0% found this document useful (0 votes)

160 views204 pages

Windowsmachine

The document provides information about the Windows Server machine XCS-2K19-LIVE. It details the operating system, hardware, networking, security settings, software and applications installed. Compliance with benchmarks is also assessed.

Uploaded by

Deepak Chaudhari

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

160 views204 pages

Windowsmachine

Uploaded by

Deepak Chaudhari

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 204

Windows Machine Report

XCS-2K19-LIVE

Date 20/01/2021 10:41:02

Author DEMO2012R2\sysadmin

Version 1.21

Product XIA Configuration Server [13.0.0.0]

Table of Contents

Disclaimer

Windows Server Information

Client Information 8

Relationships 9

Relationship Map 10

Management Summary

Compliance Benchmarks

Windows Basic Compliance Benchmark [4.0.0.0] 13

Location

Hardware

BIOS Information 25

CD-ROM and DVD-ROM Drives 26

Disk Drives 27

[0] VMware, VMware Virtual S SCSI Disk Device 28

[1] VMware Virtual SATA Hard Drive 29

Disk Shelves 31

Disk Shelf 01 32

Volumes 33

\\?\Volume{91695457-0000-0000-0000-100000000000}\ 34

C: 35

E: (ReFS Volume) 37

Devices 38

Physical Memory 41

Printers 42

Microsoft XPS Document Writer 43

Microsoft Print to PDF 44

Processors 45

Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz 46

Tape Libraries 47
Tape Library 1 48

Video Controllers 49

Networking

Hosts File 51

Network Adapters 53

Ethernet0 54

IPv4 Routing Table 57

Remote Settings 58

SNMP Configuration 59

Shares 60

ADMIN$ 61

C$ 62

E$ 63

IPC$ 64

Windows Share 65

Security

Advanced Audit Policy 67

Audit Policy 70

Certificate Stores 71

Personal 72

WMSvc-SHA2-XCS-2K19-LIVE 73

Web Hosting 74

Local Account Policies 75

LAPS Settings 76

Local Users 77

Administrator 78

DefaultAccount 79

Guest 80

WDAGUtilityAccount 81

Local Groups 82

Microsoft Defender 86

Security Options 87

User Rights Assignment 95

Windows Firewall 99

Inbound Rules 101

Outbound Rules 105

Windows Patches 110

Windows Update Configuration 111

Windows Update History 112

Software

.NET Framework 114

Documented Files 115

Machine Config (.NET 4) 116

Event Logs 123

Application 124

HardwareEvents 128

Internet Explorer 129

Key Management Service 130

Parameters 131

Security 132

State 136

System 137

ThinPrint Diagnostics 139

Windows PowerShell 153

Environment Variables 159

Installed Software 162

Internet Settings 163

ODBC Configuration 164

ODBC Drivers 165

Data Sources 166

SQL Server Data Source 167

Operating System 168

PowerShell Settings 170

Registry 171

Internet Explorer Key 172

Internet Explorer Version 174

Server Roles and Features 175

Startup Commands 182

Task Scheduler Library 183

Windows Remote Management (WinRM) 189

Windows Services 191

Windows Time 200

Support Provisions

Network Support 202

Hardware Warranty 203

Version History
Disclaimer
This document is for authorised use by the intended recipient(s) only. It may contain proprietary material,
confidential information and, or be subject to legal privilege. It should not be copied, disclosed to,
retained or used by, any other party.

Microsoft, Windows and Active Directory are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.

Page 6 of 204 Contoso Foods

Windows Server Information
Provides general information for this item.

General Information

Name XCS-2K19-LIVE

Description Windows Server 2019 server running XIA Configuration.

Primary Owner Name Technical Services

Primary Owner Contact [email protected]

System Information

Item Path Contoso Technical Services > IT

Item ID 1109

Version ID 1.21

Check Out Status Available

ProLiant DL360 G4

Custom Item Details

This is a demonstration Windows server running XIA Configuration.

Page 7 of 204 Contoso Foods

Client Information
Provides information about the client that was used to generate the information and the data used by
the client to uniquely identify this item.

Item Identifiers

Primary Identifier XCS-2K19-LIVE

Secondary Identifier VMware-56 4d f7 00 6d e9 dd d0-3f 3d 21 1a ff eb ee db

Tertiary Identifier

Environment Identifier

Client Information

Client Machine Name XCS-2K19-LIVE

Client Identifier 1167d6f3-3b76-4261-a236-72de1fc24be8

Client IP Address 192.168.131.201

Client Scan Date 18 January 2021 01:23 (2 days ago)

Client Service Username TEST2019\sysadmin

Client Version 13.0.0.0

Scan Profile

Target XCS-2K19-LIVE

Profile Name Windows

Profile Identifier 06edcfd8-147b-46bd-a25d-b3da7a2a0438

Page 8 of 204 Contoso Foods

Relationships
Provides a summary of the relationships between this item and other items in the environment.

8 Relationships

Item ID Direction Name Type Relationship Type

1043 Outbound IT Container Contained Within

1009 Outbound Hardware Warranty Support Provision Is Maintained By

1008 Outbound Network Support Support Provision Is Supported By

1006 Outbound Rack 1A Rack Located Within

1111 Outbound XCS-2K19-LIVE\SQLEXPRESS SQL Instance Hosts SQL Instance

1110 Outbound XCS-2K19-LIVE Microsoft IIS Server Hosts IIS Server

1097 Outbound Tape Library 1 Tape Library Connected Tape Library

1007 Outbound Disk Shelf 01 Disk Shelf Connected Disk Shelf

Page 9 of 204 Contoso Foods

Relationship Map

Page 10 of 204 Contoso Foods

Management Summary
Provides a management summary for this machine

Operating System

Operating System Name Microsoft Windows Server 2019 Datacenter

Service Pack [None Installed]

Naming and Role

Domain test2019.net

Domain Role Member Server

NetBIOS Name XCS-2K19-LIVE

Fully Qualified Domain Name xcs-2k19-live.test2019.net

Hardware Information

Serial Number VMware-56 4d f7 00 6d e9 dd d0-3f 3d 21 1a ff eb ee db

Manufacturer HP

Model ProLiant DL360 G4

Asset Tag AT-426232

Product Number 24-10526-60442

Networking

IPv4 Addresses 192.168.131.201/24

IPv6 Addresses fe80::5846:858b:d8dc:93fb%5/0.0.0.64

Remote Desktop Settings

Allow Connections True

Remote Desktop Users TEST2019\sysuser

Server Functions

Name Enabled Active Instance Identifier

IIS Web Server True True

SQL Instance True True SQLEXPRESS

Page 11 of 204 Contoso Foods

Compliance Benchmarks
Compliance benchmarks provide the ability to compare the documented configuration of an item
against a known security or compliance baseline.

Name Version Passed Failed Other

Windows Basic Compliance Benchmark 4.0.0.0 136 92 0

Page 12 of 204 Contoso Foods

Windows Basic Compliance Benchmark [4.0.0.0]
This benchmark provides a basic security overview of a Windows machine.

Reference Title Configured Value

Section 1: Password Policy

1.01 Set "Enforce password history" to remember at least 24 passwords 24

1.02 Set "Maximum password age" to 60 days or less 42 days

1.03 Set "Minimum password age" to at least 1 day(s) 1 days

1.04 Set "Minimum password length" to 14 or more characters 7

1.05 Set "Password must meet complexity requirements" to "Enabled" Enabled

1.06 Set "Store passwords using reversible encryption" to "Disabled" Disabled

Section 2: Account Lockout Policy

2.01 Set the "Account lockout duration" to 30 minutes or longer Not Applicable

2.02 Set the "Account lockout threshold" to greater than 4 and less than 10 0

2.03 Set the "Reset account lockout after" value to between 15 minutes and 30 minutes 30

Section 3: Windows Firewall

3.01 Enable the Windows Firewall domain profile True

3.02 Set the Windows Firewall default inbound action of the domain profile to "Block" Block

3.03 Enable the Windows Firewall public profile True

3.04 Set the Windows Firewall default inbound action of the public profile to "Block" Block

3.05 Enable the Windows Firewall private profile True

3.06 Set the Windows Firewall default inbound action of the private profile to "Block" Block

Section 4: Local Accounts

4.01 Rename the local Administrator account to a less easily identifiable account name Administrator
(does not apply to domain controllers)

4.02 Set the local Administrator account to "Disabled" (does not apply to domain
controllers)

4.03 Rename the local Guest account to a less easily identifiable account name (does not
apply to domain controllers)

4.04 Set the local Guest account to "Disabled" (does not apply to domain controllers) True

Section 5: Server Functions

Page 13 of 204 Contoso Foods

5.01 Limit the number of server functions to one per server IIS Web Server
SQL Instance [SQLEXPRESS]

Section 6: Security Options

6.01 Set the "Accounts: Limit local account use of blank passwords to console logon only" Enabled
security option to "Enabled"

6.02 Set the "Devices: Allowed to format and eject removable media" security option to Not Defined
"Administrators"

6.03 Set the "Devices: Prevent users from installing printer drivers" security option to Enabled
"Enabled"

6.04 Set the "Domain controller: LDAP server signing requirements" security option to
"Require signing"

6.05 Set the "Domain member: Require strong (Windows 2000 or later) session key" Enabled
security option to "Enabled"

6.06 Set the "Interactive logon: Don't display last signed-in" security option to "Enabled" Disabled

6.07 Set the "Interactive logon: Do not require CTRL+ALT+DEL" security option to Disabled
"Disabled"

6.08 Set the "Interactive logon: Message text for users attempting to log on" security
option to an appropriate value

6.09 Set the "Interactive logon: Message title for users attempting to log on" security
option to an appropriate value

6.10 Set the "Interactive logon: Number of previous logons to cache (in case domain 10 logons
controller is not available)" security option to "0" for servers and "0" for workstations

6.11 Set the "Network access: Do not allow anonymous enumeration of SAM accounts" Enabled
security option to "Enabled"

6.12 Set the "Network access: Do not allow anonymous enumeration of SAM accounts Disabled
and shares" security option to "Enabled"

6.13 Set the "Network access: Let Everyone permissions apply to anonymous users" Disabled
security option to "Disabled"

6.14 Set the "Credential User Interface: Do not display the password reveal button" Not Defined
security option to "Enabled"

6.15 Set the "Network security: Force logoff when logon hours expire" security option to Disabled
"Enabled"

6.16 Set the "Network security: LAN Manager authentication level" security option to Not Defined
"Send NTLMv2 response only. Refuse LM & NTLM"

6.17 Set the "Network security: LDAP client signing requirements" security option to Negotiate Signing
"Require Signing"

6.18 Set the "Recovery console: Allow automatic administrative logon" security option to Disabled
"Disabled"

6.19 Set the "Recovery Console: Allow floppy copy and access to drives and folders" Disabled
security option to "Disabled"

6.20 Set the "Shutdown: Clear virtual memory pagefile" security option to "Enabled" Disabled

6.21 Set the "Domain controller: Allow server operators to schedule tasks" security option
to "Disabled" (only applies to domain controllers)

6.22 Set the "Domain controller: Refuse machine account password changes" security
option to "Disabled" (only applies to domain controllers)

6.23 Set the "Domain member: Digitally encrypt secure channel data (when possible)" Enabled
security option to "Enabled"

6.24 Set the "Domain member: Digitally sign secure channel data (when possible)" Enabled
security option to "Enabled"

6.25 Set the "Domain member: Digitally encrypt or sign secure channel data (always)" Enabled
security option to "Enabled"

6.26 Set the "Domain member: Disable machine account password changes" security Enabled
option to "Disabled"

Page 14 of 204 Contoso Foods

6.27 Set the "Domain member: Maximum machine account password age" security option 30 days
to 30 days

6.28 Set the "Interactive logon: Machine inactivity limit" security option to 900 seconds or Not Defined
less

6.29 Set the "Interactive logon: Prompt user to change password before expiration" 5 days
security option to a value between 5 and 10 days

6.30 Set the "Interactive logon: Require Domain Controller authentication to unlock Disabled
workstation" security option to "Enabled" on domain members

6.31 Set the "Interactive logon: Smart card removal behavior" security option to "Lock No Action
Workstation" or greater

6.32 Set the "Microsoft network client: Digitally sign communications (always)" security Disabled
option to "Enabled"

6.33 Set the "Microsoft network client: Digitally sign communications (if server agrees)" Enabled
security option to "Enabled"

6.34 Set the "Microsoft network client: Send unencrypted password to connect to Disabled
third-party SMB servers" security option to "Disabled"

6.35 Set the "Microsoft network server: Amount of idle time required before suspending 15 minutes
session" security option to "15 minutes"

6.36 Set the "Microsoft network server: Digitally sign communications (always)" security Disabled
option to "Enabled"

6.37 Set the "Microsoft network server: Digitally sign communications (if client agrees)" Disabled
security option to "Enabled"

