.4.3528.0331"
},
{
"publisher": "Microsoft Corporation",
"name": "Windows Live SOXE",
"version": "16.4.3528.0331"
},
{
"publisher": "Microsoft Corporation",
"name": "Windows Live UX Platform",
"version": "16.4.3528.0331"
}
],
"tpm": {
"enabled": false,
"ready": false,
"present": false
},
"local_groups": [],
"battery": {
"present": false
},
"activation": {
"edition": "Microsoft Windows Server 2012 R2 Essentials",
"description": "Windows(R) Operating System, OEM_COA_NSLP channel",
"licensed": true,
"license_status_code": 1
},
"time_source": "The following error occurred: The service has not been started. (0x80070426)",
"chassis_types": [
23
],
"last_hotfix": {
"hotfix_id": "KB5031003",
"installed_on": "2023-10-12T07:00:00Z"
},
"scheduled_tasks": [
{
"path": "\\",
"name": "GoogleUpdateTaskMachineCore",
"state": "Ready"
},
{
"path": "\\",
"name": "GoogleUpdateTaskMachineUA",
"state": "Ready"
},
{
"path": "\\",
"name": "Optimize Start Menu Cache Files-S-1-5-21-3747875994-3968202050-1352405024-1007",
"state": "Ready"
},
{
"path": "\\",
"name": "Optimize Start Menu Cache Files-S-1-5-21-3747875994-3968202050-1352405024-1008",
"state": "Ready"
},
{
"path": "\\",
"name": "Optimize Start Menu Cache Files-S-1-5-21-3747875994-3968202050-1352405024-500",
"state": "Ready"
},
{
"path": "\\",
"name": "VeeamZIP Monday",
"state": "Ready"
}
],
"antivirus_products": [],
"domain_joined": false,
"local_users": [],
"bitlocker": {
"available": false,
"os_volume": "C:"
},
"is_laptop": false,
"installed_software_count": 48,
"local_administrators": [
"Administrator",
"Guru",
"Jacobs",
"localadmin",
"paul"
],
"firewall_profiles": {
"Private": true,
"Domain": true,
"Public": true
},
"domain": "WORKGROUP",
"foreign_agents": null
},
"findings": [
{
"id": "sec.defender.unavailable",
"category": "security",
"severity": "warning",
"title": "Defender status unavailable",
"detail": "Get-MpComputerStatus returned nothing. Defender may be disabled, replaced by a 3rd-party AV, or the cmdlet is unavailable. Confirm an active AV exists (see security-center check).",
"evidence": "Get-MpComputerStatus returned null"
},
{
"id": "sec.av_products.none_registered",
"category": "security",
"severity": "info",
"title": "No AV products registered in Security Center",
"detail": "SecurityCenter2 returned no AntiVirusProduct entries. This is normal on Windows Server SKUs (Security Center is a client feature). On a workstation, confirm Defender or a managed AV is active.",
"evidence": "root\\SecurityCenter2 AntiVirusProduct: none"
},
{
"id": "sec.foreign_agents.none",
"category": "security",
"severity": "info",
"title": "No competitor/leftover management agents detected",
"detail": "No known competitor RMM or unmanaged remote-access agents found in installed programs or services.",
"evidence": "Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service"
},
{
"id": "sec.foreign_agents.acg.screenconnect_connectwise_control",
"category": "security",
"severity": "info",
"title": "Expected ACG management tooling present: ScreenConnect / ConnectWise Control",
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
"evidence": "program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579\nservice: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running"
},
{
"id": "sec.foreign_agents.acg.splashtop_sos_streamer_",
"category": "security",
"severity": "info",
"title": "Expected ACG management tooling present: Splashtop (SOS/Streamer)",
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
"evidence": "program: Splashtop Software Updater 1.5.6.19\nprogram: Splashtop Streamer 3.5.0.2\nservice: SplashtopRemoteService (Splashtop? Remote Service) Running\nservice: SSUService (Splashtop Software Updater Service) Running"
},
{
"id": "sec.foreign_agents.acg.syncro_kabuto",
"category": "security",
"severity": "info",
"title": "Expected ACG management tooling present: Syncro / Kabuto",
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
"evidence": "program: Syncro 1.0.201.18410\nservice: Syncro (Syncro) Running"
},
{
"id": "sec.firewall.ok",
"category": "security",
"severity": "info",
"title": "All firewall profiles enabled",
"detail": "Domain, Private, and Public firewall profiles are all enabled.",
"evidence": "Private=True; Domain=True; Public=True"
},
{
"id": "sec.bitlocker.unavailable",
"category": "security",
"severity": "unknown",
"title": "BitLocker status unavailable",
"detail": "Get-BitLockerVolume failed for the OS volume. BitLocker may not be installed (Home edition) or the cmdlet is unavailable. Verify encryption manually (manage-bde -status).",
