azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eaae28c20175abbc144b2f033bd48e06ebd6f997
claudetools/clients/at-trebesch/workstations.md
Howard Enos 0a7f3368a6 sync: auto-sync from ACG-TECH03L at 2026-04-17 19:47:15 
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-17 19:47:15
2026-04-17 19:47:20 -07:00

82 lines
2.9 KiB
Markdown
Raw Blame History

# Workstations — AT Trebesch
Inventory built from on-machine audit runs. Last updated 2026-04-17.
## Summary
| PC Name | User/Role | OS | Edition | Domain | BitLocker | Last Audit |
|---|---|---|---|---|---|---|
| DESKTOP-QNP3ON5 | Owner | Win 11 25H2 | **Home** | WORKGROUP | None (decrypted) | 2026-04-17 |
## DESKTOP-QNP3ON5
**Hardware**
- Lenovo (model 91D00000US)
- Serial: MZ025MVK
- BIOS: M68KT23A
- CPU: AMD Ryzen 7 250 w/ Radeon 780M Graphics (8 cores / 16 threads)
- RAM: 15.3 GB
- Storage: 953 GB KIOXIA KBG6AZNV1T02 LA SSD (NVMe), 598 GB free, healthy
- Chassis: Desktop, no battery
**OS / Activation**
- Windows 11 Home 25H2 (build 26200), 64-bit
- Installed 2025-10-12
- License: Licensed (StatusCode 1), partial key 6F4JW
**Network**
- Ethernet: Realtek PCIe GbE — UP, 1 Gbps, 10.0.0.15
- Wi-Fi: Realtek RTL8852BE WiFi 6 — disconnected
- Bluetooth NIC enabled (unused — recommend disable)
- Saved Wi-Fi profiles: ComputerGuru, Scurda2
**Local accounts (enabled)**
| Name | Last Logon | PasswordRequired | Notes |
|---|---|---|---|
| Owner | 2026-04-15 | **False** | **PASSWORD NOT REQUIRED — fix immediately** |
| guru | 2025-10-18 | True | MSP backdoor, in Administrators |
| localadmin | (never logged) | True | Second MSP backdoor, in Administrators |
**Local Administrators:** Administrator (disabled), guru, localadmin, Owner
**Security posture (highlights)**
- BitLocker: Off, drive fully decrypted (Win Home limits BitLocker to "Device Encryption" only)
- Secure Boot: **DISABLED** (UEFI capable, TPM 2.0 ready — turn on)
- TPM: present + ready
- WinRE: enabled
- Firewall: enabled on all 3 profiles
- LSA Protection (RunAsPPL): enabled (good)
- WDigest cleartext: disabled (good)
- Cached logons: 10 (recommend lower to 4)
- NTLM LmCompatibilityLevel: blank (defaults to 3, recommend explicit 5)
- UAC: enabled (default settings)
- RDP: disabled
- USB storage: unrestricted
- AutoPlay: not disabled
**Antivirus posture**
- Bitdefender Endpoint Security Tools 8.26.4.628 — primary EDR, 4 services running
- Malwarebytes 5.5.4.252 — **CONFLICT, also real-time. Pick one.**
- Defender: Passive Mode (correct, deferring to Bitdefender), but Tamper Protection disabled
- Defender ASR rules: 1 configured, 0 in Block mode
**Apps of note**
- Office 365 Apps Pro Plus (Office 2024)
- Carbonite 6.6.0 (Dec 2025 build)
- Classic Shell 4.3.1 — abandoned project, replace with Open-Shell-Menu or remove
- ExplorerPatcher 26100.4946.69.6 — Win10-style shell mod
- Lenovo System Update 5.08.03.59
- AMD Software 26.3.1
- Canon MX490 series MP Drivers 1.02 (printer)
- Windows 11 Installation Assistant — leftover, can uninstall
**Performance**
- Memory at 85.1% used (2.3 GB free of 15.3 GB) — investigate top procs in audit JSON
- Uptime: 2.6 days (boot 2026-04-14)
- 263 processes running
**Updates**
- KB5083769, KB5082417, KB5088467 (4/14-4/15 cycle) installed
- 1 pending update
- 0 WU failures in last 30d
Reference in New Issue View Git Blame Copy Permalink