6.38 Set the "Microsoft network server: Disconnect clients when logon hours expire" Enabled
security option to "Enabled"

6.39 Set the "Microsoft network server: Server SPN target name validation level" security Not Defined
option to "Accept if provided by client" or "Required from client"

6.40 Set the "Network access: Do not allow storage of passwords and credentials for Disabled
network authentication" security option to "Enabled"

6.41 Set the "Network access: Named Pipes that can be accessed anonymously" security
option to only contain
[Empty]

6.42 Set the "Network access: Restrict anonymous access to Named Pipes and Shares" Enabled
security option to "Enabled"

6.43 Set the "Network access: Shares that can be accessed anonymously" security option Not Defined
to an empty value

6.44 Set the "Network access: Sharing and security model for local accounts" security Classic - local users authenticate
option to "Classic - Local users authenticate as themselves" as themselves

6.45 Set the "Network security: Allow Local System to use computer identity for NTLM" Not Defined
security option to "Enabled"

6.46 Set the "Network security: Allow LocalSystem NULL session fallback" security option Not Defined
to "Disabled"

6.47 Set the "Network security: Allow PKU2U authentication requests to this computer to Not Defined
use online identities" security option to "Disabled" for domain members

6.48 Set the "Network security: Do not store LAN Manager hash value on next password Enabled
change" security option to "Enabled"

6.49 Set the "Network security: Minimum session security for NTLM SSP based (including Require 128-bit encryption
secure RPC) clients" security option to "Require NTLMv2 session security, Require
128-bit encryption"

6.50 Set the "Network security: Minimum session security for NTLM SSP based (including Require 128-bit encryption
secure RPC) servers" security option to "Require NTLMv2 session security, Require
128-bit encryption"

6.51 Set the "Shutdown: Allow system to be shut down without having to log on" security Disabled
option to "Disabled" (only applies to server operating systems)

6.52 Set the "System objects: Require case insensitivity for non-Windows subsystems" Enabled
security option to "Enabled"

Page 15 of 204 Contoso Foods

6.53 Set the "System objects: Strengthen default permissions of internal system objects Enabled
(e.g. Symbolic Links)" security option to "Enabled"

6.54 Set the "User Account Control: Admin Approval Mode for the Built-in Administrator Not Defined
account" security option to "Enabled"

6.55 Set the "User Account Control: Allow UIAccess applications to prompt for elevation Disabled
without using the secure desktop" security option to "Disabled"

6.56 Set the "User Account Control: Behavior of the elevation prompt for administrators in Prompt for consent for
Admin Approval Mode" security option to "Prompt for consent on the secure desktop" non-Windows binaries

6.57 Set the "User Account Control: Behavior of the elevation prompt for standard users" Prompt for credentials
security option to "Automatically deny elevation requests"

6.58 Set the "User Account Control: Detect application installations and prompt for Enabled
elevation" security option to "Enabled"

6.59 Set the "User Account Control: Only elevate UIAccess applications that are installed Enabled
in secure locations" security option to "Enabled"

6.60 Set the "User Account Control: Run all administrators in Admin Approval Mode" Enabled
security option to "Enabled"

6.61 Set the "User Account Control: Switch to the secure desktop when prompting for Enabled
elevation" security option to "Enabled"

6.62 Set the "User Account Control: Virtualize file and registry write failures to per-user Enabled
locations" security option to "Enabled"

6.63 Set the "Accounts: Block Microsoft accounts" security option to "Users can’t add or Not Defined
log on with Microsoft accounts"

6.64 Set the "Audit: Shut down system immediately if unable to log security audits" Disabled
security option to "Disabled"

6.65 Set the "Domain controller: Allow server operators to schedule tasks" security option
to "Disabled" (domain controllers only)

6.66 Set the "Interactive logon: Don't display last signed-in" security option to "Enabled" Disabled

6.67 Set the "File Explorer: Turn off Data Execution Prevention for Explorer" security Not Defined
option to "Disabled"

6.68 Set the "Interactive logon: Machine account lockout threshold" security option to a Not Defined
value between 6 and 10.

6.69 Set the "Network access: Remotely accessible registry paths" security option to System\CurrentControlSet\Control\
include only ProductOptions
Software\Microsoft\Windows NT\CurrentVersion System\CurrentControlSet\Control\
System\CurrentControlSet\Control\ProductOptions Server Applications
System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows
NT\CurrentVersion

6.70 Set the "Network access: Remotely accessible registry paths and subpaths" security System\CurrentControlSet\Control\
option to include only Print\Printers
Software\Microsoft\OLAP Server System\CurrentControlSet\Service
Software\Microsoft\Windows NT\CurrentVersion\Perflib s\Eventlog
Software\Microsoft\Windows NT\CurrentVersion\Print Software\Microsoft\OLAP Server
Software\Microsoft\Windows NT\CurrentVersion\Windows Software\Microsoft\Windows
System\CurrentControlSet\Control\ContentIndex NT\CurrentVersion\Print
System\CurrentControlSet\Control\Print\Printers Software\Microsoft\Windows
System\CurrentControlSet\Control\Terminal Server NT\CurrentVersion\Windows
System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration System\CurrentControlSet\Control\
System\CurrentControlSet\Control\Terminal Server\UserConfig ContentIndex
System\CurrentControlSet\Services\Eventlog System\CurrentControlSet\Control\
System\CurrentControlSet\Services\SysmonLog Terminal Server
System\CurrentControlSet\Control\
Terminal Server\UserConfig
System\CurrentControlSet\Control\
Terminal
Server\DefaultUserConfiguration
Software\Microsoft\Windows
NT\CurrentVersion\Perflib
System\CurrentControlSet\Service
s\SysmonLog

6.71 Set the "System cryptography: Force strong key protection for user keys stored on Not Defined
the computer" security option to "User is prompted when the key is first used" or
higher

Page 16 of 204 Contoso Foods

6.72 Set the "System settings: Optional subsystems" security option to include only
[Empty]

6.73 Set the "System settings: Use certificate rules on Windows executables for Software Disabled
Restriction Policies" security option to "Enabled"

6.74 Set the "Credential User Interface: Enumerate administrator accounts on elevation" Not Defined
security option to "Disabled"

6.75 Set the "AutoPlay Policies: Disallow Autoplay for non-volume devices" security option Not Defined
to "Enabled"

6.76 Set the "AutoPlay Policies: Set the default behavior for AutoRun" security option to Not Defined
"Do not execute any autorun commands"

6.77 Set the "AutoPlay Policies: Turn off Autoplay" security option to "All drives" Not Defined

6.78 Set the "Remote Procedure Call: Enable RPC Endpoint Mapper Client Not Defined
Authentication" security option to "Enabled" (does not apply to domain controllers)

6.79 Set the "Remote Procedure Call: Restrict Unauthenticated RPC clients" security Not Defined
option to "Authenticated" (does not apply to domain controllers)

Section 7: Audit Settings

7.01 Set "Audit: Audit the access of global system objects" to "Disabled" Disabled

7.02 Set "Audit: Audit the use of Backup and Restore privilege" to "Disabled" Disabled

7.03 Set "Audit: Force audit policy subcategory settings (Windows Vista or later) to Not Defined
override audit policy category settings" to "Enabled"

7.04 Set the "Audit Credential Validation" advanced audit policy to "Success and Failure" Success

7.05 Set the "Audit Kerberos Authentication Service" advanced audit policy to "Success Success
and Failure"

7.06 Set the "Audit Kerberos Service Ticket Operations" advanced audit policy to Success
"Success and Failure"

7.07 Set the "Audit Other Account Logon Events" advanced audit policy to "Success and
Failure"

7.08 Set the "Audit Application Group Management" advanced audit policy to "None"

7.09 Set the "Audit Computer Account Management" advanced audit policy to "Success Success
and Failure"

7.10 Set the "Audit Distribution Group Management" advanced audit policy to "None"

7.11 Set the "Audit Other Account Management Events" advanced audit policy to
"Success and Failure"

7.12 Set the "Audit Security Group Management" advanced audit policy to "Success and Success
Failure"

7.13 Set the "Audit User Account Management" advanced audit policy to "Success and Success
Failure"

7.14 Set the "Audit DPAPI Activity" advanced audit policy to "Success and Failure"

7.15 Set the "Audit PNP Activity" advanced audit policy to "Any"

7.16 Set the "Audit Process Creation" advanced audit policy to "Success and Failure"

7.17 Set the "Audit Process Termination" advanced audit policy to "None"

7.18 Set the "Audit RPC Events" advanced audit policy to "None"

7.19 Set the "Audit Detailed Directory Service Replication" advanced audit policy to
"None"

7.20 Set the "Audit Directory Service Access" advanced audit policy to "None"

7.21 Set the "Audit Directory Service Changes" advanced audit policy to "None"

7.22 Set the "Audit Directory Service Replication" advanced audit policy to "None"

7.23 Set the "Audit Account Lockout" advanced audit policy to "Success" Success

Page 17 of 204 Contoso Foods

7.24 Set the "Audit Group Membership" advanced audit policy to "Success"

7.25 Set the "Audit IPsec Extended Mode" advanced audit policy to "None"

7.26 Set the "Audit IPsec Main Mode" advanced audit policy to "None"

7.27 Set the "Audit IPsec Quick Mode" advanced audit policy to "None"

7.28 Set the "Audit Logoff" advanced audit policy to "Success" Success

7.29 Set the "Audit Logon" advanced audit policy to "Success and Failure" Success and Failure

7.30 Set the "Audit Network Policy Server" advanced audit policy to "None" Success and Failure

7.31 Set the "Audit Other Logon/Logoff Events" advanced audit policy to "None"

7.32 Set the "Audit Special Logon" advanced audit policy to "Success and Failure" Success

7.33 Set the "Audit User/Device Claims" advanced audit policy to "None"

7.34 Set the "Audit Application Generated" advanced audit policy to "None"

7.35 Set the "Audit Central Access Policy Staging" advanced audit policy to "None"

7.36 Set the "Audit Certification Services" advanced audit policy to "None"

7.37 Set the "Audit Detailed File Share" advanced audit policy to "None"

7.38 Set the "Audit File Share" advanced audit policy to "None"

7.39 Set the "Audit File System" advanced audit policy to "None"

7.40 Set the "Audit Filtering Platform Connection" advanced audit policy to "None"

7.41 Set the "Audit Filtering Platform Packet Drop" advanced audit policy to "None"

7.42 Set the "Audit Handle Manipulation" advanced audit policy to "None"

7.43 Set the "Audit Kernel Object" advanced audit policy to "None"

7.44 Set the "Audit Other Object Access Events" advanced audit policy to "None"

7.45 Set the "Audit Registry" advanced audit policy to "None"

7.46 Set the "Audit Removable Storage" advanced audit policy to "None"

7.47 Set the "Audit SAM" advanced audit policy to "None"

7.48 Set the "Audit Audit Policy Change" advanced audit policy to "Success and Failure" Success

7.49 Set the "Audit Authentication Policy Change" advanced audit policy to "Success and Success
Failure"

7.50 Set the "Audit Authorization Policy Change" advanced audit policy to "None"

7.51 Set the "Audit Filtering Platform Policy Change" advanced audit policy to "None"

7.52 Set the "Audit MPSSVC Rule-Level Policy Change" advanced audit policy to
"Success"

7.53 Set the "Audit Other Policy Change Events" advanced audit policy to "None"

7.54 Set the "Audit Non Sensitive Privilege Use" advanced audit policy to "None"

7.55 Set the "Audit Other Privilege Use Events" advanced audit policy to "None"

7.56 Set the "Audit Sensitive Privilege Use" advanced audit policy to "None"

7.57 Set the "Audit IPsec Driver" advanced audit policy to "Success and Failure"

7.58 Set the "Audit Other System Events" advanced audit policy to "None" Success and Failure

7.59 Set the "Audit Security State Change" advanced audit policy to "Success and Failure" Success

7.60 Set the "Audit Security System Extension" advanced audit policy to "Success and
Failure"

7.61 Set the "Audit System Integrity" advanced audit policy to "Success and Failure" Success and Failure

Page 18 of 204 Contoso Foods

Section 8: Windows Update

8.01 Set the "Sign-in last interactive user automatically after a system-initiated restart" Disabled
security setting to "Disabled" on Windows Server 2012 R2 and above

8.02 Enable Windows Update to receive updates Never check for updates (not
recommended)

8.03 Configure Windows Update to use Windows Server Update Services (WSUS)

Section 9: Windows Time

9.01 Enable the Windows Time client on all machines True

9.02 Set the NTP client type to "Domain Hierarchy (NT5DS)" for workstations and member Domain Hierarchy (NT5DS)
servers, and "NTP" for PDC emulators and machines on workgroups"