"evidence": "MountPoint=C:, Get-BitLockerVolume returned null"
},
{
"id": "sec.local_admins.list",
"category": "security",
"severity": "info",
"title": "Local administrators (5)",
"detail": "Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).",
"evidence": "Administrator\nGuru\nJacobs\nlocaladmin\npaul"
},
{
"id": "sec.patch.os_build_unknown",
"category": "security",
"severity": "unknown",
"title": "OS build not in EOL map: 9600",
"detail": "The build number is not in the local EOL reference map. Verify support status manually. This may be a Server SKU or a build newer than the map.",
"evidence": "Microsoft Windows Server 2012 R2 Essentials build 9600"
},
{
"id": "sec.patch.last_hotfix",
"category": "security",
"severity": "info",
"title": "Last hotfix: KB5031003",
"detail": "Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).",
"evidence": "KB5031003 installed 2023-10-12T07:00:00Z"
},
{
"id": "sec.exposure.rdp_on",
"category": "security",
"severity": "warning",
"title": "RDP is enabled",
"detail": "Remote Desktop is enabled (NLA required). Confirm it is restricted to VPN or specific source IPs and not exposed to the internet.",
"evidence": "fDenyTSConnections=0; UserAuthentication=1"
},
{
"id": "sec.exposure.smb1",
"category": "security",
"severity": "critical",
"title": "SMBv1 is ENABLED",
"detail": "SMBv1 is an obsolete, insecure protocol (WannaCry/EternalBlue vector). Disable it: Set-SmbServerConfiguration -EnableSMB1Protocol $false and remove the SMB1 feature.",
"evidence": "Get-SmbServerConfiguration EnableSMB1Protocol=True"
},
{
"id": "sec.exposure.no_laps",
"category": "security",
"severity": "info",
"title": "LAPS not detected",
"detail": "No LAPS (Windows LAPS or legacy AdmPwd) detected. Without LAPS, the local admin password is likely static/shared across the fleet. Consider deploying LAPS to randomize and escrow local admin passwords.",
"evidence": "No LAPS registry keys, CSE, or service found"
},
{
"id": "health.disk_space.E",
"category": "health",
"severity": "critical",
"title": "Disk critically low: E: at 4.1% free",
"detail": "Less than 8 percent free. Risk of failed updates, crashes, and corruption. Free space or expand the volume urgently.",
"evidence": "E: free 40.4 GB of 983.6 GB (4.1%)"
},
{
"id": "health.stability.clean",
"category": "health",
"severity": "info",
"title": "No stability events in the last 14 days",
"detail": "No unexpected shutdowns, BSODs, or disk errors logged.",
"evidence": "Unexpected shutdowns (id 41)=0; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0"
},
{
"id": "health.reboot_uptime.long_uptime",
"category": "health",
"severity": "warning",
"title": "Uptime is 36.5 days",
"detail": "Uptime exceeds 30 days. Long uptime usually means pending updates have not been applied (reboots deferred). Schedule maintenance.",
"evidence": "LastBootUpTime=2026-04-27 05:14:06Z"
},
{
"id": "health.failed_services.stopped",
"category": "health",
"severity": "warning",
"title": "4 auto-start service(s) not running",
"detail": "These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.",
"evidence": "VeeamBackupSvc (Veeam Backup Service) = Stopped\nVeeamCatalogSvc (Veeam Guest Catalog Service) = Stopped\nVeeamCloudSvc (Veeam Cloud Connect Service) = Stopped\nVeeamMountSvc (Veeam Mount Service) = Stopped"
},
{
"id": "health.domain.workgroup",
"category": "health",
"severity": "info",
"title": "Not domain-joined (workgroup)",
"detail": "This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.",
"evidence": "PartOfDomain=False; Domain=WORKGROUP"
},
{
"id": "health.time.source",
"category": "health",
"severity": "info",
"title": "Time service source",
"detail": "Current Windows Time service source.",
"evidence": "Source=The following error occurred: The service has not been started. (0x80070426)"
},
{
"id": "health.backup.present",
"category": "health",
"severity": "info",
"title": "Backup agent installed and running",
"detail": "A backup agent service is present and running. Confirm the backup is actually configured and reporting successful jobs (presence != working backup).",
"evidence": "Veeam: VeeamBackupSvc = Stopped\nVeeam: VeeamCatalogSvc = Stopped\nVeeam: VeeamCloudSvc = Stopped\nVeeam: VeeamDeploySvc = Running\nVeeam: VeeamHvIntegrationSvc = Running\nVeeam: VeeamMountSvc = Stopped\nVeeam: VeeamNFSSvc = Running\nVeeam: VeeamTransportSvc = Running"
}
]
}
Reference in New Issue View Git Blame Copy Permalink