9.03 Enable the NTP server for domain controllers, and disable for member servers and False
workstations

Section 10: SNMP

10.01 If SNMP is enabled, ensure that no "public" or "private" SNMP community strings are public
configured

10.02 If SNMP is enabled, ensure that no writable SNMP community strings are configured public [Read Only]

Section 11: Deprecated Components and Protocols

11.01 Ensure that Server Message Block (SMB) version 1 is disabled for the server service Server Feature Disabled

Section 12: Windows Event Log

12.01 Set the maximum size of the Application event log to 40,960 KB or greater 20,480 KB

12.02 Set the maximum size of the Security event log to 81,920 KB or greater 20,480 KB

12.03 Set the maximum size of the System event log to 20,480 KB or greater 20,480 KB

12.04 Set the retention policy of the Application event log to 'Overwrite events as needed Do not overwrite events (Clear logs
(oldest events first)' manually)

12.05 Set the retention policy of the Security event log to 'Overwrite events as needed Overwrite events as needed (oldest
(oldest events first)' events first)

12.06 Set the retention policy of the System event log to 'Overwrite events as needed Archive the log when full, do not
(oldest events first)' overwrite events

Section 13: User Rights Assignment

13.01 Set the "Access Credential Manager as a trusted caller" user right to [Empty]

13.02 Set the "Access this computer from the network" user right to include only BUILTIN\Administrators
BUILTIN\Administrators BUILTIN\Backup Operators
NT AUTHORITY\Authenticated Users BUILTIN\Users
Everyone

13.03 Set the "Act as part of the operating system" user right to [Empty]

13.04 Set the "Add workstations to domain" user right to [Empty]

13.05 Set the "Adjust memory quotas for a process" user right to include only BUILTIN\Administrators
BUILTIN\Administrators IIS APPPOOL\.NET v4.5
IIS APPPOOL\% IIS APPPOOL\.NET v4.5 Classic
NT AUTHORITY\LOCAL SERVICE IIS APPPOOL\DefaultAppPool
NT AUTHORITY\NETWORK SERVICE NT AUTHORITY\LOCAL SERVICE
NT SERVICE\MSSQL% NT AUTHORITY\NETWORK
NT SERVICE\SQLAgent% SERVICE
NT SERVICE\SQLSERVERAGENT NT
SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXP
RESS

13.06 Set the "Allow log on locally" user right to include only BUILTIN\Administrators
BUILTIN\Administrators BUILTIN\Backup Operators
BUILTIN\Backup Operators BUILTIN\Users
BUILTIN\Users

13.07 Set the "Allow log on through Remote Desktop Services" user right to include only BUILTIN\Administrators

Page 19 of 204 Contoso Foods

BUILTIN\Administrators BUILTIN\Remote Desktop Users
BUILTIN\Remote Desktop Users

13.08 Set the "Back up files and directories" user right to include only BUILTIN\Administrators
BUILTIN\Administrators BUILTIN\Backup Operators
BUILTIN\Backup Operators

13.09 Set the "Bypass traverse checking" user right to [Any Value] BUILTIN\Administrators
BUILTIN\Backup Operators
BUILTIN\Users
Everyone
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK
SERVICE
NT
SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXP
RESS

13.10 Set the "Change the system time" user right to include only BUILTIN\Administrators
BUILTIN\Administrators NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\LOCAL SERVICE

13.11 Set the "Change the time zone" user right to [Any Value] BUILTIN\Administrators
NT AUTHORITY\LOCAL SERVICE

13.12 Set the "Create a pagefile" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

13.13 Set the "Create a token object" user right to [Empty]

13.14 Set the "Create global objects" user right to include only BUILTIN\Administrators
BUILTIN\Administrators NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK
NT AUTHORITY\NETWORK SERVICE SERVICE
NT AUTHORITY\SERVICE NT AUTHORITY\SERVICE

13.15 Set the "Create permanent shared objects" user right to [Empty]

13.16 Set the "Create symbolic links" user right to include only BUILTIN\Administrators
BUILTIN\Administrators
NT VIRTUAL MACHINE\Virtual Machines

13.17 Set the "Debug programs" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

13.18 Set the "Deny access to this computer from the network" user right to must include
BUILTIN\Guests

13.19 Set the "Deny log on as a batch job" user right to must include
BUILTIN\Guests

13.20 Set the "Deny log on as a service" user right to must include
BUILTIN\Guests

13.21 Set the "Deny log on locally" user right to must include
BUILTIN\Guests

13.22 Set the "Deny log on through Remote Desktop Services" user right to must include
BUILTIN\Guests

13.23 Set the "Enable computer and user accounts to be trusted for delegation" user right
to [Empty]

13.24 Set the "Force shutdown from a remote system" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

13.25 Set the "Generate security audits" user right to include only IIS APPPOOL\.NET v4.5
IIS APPPOOL\% IIS APPPOOL\.NET v4.5 Classic
NT AUTHORITY\LOCAL SERVICE IIS APPPOOL\DefaultAppPool
NT AUTHORITY\NETWORK SERVICE NT AUTHORITY\LOCAL SERVICE
NT SERVICE\adfssrv NT AUTHORITY\NETWORK
NT SERVICE\drs SERVICE

13.26 Set the "Impersonate a client after authentication" user right to include only BUILTIN\Administrators
BUILTIN\Administrators BUILTIN\IIS_IUSRS
BUILTIN\IIS_IUSRS NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\LOCAL SERVICE NT AUTHORITY\NETWORK
NT AUTHORITY\NETWORK SERVICE SERVICE
NT AUTHORITY\SERVICE NT AUTHORITY\SERVICE

Page 20 of 204 Contoso Foods

13.27 Set the "Increase a process working set" user right to include only BUILTIN\Users
BUILTIN\Device Owners
BUILTIN\Users
Window Manager\Window Manager Group

13.28 Set the "Increase scheduling priority" user right to include only BUILTIN\Administrators
BUILTIN\Administrators Window Manager\Window
Window Manager\Window Manager Group Manager Group

13.29 Set the "Load and unload device drivers" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

13.30 Set the "Lock pages in memory" user right to [Empty]

13.31 Set the "Log on as a batch job" user right to include only BUILTIN\Administrators
BUILTIN\Administrators BUILTIN\Backup Operators
BUILTIN\Backup Operators BUILTIN\IIS_IUSRS
BUILTIN\IIS_IUSRS BUILTIN\Performance Log Users
BUILTIN\Performance Log Users

13.32 Set the "Log on as a service" user right to include only IIS APPPOOL\.NET v4.5
IIS APPPOOL\% IIS APPPOOL\.NET v4.5 Classic
NT AUTHORITY\NETWORK SERVICE IIS APPPOOL\DefaultAppPool
NT SERVICE\% NT AUTHORITY\NETWORK
SERVICE
NT SERVICE\ALL SERVICES
NT
SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXP
RESS
NT SERVICE\SQLTELEMETRY$S
QLEXPRESS
S-1-5-21-130050434-2330574090-
1807454070-1001
TEST2019\sysadmin
XCS-2K19-LIVE\SQLServer2005S
QLBrowserUser$XCS-2K19-LIVE

13.33 Set the "Manage auditing and security log" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

13.34 Set the "Modify an object label" user right to [Empty]

13.35 Set the "Modify firmware environment values" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

13.36 Set the "Obtain an impersonation token for another user in the same session" user BUILTIN\Administrators
right to include only
BUILTIN\Administrators

13.37 Set the "Perform volume maintenance tasks" user right to include only BUILTIN\Administrators
BUILTIN\Administrators NT
SERVICE\MSSQL$SQLEXPRESS

13.38 Set the "Profile single process" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

13.39 Set the "Profile system performance" user right to include only BUILTIN\Administrators
BUILTIN\Administrators NT SERVICE\WdiServiceHost
NT SERVICE\WdiServiceHost

13.40 Set the "Remove computer from docking station" user right to [Any Value] BUILTIN\Administrators

13.41 Set the "Replace a process level token" user right to include only IIS APPPOOL\.NET v4.5
IIS APPPOOL\% IIS APPPOOL\.NET v4.5 Classic
NT AUTHORITY\LOCAL SERVICE IIS APPPOOL\DefaultAppPool
NT AUTHORITY\NETWORK SERVICE NT AUTHORITY\LOCAL SERVICE
NT SERVICE\% NT AUTHORITY\NETWORK
SERVICE
NT
SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXP
RESS

13.42 Set the "Restore files and directories" user right to include only BUILTIN\Administrators
BUILTIN\Administrators BUILTIN\Backup Operators

13.43 Set the "Shut down the system" user right to include only BUILTIN\Administrators
BUILTIN\Administrators BUILTIN\Backup Operators

13.44 Set the "Synchronize directory service data" user right to [Empty]

Page 21 of 204 Contoso Foods

13.45 Set the "Take ownership of files or other objects" user right to include only BUILTIN\Administrators
BUILTIN\Administrators

Section 14: Windows Remote Management (WinRM)

14.01 Set "Allow Basic Authentication" to "False" for the WinRM Client True

14.02 Set "Allow Digest Authentication" to "False" for the WinRM Client True

14.03 Set "Allow Unencrypted Traffic" to "False" for the WinRM Client False

14.04 Set "Allow Basic Authentication" to "False" for the WinRM Service False

14.05 Set "Allow Unencrypted Traffic" to "False" for the WinRM Service False

14.06 Set "Disallow Storing RunAs Credentials" to "True" for the WinRM Service False

14.07 Set "Allow Remote Shell Access" to "True" for the Windows Remote Shell True

Section 15: Remote Desktop Settings

15.01 Set "Connection Mode" to "Don't allow remote connections" or "Only allow Only allow connections with
connections with network level authentication (more secure)" network level authentication (more
secure)

15.02 Set "Disable Saving Passwords" to "True" False

15.03 Set "Disable COM Port Redirection" to "True" False

15.04 Set "Disable Drive Redirection" to "True" False

15.05 Set "Disable LPT Port Redirection" to "True" False

15.06 Set "Disable Plug and Play Device" to "True" False

15.07 Set "Always Prompt For Password" to "True" False

15.08 Set "Security Layer" to "SSL" SSL

15.09 Set "Minimum Encryption Level" to "High" Client Compatible

15.10 Set "Single Session Restriction" to "True" True

15.11 Set "Use Temporary Folders Per Session" to "True" True

15.12 Set "Delete Temporary Folders On Exit" to "True" True

Page 22 of 204 Contoso Foods

Location
Provides details of the physical location of this Windows machine.

Contoso Technical Services DC01

Street Park Road

City Oxford

State, Province, or County Oxfordshire

ZIP or Postal Code OX14 7AZ

Country United Kingdom

Room

Name Server Room 1

Rack

Name Rack 1A

Page 23 of 204 Contoso Foods

Hardware
This section provides a summary of the physical or virtual hardware present in the Windows machine.

Hardware Information

Serial Number VMware-56 4d f7 00 6d e9 dd d0-3f 3d 21 1a ff eb ee db

Manufacturer HP

Model ProLiant DL360 G4

Asset Tag AT-426232

Product Number 24-10526-60442

ProLiant DL360 G4

Virtualization

Is Virtual Machine True

Enclosure Details

Chassis Type Other

Enclosure Serial Number None

Enclosure Manufacturer No Enclosure

Enclosure Model

System Information

Motherboard Manufacturer Intel Corporation

Motherboard 440BX Desktop Reference Platform

Processors Configuration 1 Processors

Total Physical Memory 3,583MB

UUID 00F74D56-E96D-D0DD-3F3D-211AFFEBEEDB

Page 24 of 204 Contoso Foods

BIOS Information
Provides information about the basic input/output system of the Windows machine.

PhoenixBIOS 4.0 Release 6.0

Manufacturer Phoenix Technologies LTD

Release Date 29/07/2019 01:00:00

SMBIOS BIOS Version 6.00

Version INTEL - 6040000

Current Language

Firmware Type Legacy BIOS

System BIOS Version 4.6.0.0

Page 25 of 204 Contoso Foods

CD-ROM and DVD-ROM Drives
Provides details of the CD-ROM and DVD-ROM drives installed in the machine.

1 CD-ROM and DVD-ROM Drives

Drive Name Media Manufacturer Capabilities

ID Type

D: NECVMWar VMware SATA DVD-ROM (Standard CD-ROM drives) Random Access

CD01 Supports Removable Media

Page 26 of 204 Contoso Foods

Disk Drives
Provides information about the hard drives found in the Windows machine.

2 Disk Drives

Display Name Interface Serial Number Partition Style Size

[0] VMware, VMware Virtual S SCSI Disk Device Serial Attached SCSI (SAS) Master Boot Record (MBR) 60.00GB

[1] VMware Virtual SATA Hard Drive Serial ATA (SATA) 00000000000000000001 GUID Partition Table (GPT) 60.00GB

Page 27 of 204 Contoso Foods

[0] VMware, VMware Virtual S SCSI Disk Device
Provides information about the hard drives found in the Windows machine.

General

Manufacturer VMware,

Model VMware, VMware Virtual S SCSI Disk Device

Firmware Revision 1.0

Bus Type Serial Attached SCSI (SAS)

Serial Number

Size 60.00GB

Location SCSI0

Capabilities Random Access

Supports Writing

Partition Style Master Boot Record (MBR)

Bytes Per Sector 512

Sectors Per Track 63

Status

Operational Status OK

Storage Pools

Storage Pool Names Primordial

2 Partitions

Identifier Active Type Size

Disk #0, Partition #0 True Basic (MBR) 549.00MB

Disk #0, Partition #1 False Basic (MBR) 59.46GB

Active False

DeviceId Disk #0, Partition #1

Partition Type Basic (MBR)

File System NTFS

Volume Name

Volume Serial Number 3A912462

Size 59.46GB

Page 28 of 204 Contoso Foods

[1] VMware Virtual SATA Hard Drive
Provides information about the hard drives found in the Windows machine.

General

Model VMware Virtual SATA Hard Drive

Firmware Revision 00000001

Bus Type Serial ATA (SATA)

Serial Number 00000000000000000001

Size 60.00GB

Location sata0

GUID {4776686d-29d4-46b0-a99f-08da31add65a}

Capabilities Random Access

Supports Writing
SMART Notification

Partition Style GUID Partition Table (GPT)

Bytes Per Sector 512

Signature

Sectors Per Track 63

Status

Operational Status OK

Storage Pools

Storage Pool Names Primordial

Unallocated Space

Unallocated Space 14.00MB

1 Partitions

Identifier Active Type Size

Disk #1, Partition #0 False Basic (GPT) 59.98GB

Active False

DeviceId Disk #1, Partition #0

Partition Type Basic (GPT)

File System ReFS

Volume Name ReFS Volume

Volume Serial Number AABEE7A4

Size 59.94GB

Page 29 of 204 Contoso Foods

Page 30 of 204 Contoso Foods
Disk Shelves
Provides information about the disk shelves connected to this machine.

1 Connected Disk Shelves

Name Manufacturer Model Product Number

Disk Shelf 01 Contoso Racks DS04 PN005

Page 31 of 204 Contoso Foods

Disk Shelf 01
Disk Shelf 01

Item ID 1007

Description This is Disk Shelf 01.

Primary Owner Name Technical Services

Primary Owner Contact [email protected]

Hardware Information

Serial Number SN02

Manufacturer Contoso Racks

Model DS04

Asset Tag DS04C

Product Number PN005

Page 32 of 204 Contoso Foods

Volumes
Provides information about the volumes found on this Windows machine.

3 Volumes

Name Total Size Free Space Shadow Copy

\\?\Volume{91695457-0000-0000-0000-100000000000}\ 549.00MB 149.15MB False

C: 59.46GB 44.08GB True

E: (ReFS Volume) 59.94GB 58.62GB False

Page 33 of 204 Contoso Foods

\\?\Volume{91695457-0000-0000-0000-100000000000}\
Provides information about the volumes found on this Windows machine.

Volume Details

Block Size 4,096

Capacity 549.00MB

Drive Letter

File System NTFS

Label System Reserved

Volume Identifier 91695457-0000-0000-0000-100000000000

Used Space 399.85MB

Free Space 149.15MB

Shadow Copy Configuration

Enabled False

Page 34 of 204 Contoso Foods

C:
Provides information about the volumes found on this Windows machine.

Volume Details

Block Size 4,096

Capacity 59.46GB

Drive Letter C:

File System NTFS

Label

Volume Identifier 91695457-0000-0000-0000-602200000000

Used Space 15.39GB

Free Space 44.08GB

Shadow Copy Configuration

Enabled True

Storage Volume C:\

Maximum Space 320.00MB

Allocated Space 320.00MB

Used Space 54.98MB

Shadow Copies 15/01/2021 12:00

15/01/2021 12:00

Schedule At 04:00 on 21/10/2020

At 12:00 every Monday, Tuesday, Wednesday, Thursday, Friday every 1 weeks starting 22/10/2020

Disk Quota

State Tracked

Default Limit 1.00TB

Default Warning Limit 500.00GB

Log event when user exceeds their True

quota limit

Log event when user exceeds their False

warning level

12 Quota Entries

Status Account Name Space Used Quota Limit Warning Level

OK XCS-2K19-LIVE\Administrators 3.58GB No Limit No Limit

OK NTSERVICE\TrustedInstaller 6.44GB 1.00TB 500.00GB

OK XCS-2K19-LIVE\SYSTEM 3.77GB 1.00TB 500.00GB

OK XCS-2K19-LIVE\LOCALSERVICE 473.22MB 1.00TB 500.00GB

Page 35 of 204 Contoso Foods

OK XCS-2K19-LIVE\NETWORKSERVICE 166.28MB 1.00TB 500.00GB

OK NTSERVICE\MapsBroker 1.00KB 1.00TB 500.00GB

OK NTSERVICE\MSSQL?SQLEXPRESS 184.05MB 1.00TB 500.00GB

OK TEST2019\sysadmin 826.65MB 1.00TB 500.00GB

OK NTSERVICE\SQLTELEMETRY?SQLEXPRESS 608.00KB 1.00TB 500.00GB

OK IISAPPPOOL\DefaultAppPool 8.00KB 1.00TB 500.00GB

OK IISAPPPOOL\.NETv4.5Classic 608.00KB 1.00TB 500.00GB

OK IISAPPPOOL\.NETv4.5 608.00KB 1.00TB 500.00GB

Page 36 of 204 Contoso Foods

E: (ReFS Volume)
Provides information about the volumes found on this Windows machine.

Volume Details

Block Size 4,096

Capacity 59.94GB

Drive Letter E:

File System ReFS

Label ReFS Volume

Volume Identifier d7f4fdf3-c215-42f8-a108-ac0b616a5789

Used Space 1.32GB

Free Space 58.62GB

Shadow Copy Configuration

Enabled False

Page 37 of 204 Contoso Foods

Devices
Provides details about the devices and drivers on this machine.

Batteries

Name Driver Provider Driver Version Status

Microsoft AC Adapter Microsoft 10.0.17763.1 Device is working properly.

Computer

Name Driver Provider Driver Version Status

ACPI x64-based PC Microsoft 10.0.17763.1 Device is working properly.

Disk drives

Name Driver Provider Driver Version Status

VMware Virtual SATA Hard Drive Microsoft 10.0.17763.1 Device is working properly.

VMware, VMware Virtual S SCSI Disk Device Microsoft 10.0.17763.1 Device is working properly.

Display adapters

Name Driver Provider Driver Version Status

VMware SVGA 3D VMware, Inc. 8.15.1.33 Device is working properly.

DVD/CD-ROM drives

Name Driver Provider Driver Version Status

NECVMWar VMware SATA CD01 Microsoft 10.0.17763.1 Device is working properly.

Human Interface Devices

Name Driver Provider Driver Version Status

USB Input Device Microsoft 10.0.17763.1 Device is working properly.

IDE ATA/ATAPI controllers

Name Driver Provider Driver Version Status

ATA Channel 0 Microsoft 10.0.17763.1 Device is working properly.

ATA Channel 1 Microsoft 10.0.17763.1 Device is working properly.

Intel(R) 82371AB/EB PCI Bus Master IDE Microsoft 10.0.17763.1 Device is working properly.
Controller

Standard SATA AHCI Controller Microsoft 10.0.17763.1 Device is working properly.

Page 38 of 204 Contoso Foods

Keyboards

Name Driver Provider Driver Version Status

Standard PS/2 Keyboard Microsoft 10.0.17763.1 Device is working properly.

Mice and other pointing devices

Name Driver Provider Driver Version Status

VMware Pointing Device VMware, Inc. 12.5.4.0 Device is working properly.

VMware USB Pointing Device VMware, Inc. 12.5.4.0 Device is working properly.

Monitors

Name Driver Provider Driver Version Status

Generic Non-PnP Monitor Microsoft 10.0.17763.1 Device is working properly.

Network adapters

Name Driver Provider Driver Version Status

Intel(R) 82574L Gigabit Network Connection Microsoft 12.15.22.6 Device is working properly.

Microsoft Kernel Debug Network Adapter Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (GRE) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (IKEv2) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (IP) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (IPv6) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (L2TP) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (Network Monitor) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (PPPOE) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (PPTP) Microsoft 10.0.17763.1 Device is working properly.

WAN Miniport (SSTP) Microsoft 10.0.17763.1 Device is working properly.

Ports (COM & LPT)

Name Driver Provider Driver Version Status

Communications Port (COM1) Microsoft 10.0.17763.1 Device is working properly.

Print queues

Name Driver Provider Driver Version Status

Microsoft Print to PDF Microsoft 10.0.17763.1 Device is working properly.

Microsoft XPS Document Writer Microsoft 10.0.17763.1 Device is working properly.

Root Print Queue Microsoft 10.0.17763.1 Device is working properly.

Page 39 of 204 Contoso Foods

Processors

Name Driver Provider Driver Version Status

Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Microsoft 10.0.17763.1 Device is working properly.

Software devices

Name Driver Provider Driver Version Status

Microsoft Radio Device Enumeration Bus Microsoft 10.0.17763.1 Device is working properly.

Microsoft RRAS Root Enumerator Microsoft 10.0.17763.1 Device is working properly.

Sound, video and game controllers

Name Driver Provider Driver Version Status

High Definition Audio Device Microsoft 10.0.17763.1 Device is working properly.

Storage controllers

Name Driver Provider Driver Version Status

LSI Adapter, SAS 3000 series, 8-port with 1068 LSI 1.34.3.83 Device is working properly.

Microsoft Storage Spaces Controller Microsoft 10.0.17763.1 Device is working properly.

Storage volumes

Name Driver Provider Driver Version Status

Volume Microsoft 10.0.17763.1 Device is working properly.

Universal Serial Bus controllers

Name Driver Provider Driver Version Status

Standard Enhanced PCI to USB Host Controller Microsoft 10.0.17763.1 Device is working properly.

Standard Universal PCI to USB Host Controller Microsoft 10.0.17763.1 Device is working properly.

Standard USB 3.0 eXtensible Host Controller - 1.0 Microsoft 10.0.17763.1 Device is working properly.
(Microsoft)

USB Composite Device Microsoft 10.0.17763.1 Device is working properly.

USB Root Hub Microsoft 10.0.17763.1 Device is working properly.

USB Root Hub (USB 3.0) Microsoft 10.0.17763.1 Device is working properly.

Page 40 of 204 Contoso Foods

Physical Memory
This section provides information about the physical memory installed in this machine.

Physical Memory

Total Physical Memory 3,583MB

3 Physical Memory Devices

Location Manufacturer Serial Number Capacity Part Number Speed

RAM slot #0 2,048MB Unknown

RAM slot #1 1,024MB Unknown

RAM slot #2 512MB Unknown

Page 41 of 204 Contoso Foods

Printers
Provides details of the printers connected to the Windows machine.

2 Printers

Name Location Comment Share Name

Microsoft XPS Document Writer [Not Shared]

Microsoft Print to PDF [Not Shared]

Page 42 of 204 Contoso Foods

Microsoft XPS Document Writer
Provides details of the printers connected to the Windows machine.

Printer Properties

Comment

Capabilities Copies
Color
Collate

Location

Port Name PORTPROMPT:

Print Processor winprint

Separator Page

Advanced

Availability Always available

Priority 1

Spool Mode Start printing immediately

Enable Advanced Printing Features True

Hold Mismatched Documents False

Driver Name Microsoft XPS Document Writer v4

Share Configuration

Share Name [Not Shared]

Permissions

Type Principal Access

Allow XCS-2K19-LIVE\Administrator Manage Documents, Manage Printer,

Allow CREATOR OWNER Manage Documents

Allow APPLICATION PACKAGE AUTHORITY\ALL APPLICATION Manage Documents, Print

PACKAGES

Allow Everyone Print

Allow BUILTIN\Administrators Manage Documents, Manage Printer,

Allow S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-38 Manage Documents, Print

65880861-1938685643-461067658-1087000422

Page 43 of 204 Contoso Foods

Microsoft Print to PDF
Provides details of the printers connected to the Windows machine.

Printer Properties

Comment

Capabilities Copies
Color

Location

Port Name PORTPROMPT:

Print Processor winprint

Separator Page

Advanced

Availability Always available

Priority 1

Spool Mode Start printing immediately

Enable Advanced Printing Features True

Hold Mismatched Documents False

Driver Name Microsoft Print To PDF

Share Configuration

Share Name [Not Shared]

Permissions

Type Principal Access

Allow XCS-2K19-LIVE\Administrator Manage Documents, Manage Printer,

Allow CREATOR OWNER Manage Documents

Allow APPLICATION PACKAGE AUTHORITY\ALL APPLICATION Manage Documents, Print

PACKAGES

Allow Everyone Print

Allow BUILTIN\Administrators Manage Documents, Manage Printer,

Allow S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-38 Manage Documents, Print

65880861-1938685643-461067658-1087000422

Page 44 of 204 Contoso Foods

Processors
Displays information about the processors found within this Windows machine as seen by the operating
system.

1 Processors

Device ID Name Status Cores

CPU0 Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Enabled 4

Total Processor Utilization

Page 45 of 204 Contoso Foods

Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Displays information about the processors found within this Windows machine as seen by the operating
system.

Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz

CPU Status Enabled

Current Clock Speed 2,592MHz

Description Intel64 Family 6 Model 94 Stepping 3

Device Identifier CPU0

Manufacturer GenuineIntel

Number Of Cores 4

NumberOfLogicalProcessors 4

Processor Id 1F8BFBFF000506E3

Socket Designation CPU #000

Virtualization Settings

Address Translation Extensions False

Virtualization Firmware Enabled False

Page 46 of 204 Contoso Foods

Tape Libraries
Provides information about the tape drives and libraries connected to this machine.

1 Connected Tape Libraries

Name Manufacturer Model Product Number

Tape Library 1 Contoso Tape Libraries TL01 PN009

Page 47 of 204 Contoso Foods

Tape Library 1
Tape Library 1

Item ID 1097

Description This is tape library 1.

Primary Owner Name Technical Services

Primary Owner Contact [email protected]

Hardware Information

Serial Number SN03

Manufacturer Contoso Tape Libraries

Model TL01

Asset Tag TL01AT

Product Number PN009

Page 48 of 204 Contoso Foods

Video Controllers
Video controllers, also known as video adapters or graphics cards, are the physical or virtual devices
within the machine responsible for generating the display seen by the user.

1 Video Controllers

Name Adapter Memory Driver Version

VMware SVGA 3D 128.00MB 8.15.1.33

VMware SVGA 3D

DAC Type n/a

Adapter RAM 128.00MB

Driver Date 16/10/2015 01:00:00

Driver Version 8.15.1.33

Inf Filename oem10.inf

Drivers vm3dum64.dll
vm3dum64_10.dll

Maximum Refresh Rate 64Hz

Video Mode Description 3250 x 1991 x 4294967296 colors

Page 49 of 204 Contoso Foods

Networking
Provides networking information for the Windows machine.

Networking Information

Network Adapters 14 Network Adapters

IPv4 Addresses 192.168.131.201/24

IPv6 Addresses fe80::5846:858b:d8dc:93fb%5/0.0.0.64

Advanced

SNMP Installed True

Routing Table Entries 11

Shares 5

Page 50 of 204 Contoso Foods

Hosts File
The hosts file is a simple, text based file that is used to map IP addresses to host names.

General

Full Path C:\Windows\System32\Drivers\etc\hosts

File Size 824 bytes

Creation Date 15/09/2018 08:16:50

Last Accessed 15/09/2018 08:16:50

Last Modified 15/09/2018 08:16:50

File Type

Hidden False

Read Only False

Advanced

Encrypted False

Compressed False

Security

Owner NT AUTHORITY\SYSTEM

NTFS Permissions

Account Name Inherited Action Rights Propegation

NT AUTHORITY\SYSTEM False Allow Change permissions, Delete subfolders This folder only
and files, Modify, Take ownership

BUILTIN\Administrators False Allow Change permissions, Delete subfolders This folder only
and files, Modify, Take ownership

BUILTIN\Users False Allow Read & execute This folder only

ALL APPLICATION PACKAGES False Allow Read & execute This folder only

ALL RESTRICTED APPLICATION PACKAGES False Allow Read & execute This folder only

File Contents

# Copyright (c) 1993-2009 Microsoft Corp.

#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:

Page 51 of 204 Contoso Foods

#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost
# ::1 localhost

Page 52 of 204 Contoso Foods

Network Adapters
A network adapter, also known as network interface, is a physical or virtual device used to connect a
device to the network. The network adapters included within this documentation may include both
wired and wireless adapters.

1 Network Adapters

Name Status Device Name MAC address

Ethernet0 Device is working properly. Intel(R) 82574L Gigabit Network Connection 00-0C-29-EB-EE-DB

Page 53 of 204 Contoso Foods

Ethernet0
A network adapter, also known as network interface, is a physical or virtual device used to connect a
device to the network.

Ethernet0

Index 0005

Device Name Intel(R) 82574L Gigabit Network Connection

MAC Address 00-0C-29-EB-EE-DB

Status Device is working properly.

Driver Date 2016-04-05

Driver Version 12.15.22.6

Physical Adapter True

Interface GUID {1C94AD6B-B1EA-4186-8D59-B82F90B7256B}

Speed / Duplex 1 Gbps [Full Duplex]

Network Adapter Bindings

Name Class Name Enabled

Client for Microsoft Networks Client True

File and Printer Sharing for Microsoft Networks Service True

Internet Protocol Version 4 (TCP/IPv4) Transport True

Internet Protocol Version 6 (TCP/IPv6) Transport True

Link-Layer Topology Discovery Mapper I/O Driver Transport True

Link-Layer Topology Discovery Responder Transport True

Microsoft LLDP Protocol Driver Transport True

Microsoft Network Adapter Multiplexor Protocol Transport False

QoS Packet Scheduler Filter True

Network Category

Name Domain network

IP Configuration

DHCP Enabled True

IP Addresses fe80::5846:858b:d8dc:93fb%5/0.0.0.64
192.168.131.201/24

Default Gateways 192.168.131.2

DHCP Server 192.168.131.254

Page 54 of 204 Contoso Foods

DNS Settings

DNS Hostname XCS-2K19-LIVE

DNS Domain localdomain

DNS Suffixes test2019.net

localdomain

DNS Servers 192.168.131.191

Register in DNS True

Use Connection's Suffix in DNS False

Registration

WINS Settings

Primary WINS Server 192.168.131.2

Secondary WINS Server

Enable LMHOSTS Lookup True

NetBIOS Setting Enabled via DHCP

Advanced Properties

Display Name Name Display Value Data

Adaptive Inter-Frame Spacing AdaptiveIFS Disabled 0

Flow Control *FlowControl Rx & Tx Enabled 3

Gigabit Master Slave Mode MasterSlave Auto Detect 0

Interrupt Moderation *InterruptModeration Enabled 1

Interrupt Moderation Rate ITR Adaptive 65535

IPv4 Checksum Offload *IPChecksumOffloadIPv4 Rx & Tx Enabled 3

Jumbo Packet *JumboPacket Disabled 1514

Large Send Offload V2 (IPv4) *LsoV2IPv4 Enabled 1

Large Send Offload V2 (IPv6) *LsoV2IPv6 Enabled 1

Locally Administered Address NetworkAddress

Log Link State Event LogLinkStateEvent Enabled 51

Maximum number of RSS Processors *MaxRssProcessors 8 8

Maximum Number of RSS Queues *NumRssQueues 2 Queues 2

Maximum RSS Processor Number *RssMaxProcNumber 63 63

Packet Priority & VLAN *PriorityVLANTag Packet Priority & VLAN Enabled 3

Preferred NUMA node *NumaNodeId 65535 65535

Receive Buffers *ReceiveBuffers 256 256

Receive Side Scaling *RSS Enabled 1

RSS Base Processor Number *RssBaseProcNumber 0 0

RSS load balancing profile *RSSProfile NUMAScalingStatic 4

Speed & Duplex *SpeedDuplex Auto Negotiation 0

TCP Checksum Offload (IPv4) *TCPChecksumOffloadIPv4 Rx & Tx Enabled 3

TCP Checksum Offload (IPv6) *TCPChecksumOffloadIPv6 Rx & Tx Enabled 3

Page 55 of 204 Contoso Foods

Transmit Buffers *TransmitBuffers 512 512

UDP Checksum Offload (IPv4) *UDPChecksumOffloadIPv4 Rx & Tx Enabled 3

UDP Checksum Offload (IPv6) *UDPChecksumOffloadIPv6 Rx & Tx Enabled 3

Wait for Link WaitAutoNegComplete Auto Detect 2

Page 56 of 204 Contoso Foods

IPv4 Routing Table
The routing table lists the routes to particular network destinations and the metrics (distances or costs)
associated with those routes.

11 Active Routes

Destination Subnet Mask Gateway Interface Metric Protocol

255.255.255.255 255.255.255.255 0.0.0.0 Intel(R) 82574L Gigabit Network Connection 281 Local

255.255.255.255 255.255.255.255 0.0.0.0 331 Local

224.0.0.0 240.0.0.0 0.0.0.0 Intel(R) 82574L Gigabit Network Connection 281 Local

224.0.0.0 240.0.0.0 0.0.0.0 331 Local

192.168.131.255 255.255.255.255 0.0.0.0 Intel(R) 82574L Gigabit Network Connection 281 Local

192.168.131.201 255.255.255.255 0.0.0.0 Intel(R) 82574L Gigabit Network Connection 281 Local

192.168.131.0 255.255.255.0 0.0.0.0 Intel(R) 82574L Gigabit Network Connection 281 Local

127.255.255.255 255.255.255.255 0.0.0.0 331 Local

127.0.0.1 255.255.255.255 0.0.0.0 331 Local

127.0.0.0 255.0.0.0 0.0.0.0 331 Local

0.0.0.0 0.0.0.0 192.168.131.2 Intel(R) 82574L Gigabit Network Connection 25 NetMgmt

1 Persistent Routes

Destination Subnet Mask Gateway Metric

192.168.35.0 255.255.255.0 192.168.0.2 1

Page 57 of 204 Contoso Foods

Remote Settings
Provides an overview of the remote settings configured for this machine including the Remote Desktop
for Administration and Remote Assistance settings.

Remote Desktop Settings

Disable Saving Passwords False

Connection Mode Only allow connections with network level authentication (more secure)

Licensing Mode Remote Desktop for Administration

Is Session Host False

Always Prompt For Password False

Minimum Encryption Level Client Compatible

Security Layer SSL

Single Session Restriction True

Terminal Name RDP-Tcp

Certificate

Certificate Thumbprint 4548628CBE6CCD18E6F00E979C57E593A5705273

Redirection Settings

Disable COM Port Redirection False

Disable Drive Redirection False

Disable LPT Port Redirection False

Disable Plug and Play Device False

Redirection

Temporary Folders

Use Temporary Folders Per Session True

Delete Temporary Folders On Exit True

Remote Desktop Users

Remote Desktop Users Group Name Remote Desktop Users

Remote Desktop Users TEST2019\sysuser

Remote Assistance Settings

Enabled True

Allow Remote Control True

Maximum Ticket Expiry 6 Hours

Create invitations for Windows Vista or False

later

Page 58 of 204 Contoso Foods

SNMP Configuration
Simple Network Management Protocol (SNMP) is a UDP-based network protocol used by network
monitoring and management systems. SNMP is protected by the use of passwords known as community
strings and by allowing connections from specific hosts only. SNMP traps define the management hosts
that will receive event messages from this machine.

SNMP Settings

Installed True

Started True

Allowed Managers localhost

Location DC1

Contact [email protected]

SNMP Communities

Name Type

public Read Only

SNMP Traps

Community Name Destinations

public 192.168.1.1

Page 59 of 204 Contoso Foods

Shares
Windows shares allow the sharing of files and printers over a network using the Server Message Block
(SMB) protocol, also known as Common Internet File System (CIFS).

5 Shares

Name Path Type Description

ADMIN$ C:\Windows Administrative Share Remote Admin

C$ C:\ Administrative Share Default share

E$ E:\ Administrative Share Default share

IPC$ Administrative IPC Queue Remote IPC

Windows Share C:\Windows Share File Share This is a Windows share.

Page 60 of 204 Contoso Foods

ADMIN$
ADMIN$

Description Remote Admin

Allow Maximum True

Path C:\Windows

Share Type Administrative Share

Cache Setting Only files and folders that users specify are available offline.

Security

Owner NT SERVICE\TrustedInstaller

NTFS Permissions

Account Name Inherited Action Rights Propegation

CREATOR OWNER False Allow Change permissions, Delete Subfolders and files only
subfolders and files, Modify,
Take ownership

NT AUTHORITY\SYSTEM False Allow Change permissions, Delete Subfolders and files only
subfolders and files, Modify,
Take ownership

NT AUTHORITY\SYSTEM False Allow Modify This folder only

BUILTIN\Administrators False Allow Change permissions, Delete Subfolders and files only
subfolders and files, Modify,
Take ownership

BUILTIN\Administrators False Allow Modify This folder only

BUILTIN\Users False Allow Read, Write Subfolders and files only

BUILTIN\Users False Allow Read & execute This folder only

NT SERVICE\TrustedInstaller False Allow Change permissions, Delete Subfolders only

subfolders and files, Modify,
Take ownership

ALL APPLICATION PACKAGES False Allow Read & execute This folder only

ALL APPLICATION PACKAGES False Allow Read, Write Subfolders and files only

ALL RESTRICTED APPLICATION PACKAGES False Allow Read & execute This folder only

ALL RESTRICTED APPLICATION PACKAGES False Allow Read, Write Subfolders and files only

Page 61 of 204 Contoso Foods

C$
C$

Description Default share

Allow Maximum True

Path C:\

Share Type Administrative Share

Cache Setting Only files and folders that users specify are available offline.

Security

Owner NT SERVICE\TrustedInstaller

NTFS Permissions

Account Name Inherited Action Rights Propegation

CREATOR OWNER False Allow Change permissions, Delete subfolders and Subfolders and files only
files, Modify, Take ownership

NT AUTHORITY\SYSTEM False Allow Change permissions, Delete subfolders and This folder, subfolders and files
files, Modify, Take ownership

BUILTIN\Administrators False Allow Change permissions, Delete subfolders and This folder, subfolders and files
files, Modify, Take ownership

BUILTIN\Users False Allow Create folders / append data This folder and subfolders

BUILTIN\Users False Allow Create files / write data Subfolders only

BUILTIN\Users False Allow Read & execute This folder, subfolders and files

Page 62 of 204 Contoso Foods

E$
E$

Description Default share

Allow Maximum True

Path E:\

Share Type Administrative Share

Cache Setting Only files and folders that users specify are available offline.

Security

Owner BUILTIN\Administrators

NTFS Permissions

Account Name Inherited Action Rights Propegation

Everyone False Allow Read & execute This folder, subfolders and files

CREATOR OWNER False Allow Change permissions, Delete subfolders and Subfolders and files only
files, Modify, Take ownership

NT AUTHORITY\SYSTEM False Allow Change permissions, Delete subfolders and This folder, subfolders and files
files, Modify, Take ownership

BUILTIN\Administrators False Allow Change permissions, Delete subfolders and This folder, subfolders and files
files, Modify, Take ownership

BUILTIN\Users False Allow Create folders / append data This folder and subfolders

BUILTIN\Users False Allow Create files / write data, Read & execute This folder, subfolders and files

Page 63 of 204 Contoso Foods

IPC$
IPC$

Description Remote IPC

Allow Maximum True

Path

Share Type Administrative IPC Queue

Page 64 of 204 Contoso Foods

Windows Share
Windows Share

Description This is a Windows share.

Allow Maximum False

Maximum Allowed 3

Path C:\Windows Share

Share Type File Share

Cache Setting All files and programs the users opens are automatically available offline. Optimized for performance.

Enable Access Based Enumeration True

Encrypt Data Access False

Share Permissions

Account Name Action Rights

BUILTIN\Administrators Allow Full Control

Everyone Allow Full Control

Security

Owner TEST2019\sysadmin

NTFS Permissions

Account Name Inherited Action Rights Propegation

Everyone False Allow Read & execute This folder, subfolders and files

NT AUTHORITY\SYSTEM False Allow Change permissions, Delete subfolders and This folder, subfolders and files
files, Modify, Take ownership

BUILTIN\Administrators False Allow Change permissions, Delete subfolders and This folder, subfolders and files
files, Modify, Take ownership

TEST2019\sysadmin False Allow Change permissions, Delete subfolders and This folder, subfolders and files
files, Modify, Take ownership

Page 65 of 204 Contoso Foods

Security
Provides details of the key built-in security accounts on this machine.

Security Identifiers

Machine SID S-1-5-21-130050434-2330574090-1807454070

Computer Domain SID S-1-5-21-1597374802-183462725-2612050851-1105

Local Administrator

Name Administrator

Description Built-in account for administering the computer/domain

Enabled True

Password Never Expires True

Guest Account

Name Guest

Description Built-in account for guest access to the computer/domain

Enabled False

Password Never Expires True

Local Administrators

Name Administrators

Description Administrators have complete and unrestricted access to the computer/domain

Members TEST2019\Domain Admins

XCS-2K19-LIVE\Administrator

Page 66 of 204 Contoso Foods

Advanced Audit Policy
Advanced Audit Policy in Windows 7, Windows Server 2008 R2 and above increase the nine basic audit
categories available in previous versions of Windows helping with audit compliance and security
monitoring.

Account Logon

Subcategory Audit Events Configuration Source

Audit Credential Validation Success Local

Audit Kerberos Authentication Service Success Local

Audit Kerberos Service Ticket Operations Success Local

Audit Other Account Logon Events Local

Account Management

Subcategory Audit Events Configuration Source

Audit Application Group Management Local

Audit Computer Account Management Success Local

Audit Distribution Group Management Local

Audit Other Account Management Events Local

Audit Security Group Management Success Local

Audit User Account Management Success Local

Detailed Tracking

Subcategory Audit Events Configuration Source

Audit DPAPI Activity Local

Audit PNP Activity Local

Audit Process Creation Local

Audit Process Termination Local

Audit RPC Events Local

DS Access

Subcategory Audit Events Configuration Source

Audit Detailed Directory Service Replication Local

Audit Directory Service Access Success Local

Audit Directory Service Changes Local

Audit Directory Service Replication Local

Logon/Logoff

Page 67 of 204 Contoso Foods

Subcategory Audit Events Configuration Source

Audit Account Lockout Success Local

Audit Group Membership Local

Audit IPsec Extended Mode Local

Audit IPsec Main Mode Local

Audit IPsec Quick Mode Local

Audit Logoff Success Local

Audit Logon Success and Failure Local

Audit Network Policy Server Success and Failure Local

Audit Other Logon/Logoff Events Local

Audit Special Logon Success Local

Audit User / Device Claims Local

Object Access

Subcategory Audit Events Configuration Source

Audit Application Generated Local

Audit Central Access Policy Staging Local

Audit Certification Services Local

Audit Detailed File Share Local

Audit File Share Local

Audit File System Local

Audit Filtering Platform Connection Local

Audit Filtering Platform Packet Drop Local

Audit Handle Manipulation Local

Audit Kernel Object Local

Audit Other Object Access Events Local

Audit Registry Local

Audit Removable Storage Local

Audit SAM Local

Policy Change

Subcategory Audit Events Configuration Source

Audit Audit Policy Change Success Local

Audit Authentication Policy Change Success Local

Audit Authorization Policy Change Local

Audit Filtering Platform Policy Change Local

Audit MPSSVC Rule-Level Policy Change Local

Audit Other Policy Change Events Local

Page 68 of 204 Contoso Foods

Privilege Use

Subcategory Audit Events Configuration Source

Audit Non Sensitive Privilege Use Local

Audit Other Privilege Use Events Local

Audit Sensitive Privilege Use Local

System

Subcategory Audit Events Configuration Source

Audit IPsec Driver Local

Audit Other System Events Success and Failure Local

Audit Security State Change Success Local

Audit Security System Extension Local

Audit System Integrity Success and Failure Local

Page 69 of 204 Contoso Foods

Audit Policy
The audit policy determines what categories of information should be recorded to the Windows Security
event log.

Name Policy Setting Configuration Source

Audit account logon events None Configured Locally

Audit account management None Configured Locally

Audit directory service access None Configured Locally

Audit logon events None Configured Locally

Audit object access None Configured Locally

Audit policy change None Configured Locally

Audit privilege use None Configured Locally

Audit process tracking None Configured Locally

Audit system events None Configured Locally

Page 70 of 204 Contoso Foods

Certificate Stores
Provides details of the SSL certificates installed on this machine for the computer account.

Store Name Certificate Count

Intermediate Certification Authorities 3

Personal 1

Third-Party Root Certification Authorities 9

Trusted People 0

Trusted Publisher 0

Trusted Root Certification Authorities 12

Web Hosting 0

Page 71 of 204 Contoso Foods

Personal
Certificates associated with private keys to which you have access. These are the certificates that have
been issued to you or to the computer or service for which you are managing certificates.

1 Certificates

Subject Issuer Expiry Date

WMSvc-SHA2-XCS-2K19-LIVE WMSvc-SHA2-XCS-2K19-LIVE 06 June 2030

Page 72 of 204 Contoso Foods

WMSvc-SHA2-XCS-2K19-LIVE
Provides details of the X.509 certificate.

General

Subject Name WMSvc-SHA2-XCS-2K19-LIVE

Subject CN=WMSvc-SHA2-XCS-2K19-LIVE

Issuer CN=WMSvc-SHA2-XCS-2K19-LIVE

Issuer Name WMSvc-SHA2-XCS-2K19-LIVE

Valid From 08 June 2020

Expiry Date 06 June 2030

Key Usage Data encipherment

Digital Signature
Key encipherment

Enhanced Key Usages Server Authentication (1.3.6.1.5.5.7.3.1)

Certificate Details

Public Key RSA (2048 Bits)

Serial Number 6413E60625A2E5AB4B693CEA781D43E1

Signature Algorithm sha256RSA

Version 3

CRL Distribution Points

Subject Alternative Names

Properties

Friendly Name WMSVC-SHA2

Thumbprint 49A0CBAB284B6E61DDB4EF836C1B362CAC4459FF

Purposes Enable all purposes for this certificate

Page 73 of 204 Contoso Foods

Web Hosting
The Web Hosting certificate store contains information about the web hosting certificates that are
installed on a computer. This is a new store available in Windows 8, Windows Server 2012 and above.

There are no certificates in this store.

Page 74 of 204 Contoso Foods

Local Account Policies
Local account policies define the password complexity and account lockout policies that are effective on
an individual machine. These policies can be configured locally or via a Group Policy Object (GPO).

Account Lockout Policy

Policy Policy Setting Configuration Source

Account Lockout Duration Not Applicable Configured Locally

Account Lockout Threshold 0 invalid login attempt(s) Configured Locally

Reset Account Lockout After Not Applicable Configured Locally

Password Policy

Policy Policy Setting Configuration Source

Enforce Password History 24 passwords remembered Default Domain Policy

Maximum Password Age 42 days Default Domain Policy

Minimum Password Age 1 days Default Domain Policy

Minimum Password Length 7 Default Domain Policy

Password must meet complexity requirements True Default Domain Policy

Store passwords using reversible encryption False Default Domain Policy

Page 75 of 204 Contoso Foods

LAPS Settings
The Local Administrator Password Solution (LAPS) provides the ability to automatically update local
administrator account passwords for domain joined computers.

General Settings

Installed True

Enabled True

DLL File Location C:\Program Files\LAPS\CSE\AdmPwd.dll

DLL Version 6.2.0.0

Policy Settings

Administrator Account Name sysadmin

Password Age (Days) 30

Password Length 14

Password Expiration Protection True

Enabled

Password Complexity Type Large Letters + Small Letters + Numbers + Specials

Page 76 of 204 Contoso Foods

Local Users
A local user account is available only on the computer where the local account is defined and is stored in
the machine's SAM (security accounts manager) database.

Name Description Password User

Never Cannot
Expires Change
Password

Administrator Built-in account for administering the computer/domain True False

DefaultAccount A user account managed by the system. True False

Guest Built-in account for guest access to the computer/domain True True

WDAGUtilityAccount A user account managed and used by the system for Windows Defender Application False False
Guard scenarios.

Page 77 of 204 Contoso Foods

Administrator
Provides details of this local account.

Account Details

Name Administrator

Description Built-in account for administering the computer/domain

Enabled True

Password Never Expires True

Full Name Administrator Account

Security Identifier S-1-5-21-130050434-2330574090-1807454070-500

Last Login 08/06/2020 13:23:54

Password Expired False

Password Last Set 15/10/2020 14:41:23

User Cannot Change Password False

Profile

Profile Path \\2K19-DC\Profiles\Administrator

Login Script Administrator.ps1

Home Drive Z:

Home Directory \\2K19-DC\Home\Administrator

Page 78 of 204 Contoso Foods

DefaultAccount
Provides details of this local account.

Account Details

Name DefaultAccount

Description A user account managed by the system.

Enabled False

Password Never Expires True

Full Name

Security Identifier S-1-5-21-130050434-2330574090-1807454070-503

Last Login Never

Password Expired False

Password Last Set Never

User Cannot Change Password False

Profile

Profile Path

Home Drive

Home Directory

Page 79 of 204 Contoso Foods

Guest
Provides details of this local account.

Account Details

Name Guest

Description Built-in account for guest access to the computer/domain

Enabled False

Password Never Expires True

Full Name

Security Identifier S-1-5-21-130050434-2330574090-1807454070-501

Last Login Never

Password Expired False

Password Last Set Never

User Cannot Change Password True

Profile

Profile Path

Home Drive

Home Directory

Page 80 of 204 Contoso Foods

WDAGUtilityAccount
Provides details of this local account.

Account Details

Name WDAGUtilityAccount

Description A user account managed and used by the system for Windows Defender Application Guard scenarios.

Enabled False

Password Never Expires False

Full Name

Security Identifier S-1-5-21-130050434-2330574090-1807454070-504

Last Login Never

Password Expired True

Password Last Set [Password Expired]

User Cannot Change Password False

Profile

Profile Path

Home Drive

Home Directory

Page 81 of 204 Contoso Foods

Local Groups
A local group account is available only on the computer where the local group is defined and is stored in
the machine's SAM (security accounts manager) database. It can contain both local users and domain
users and groups and can be used to assign security to resources on the local machine.

Access Control Assistance Operators

Description Members of this group can remotely query authorization attributes and permissions for resources on
this computer.

Security Identifier S-1-5-32-579

Members

Administrators

Description Administrators have complete and unrestricted access to the computer/domain

Security Identifier S-1-5-32-544

Members TEST2019\Domain Admins

XCS-2K19-LIVE\Administrator

Backup Operators

Description Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

Security Identifier S-1-5-32-551

Members

Certificate Service DCOM Access

Description Members of this group are allowed to connect to Certification Authorities in the enterprise

Security Identifier S-1-5-32-574

Members

Cryptographic Operators

Description Members are authorized to perform cryptographic operations.

Security Identifier S-1-5-32-569

Members

Device Owners

Description Members of this group can change system-wide settings.

Security Identifier S-1-5-32-583

Members

Page 82 of 204 Contoso Foods

Distributed COM Users

Description Members are allowed to launch, activate and use Distributed COM objects on this machine.

Security Identifier S-1-5-32-562

Members

Event Log Readers

Description Members of this group can read event logs from local machine

Security Identifier S-1-5-32-573

Members

Guests

Description Guests have the same access as members of the Users group by default, except for the Guest account
which is further restricted

Security Identifier S-1-5-32-546

Members XCS-2K19-LIVE\Guest

Hyper-V Administrators

Description Members of this group have complete and unrestricted access to all features of Hyper-V.

Security Identifier S-1-5-32-578

Members

IIS_IUSRS

Description Built-in group used by Internet Information Services.

Security Identifier S-1-5-32-568

Members

Network Configuration Operators

Description Members in this group can have some administrative privileges to manage configuration of networking
features

Security Identifier S-1-5-32-556

Members

Performance Log Users

Description Members of this group may schedule logging of performance counters, enable trace providers, and
collect event traces both locally and via remote access to this computer

Security Identifier S-1-5-32-559

Members

Page 83 of 204 Contoso Foods

Performance Monitor Users

Description Members of this group can access performance counter data locally and remotely

Security Identifier S-1-5-32-558

Members NT SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXPRESS

Power Users

Description Power Users are included for backwards compatibility and possess limited administrative powers

Security Identifier S-1-5-32-547

Members

Print Operators

Description Members can administer printers installed on domain controllers

Security Identifier S-1-5-32-550

Members

RDS Endpoint Servers

Description Servers in this group run virtual machines and host sessions where users RemoteApp programs and
personal virtual desktops run. This group needs to be populated on servers running RD Connection
Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to
be in this group.

Security Identifier S-1-5-32-576

Members

RDS Management Servers

Description Servers in this group can perform routine administrative actions on servers running Remote Desktop
Services. This group needs to be populated on all servers in a Remote Desktop Services deployment.
The servers running the RDS Central Management service must be included in this group.

Security Identifier S-1-5-32-577

Members

RDS Remote Access Servers

Description Servers in this group enable users of RemoteApp programs and personal virtual desktops access to
these resources. In Internet-facing deployments, these servers are typically deployed in an edge
network. This group needs to be populated on servers running RD Connection Broker. RD Gateway
servers and RD Web Access servers used in the deployment need to be in this group.

Security Identifier S-1-5-32-575

Members

Remote Desktop Users

Description Members in this group are granted the right to logon remotely

Security Identifier S-1-5-32-555

Members TEST2019\sysuser

Page 84 of 204 Contoso Foods

Remote Management Users

Description Members of this group can access WMI resources over management protocols (such as
WS-Management via the Windows Remote Management service). This applies only to WMI
namespaces that grant access to the user.

Security Identifier S-1-5-32-580

Members

Replicator

Description Supports file replication in a domain

Security Identifier S-1-5-32-552

Members

SQLServer2005SQLBrowserUser$XCS-2K19-LIVE

Description Members in the group have the required access and privileges to be assigned as the log on account for
the associated instance of SQL Server Browser.

Security Identifier S-1-5-21-130050434-2330574090-1807454070-1000

Members NT SERVICE\SQLBrowser

Storage Replica Administrators

Description Members of this group have complete and unrestricted access to all features of Storage Replica.

Security Identifier S-1-5-32-582

Members

System Managed Accounts Group

Description Members of this group are managed by the system.

Security Identifier S-1-5-32-581

Members XCS-2K19-LIVE\DefaultAccount

Users

Description Users are prevented from making accidental or intentional system-wide changes and can run most
applications

Security Identifier S-1-5-32-545

Members NT AUTHORITY\Authenticated Users

NT AUTHORITY\INTERACTIVE
TEST2019\Domain Users

Page 85 of 204 Contoso Foods

Microsoft Defender
Provides information about the detected antivirus (also known as antimalware) products found on this
Windows machine.

General Settings

Product Version 4.18.2011.6

Engine Version 1.1.17700.4

Real Time Protection Enabled True

Tamper Protection False

Antivirus Signature

Antivirus Signature Last Updated 15/01/2021 05:11:40

Antivirus Signature Version 1.329.2223.0

Cloud

Cloud Delivered Protection Enabled True

Automatic Cloud Sample Submission True

Exclusions

Excluded Extensions .txt

Excluded Paths C:\Windows

C:\Windows\notepad.exe

Excluded Processes notepad

Page 86 of 204 Contoso Foods

Security Options
Security Options is a section of Group Policy that configures computer security settings from digital data signatures, Administrator and Guest account
names to driver installation behavior, and logon prompts.

189 Security Options

Policy Security Setting Configuration Source

Accounts: Block Microsoft accounts Not Defined Not Defined

Accounts: Limit local account use of blank passwords to console logon only Enabled Configured Locally

App Runtime: Allow Microsoft accounts to be optional Not Defined Not Defined

Audit Process Creation: Include command line in process creation events Not Defined Not Defined

Audit: Audit the access of global system objects Disabled Configured Locally

Audit: Audit the use of Backup and Restore privilege Disabled Configured Locally

Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category Not Defined Not Defined
settings.

Audit: Shut down system immediately if unable to log security audits Disabled Configured Locally

AutoPlay Policies: Disallow Autoplay for non-volume devices Not Defined Not Defined

AutoPlay Policies: Set the default behavior for AutoRun Not Defined Not Defined

AutoPlay Policies: Turn off Autoplay Not Defined Not Defined

Credential User Interface: Do not display the password reveal button Not Defined Not Defined

Credential User Interface: Enumerate administrator accounts on elevation Not Defined Not Defined

DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined Not Defined

DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined Not Defined

Devices: Allow undock without having to log on Enabled Configured Locally

Devices: Allowed to format and eject removable media Not Defined Not Defined

Devices: Prevent users from installing printer drivers Enabled Configured Locally

Devices: Restrict CD-ROM access to locally logged-on user only Not Defined Not Defined

Page 87 of 204 Contoso Foods

Devices: Restrict floppy access to locally logged-on user only Not Defined Not Defined

Domain controller: Allow server operators to schedule tasks Not Defined Not Defined

Domain controller: LDAP server signing requirements Not Defined Not Defined

Domain controller: Refuse machine account password changes Disabled Default Domain Policy

Domain member: Digitally encrypt or sign secure channel data (always) Enabled Configured Locally

Domain member: Digitally encrypt secure channel data (when possible) Enabled Configured Locally

Domain member: Digitally sign secure channel data (when possible) Enabled Configured Locally

Domain member: Disable machine account password changes Enabled Default Domain Policy

Domain member: Maximum machine account password age 30 days Configured Locally

Domain member: Require strong (Windows 2000 or later) session key Enabled Configured Locally

Early Launch Antimalware: Boot-Start Driver Initialization Policy Not Defined Not Defined

EMET: Default Action and Mitigation Settings: Anti Detours Not Defined Not Defined

EMET: Default Action and Mitigation Settings: Banned Functions Not Defined Not Defined

EMET: Default Action and Mitigation Settings: Deep Hooks Not Defined Not Defined

EMET: Default Action and Mitigation Settings: Exploit Action Not Defined Not Defined

EMET: System ASLR Not Defined Not Defined

EMET: System DEP Not Defined Not Defined

EMET: System SEHOP Not Defined Not Defined

Event Log: Application: Control Event Log behavior when the log file reaches its maximum size Enabled Default Domain Policy

Event Log: Application: Specify the maximum log file size (KB) Not Defined Not Defined

Event Log: Security: Control Event Log behavior when the log file reaches its maximum size Disabled Default Domain Policy

Event Log: Security: Specify the maximum log file size (KB) Not Defined Not Defined

Event Log: Setup: Control Event Log behavior when the log file reaches its maximum size Not Defined Not Defined

Event Log: Setup: Specify the maximum log file size (KB) Not Defined Not Defined

Event Log: System: Control Event Log behavior when the log file reaches its maximum size Not Defined Not Defined

Event Log: System: Specify the maximum log file size (KB) Not Defined Not Defined

Page 88 of 204 Contoso Foods

File Explorer: Configure Windows SmartScreen Not Defined Not Defined

File Explorer: Turn off Data Execution Prevention for Explorer Not Defined Not Defined

File Explorer: Turn off heap termination on corruption Not Defined Not Defined

File Explorer: Turn off shell protocol protected mode Not Defined Not Defined

Group Policy: Registry policy processing: Do not apply during periodic background processing Not Defined Not Defined

Group Policy: Registry policy processing: Process even if the Group Policy objects have not changed Not Defined Not Defined

Group Policy: Turn off background refresh of Group Policy Not Defined Not Defined

Interactive logon: Display user information when the session is locked User display name only Default Domain Policy

Interactive logon: Do not require CTRL+ALT+DEL Disabled Configured Locally

Interactive logon: Don't display last signed-in Disabled Configured Locally

Interactive logon: Machine account lockout threshold Not Defined Not Defined

Interactive logon: Machine inactivity limit Not Defined Not Defined

Interactive logon: Message text for users attempting to log on Configured Locally

Interactive logon: Message title for users attempting to log on Configured Locally

Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons Configured Locally

Interactive logon: Prompt user to change password before expiration 5 days Configured Locally

Interactive logon: Require Domain Controller authentication to unlock workstation Disabled Configured Locally

Interactive logon: Require smart card Disabled Configured Locally

Interactive logon: Smart card removal behaviour No Action Configured Locally

Internet Communication settings: Turn off access to the Store Not Defined Not Defined

Internet Communication Settings: Turn off downloading of print drivers over HTTP Not Defined Not Defined

Internet Communication Settings: Turn off handwriting personalization data sharing Not Defined Not Defined

Internet Communication Settings: Turn off handwriting recognition error reporting Not Defined Not Defined

Internet Communication Settings: Turn off Internet Connection Wizard if URL connection is referring to Not Defined Not Defined
Microsoft.com

Internet Communication Settings: Turn off Internet download for Web publishing and online ordering Not Defined Not Defined
wizards

Page 89 of 204 Contoso Foods

Internet Communication Settings: Turn off printing over HTTP Not Defined Not Defined

Internet Communication Settings: Turn off Registration if URL connection is referring to Microsoft.com Not Defined Not Defined

Internet Communication Settings: Turn off Search Companion content file updates Not Defined Not Defined

Internet Communication Settings: Turn off the "Order Prints" picture task Not Defined Not Defined

Internet Communication Settings: Turn off the "Publish to Web" task for files and folders Not Defined Not Defined

Internet Communication Settings: Turn off the Windows Messenger Customer Experience Improvement Not Defined Not Defined
Program

Internet Communication Settings: Turn off Windows Customer Experience Improvement Program Not Defined Not Defined

Internet Communication Settings: Turn off Windows Error Reporting Not Defined Not Defined

IPv6: Disabled Components Not Defined Not Defined

Locale Services: Disallow copying of user input methods to the system account for sign-in Not Defined Not Defined

Location and Sensors: Turn off location Not Defined Not Defined

Logon: Do not display network selection UI Not Defined Not Defined

Logon: Do not enumerate connected users on domain-joined computers Not Defined Not Defined

Logon: Enumerate local users on domain-joined computers Not Defined Not Defined

Logon: Turn off app notifications on the lock screen Not Defined Not Defined

Logon: Turn on convenience PIN sign-in Not Defined Not Defined

Microsoft network client: Digitally sign communications (always) Disabled Configured Locally

Microsoft network client: Digitally sign communications (if server agrees) Enabled Configured Locally

Microsoft network client: Send unencrypted password to connect to third-party SMB servers Disabled Configured Locally

Microsoft network server: Amount of idle time required before suspending a session 15 minutes Configured Locally

Microsoft network server: Attempt S4U2Self to obtain claim information Not Defined Not Defined

Microsoft network server: Digitally sign communications (always) Disabled Configured Locally

Microsoft network server: Digitally sign communications (if client agrees) Disabled Configured Locally

Microsoft network server: Disconnect clients when logon hours expire Enabled Configured Locally

Microsoft network server: Enable SMB version 1 protocol Not Defined Not Defined

Microsoft network server: Enable SMB version 2 protocol Not Defined Not Defined

Page 90 of 204 Contoso Foods

Microsoft network server: Server SPN target name validation level Not Defined Not Defined

Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider Not Defined Not Defined

MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) Disabled Configured Locally

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) Not Defined Not Defined

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) Not Defined Not Defined

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes Enabled Configured Locally

MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds Not Defined Not Defined

MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except Not Defined Not Defined
from WINS servers

MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could Not Defined Not Defined
lead to DoS)

MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) Not Defined Not Defined

MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 Not Defined Not Defined
recommended)

MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted Not Defined Not Defined

MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted Not Defined Not Defined

MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a Not Defined Not Defined
warning

Network access: Allow anonymous SID/Name translation Enabled Default Domain Policy

Network access: Do not allow anonymous enumeration of SAM accounts Enabled Configured Locally

Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled Configured Locally

Network access: Do not allow storage of passwords and credentials for network authentication Disabled Configured Locally

Network access: Let Everyone permissions apply to anonymous users Disabled Configured Locally

Network access: Named pipes that can be accessed anonymously Configured Locally

Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions Configured Locally

System\CurrentControlSet\Control\Server
Applications
Software\Microsoft\Windows NT\CurrentVersion

Network access: Remotely accessible registry paths and subpaths System\CurrentControlSet\Control\Print\Printers Configured Locally
System\CurrentControlSet\Services\Eventlog
Software\Microsoft\OLAP Server
Software\Microsoft\Windows

Page 91 of 204 Contoso Foods

NT\CurrentVersion\Print
Software\Microsoft\Windows
NT\CurrentVersion\Windows
System\CurrentControlSet\Control\ContentIndex
System\CurrentControlSet\Control\Terminal
Server
System\CurrentControlSet\Control\Terminal
Server\UserConfig
System\CurrentControlSet\Control\Terminal
Server\DefaultUserConfiguration
Software\Microsoft\Windows
NT\CurrentVersion\Perflib
System\CurrentControlSet\Services\SysmonLog

Network access: Restrict anonymous access to Named Pipes and Shares Enabled Configured Locally

Network access: Restrict clients allowed to make remote calls to SAM Not Defined Not Defined

Network access: Shares that can be accessed anonymously Not Defined Not Defined

Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves Configured Locally

Network Provider: Hardened UNC Paths Configured Locally

Network security: Allow Local System to use computer identity for NTLM Not Defined Not Defined

Network security: Allow LocalSystem NULL session fallback Not Defined Not Defined

Network security: Allow PKU2U authentication requests to this computer to use online identities. Not Defined Not Defined

Network security: Configure encryption types allowed for Kerberos Not Defined Not Defined

Network security: Do not store LAN Manager hash value on next password change Enabled Configured Locally

Network security: Force logoff when logon hours expire Disabled Default Domain Policy

Network security: LAN Manager authentication level Not Defined Not Defined

Network security: LDAP client signing requirements Negotiate Signing Configured Locally

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption Configured Locally

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption Configured Locally

Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined Not Defined

Network security: Restrict NTLM: Add server exceptions in this domain Not Defined Not Defined

Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined Not Defined

Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined Not Defined

Network security: Restrict NTLM: Incoming NTLM traffic Not Defined Not Defined

Page 92 of 204 Contoso Foods

Network security: Restrict NTLM: NTLM authentication in this domain Not Defined Not Defined

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined Not Defined

Personalization: Prevent enabling lock screen camera Not Defined Not Defined

Personalization: Prevent enabling lock screen slide show Not Defined Not Defined

Prohibit connection to non-domain networks when connected to domain authenticated network Not Defined Not Defined

Prohibit installation and configuration of Network Bridge on your DNS domain network Not Defined Not Defined

Recovery console: Allow automatic administrative logon Disabled Configured Locally

Recovery console: Allow floppy copy and access to all drives and all folders Disabled Configured Locally

Remote Assistance: Allow Offer Remote Assistance Not Defined Not Defined

Remote Assistance: Allow Solicited Remote Assistance Not Defined Not Defined

Remote Procedure Call: Enable RPC Endpoint Mapper Client Authentication Not Defined Not Defined

Remote Procedure Call: Restrict Unauthenticated RPC clients Not Defined Not Defined

Require domain users to elevate when setting a network's location Not Defined Not Defined

SCM: Pass the Hash Mitigations: Apply UAC token-filtering to local accounts on network logons Not Defined Not Defined

SCM: Pass the Hash Mitigations: WDigest Authentication Not Defined Not Defined

Secure Channel: Enable SSL 3.0 (Client) Not Defined Not Defined

Secure Channel: Enable SSL 3.0 (Server) Not Defined Not Defined

Secure Channel: Enable TLS 1.0 (Client) Not Defined Not Defined

Secure Channel: Enable TLS 1.0 (Server) Not Defined Not Defined

Secure Channel: Enable TLS 1.1 (Client) Not Defined Not Defined

Secure Channel: Enable TLS 1.1 (Server) Not Defined Not Defined

Secure Channel: Enable TLS 1.2 (Client) Not Defined Not Defined

Secure Channel: Enable TLS 1.2 (Server) Not Defined Not Defined

Shutdown: Allow system to be shut down without having to log on Disabled Configured Locally

Shutdown: Clear virtual memory pagefile Disabled Configured Locally

Sleep Settings: Require a password when a computer wakes (on battery) Not Defined Not Defined

Page 93 of 204 Contoso Foods

Sleep Settings: Require a password when a computer wakes (plugged in) Not Defined Not Defined

System Cryptography: Force strong key protection for user keys stored on the computer Not Defined Not Defined

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled Configured Locally

System objects: Require case insensitivity for non-Windows subsystems Enabled Configured Locally

System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled Configured Locally

System settings: Optional subsystems Configured Locally

System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Disabled Configured Locally

Turn off Microsoft Peer-to-Peer Networking Services Not Defined Not Defined

Turn on Mapper I/O (LLTDIO) driver Not Defined Not Defined

Turn on Responder (RSPNDR) driver Not Defined Not Defined

User Account Control: Admin Approval Mode for the built-in Administrator account Not Defined Not Defined

User Account Control: Allow UIAccess applications to prompt for elevation without using the secure Disabled Configured Locally
desktop

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries Configured Locally

User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials Configured Locally

User Account Control: Detect application installations and prompt for elevation Enabled Configured Locally

User Account Control: Only elevate executables that are signed and validated Disabled Configured Locally

User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled Configured Locally

User Account Control: Run all administrators in Admin approval mode Enabled Configured Locally

User Account Control: Switch to the secure desktop when prompting for elevation Enabled Configured Locally

User Account Control: Virtualize file and registry write failures to per-user locations Enabled Configured Locally

Windows Connect Now: Configuration of wireless settings using Windows Connect Now Not Defined Not Defined

Windows Connect Now: Prohibit access of the Windows Connect Now wizards Not Defined Not Defined

Windows Connection Manager: Minimize the number of simultaneous connections to the Internet or a Not Defined Not Defined
Windows Domain

Windows Logon Options: Sign-in last interactive user automatically after a system-initiated restart Disabled Configured Locally

Windows Performance PerfTrack: Enable/Disable PerfTrack Not Defined Not Defined

Page 94 of 204 Contoso Foods

User Rights Assignment
User Rights Assignment covers both the privileges and user rights that have been assigned to user accounts. Privileges determine the type of system
operations that a user account can perform whereas account rights determine the type of logon that a user account can perform - for example logon as a
service.

45 User Rights

Display Name Name Configuration Account Names

Source

Access Credential Manager as a trusted caller SeTrustedCredManAccessPrivilege Configured

Locally

Access this computer from the network SeNetworkLogonRight Configured BUILTIN\Administrators

Locally BUILTIN\Backup Operators
BUILTIN\Users
Everyone

Act as part of the operating system SeTcbPrivilege Configured

Locally

Add workstations to domain SeMachineAccountPrivilege Configured

Locally

Adjust memory quotas for a process SeIncreaseQuotaPrivilege Configured BUILTIN\Administrators

Locally IIS APPPOOL\.NET v4.5
IIS APPPOOL\.NET v4.5 Classic
IIS APPPOOL\DefaultAppPool
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE
NT SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXPRESS

Allow log on locally SeInteractiveLogonRight Configured BUILTIN\Administrators

Locally BUILTIN\Backup Operators
BUILTIN\Users

Allow log on through Remote Desktop Services SeRemoteInteractiveLogonRight Configured BUILTIN\Administrators

Locally BUILTIN\Remote Desktop Users

Back up files and directories SeBackupPrivilege Configured BUILTIN\Administrators

Locally BUILTIN\Backup Operators

Bypass traverse checking SeChangeNotifyPrivilege Configured BUILTIN\Administrators

Locally BUILTIN\Backup Operators
BUILTIN\Users
Everyone
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE

Page 95 of 204 Contoso Foods

NT SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXPRESS

Change the system time SeSystemtimePrivilege Configured BUILTIN\Administrators

Locally NT AUTHORITY\LOCAL SERVICE

Change the time zone SeTimeZonePrivilege Configured BUILTIN\Administrators

Locally NT AUTHORITY\LOCAL SERVICE

Create a pagefile SeCreatePagefilePrivilege Configured BUILTIN\Administrators

Locally

Create a token object SeCreateTokenPrivilege Configured

Locally

Create global objects SeCreateGlobalPrivilege Configured BUILTIN\Administrators

Locally NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\SERVICE

Create permanent shared objects SeCreatePermanentPrivilege Configured

Locally

Create symbolic links SeCreateSymbolicLinkPrivilege Configured BUILTIN\Administrators

Locally

Debug programs SeDebugPrivilege Configured BUILTIN\Administrators

Locally

Deny access to this computer from the network SeDenyNetworkLogonRight Configured

Locally

Deny log on as a batch job SeDenyBatchLogonRight Configured

Locally

Deny log on as a service SeDenyServiceLogonRight Configured

Locally

Deny log on locally SeDenyInteractiveLogonRight Configured

Locally

Deny log on through Remote Desktop Services SeDenyRemoteInteractiveLogonRight Configured

Locally

Enable computer and user accounts to be trusted for delegation SeEnableDelegationPrivilege Configured
Locally

Force shutdown from a remote system SeRemoteShutdownPrivilege Configured BUILTIN\Administrators

Locally

Generate security audits SeAuditPrivilege Configured IIS APPPOOL\.NET v4.5

Locally IIS APPPOOL\.NET v4.5 Classic
IIS APPPOOL\DefaultAppPool
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE

Page 96 of 204 Contoso Foods

Impersonate a client after authentication SeImpersonatePrivilege Configured BUILTIN\Administrators
Locally BUILTIN\IIS_IUSRS
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\SERVICE

Increase a process working set SeIncreaseWorkingSetPrivilege Configured BUILTIN\Users

Locally

Increase scheduling priority SeIncreaseBasePriorityPrivilege Configured BUILTIN\Administrators

Locally Window Manager\Window Manager Group

Load and unload device drivers SeLoadDriverPrivilege Configured BUILTIN\Administrators

Locally

Lock pages in memory SeLockMemoryPrivilege Configured

Locally

Log on as a batch job SeBatchLogonRight Configured BUILTIN\Administrators

Locally BUILTIN\Backup Operators
BUILTIN\IIS_IUSRS
BUILTIN\Performance Log Users

Log on as a service SeServiceLogonRight Configured IIS APPPOOL\.NET v4.5

Locally IIS APPPOOL\.NET v4.5 Classic
IIS APPPOOL\DefaultAppPool
NT AUTHORITY\NETWORK SERVICE
NT SERVICE\ALL SERVICES
NT SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXPRESS
NT SERVICE\SQLTELEMETRY$SQLEXPRESS
S-1-5-21-130050434-2330574090-1807454070-1001
TEST2019\sysadmin
XCS-2K19-LIVE\SQLServer2005SQLBrowserUser$XCS-2K19-LIVE

Manage auditing and security log SeSecurityPrivilege Configured BUILTIN\Administrators

Locally

Modify an object label SeRelabelPrivilege Configured

Locally

Modify firmware environment values SeSystemEnvironmentPrivilege Configured BUILTIN\Administrators

Locally

Obtain an impersonation token for another user in the same session SeDelegateSessionUserImpersonatePrivilege Configured BUILTIN\Administrators
Locally

Perform volume maintenance tasks SeManageVolumePrivilege Configured BUILTIN\Administrators

Locally NT SERVICE\MSSQL$SQLEXPRESS

Profile single process SeProfileSingleProcessPrivilege Configured BUILTIN\Administrators

Locally

Profile system performance SeSystemProfilePrivilege Configured BUILTIN\Administrators

Locally NT SERVICE\WdiServiceHost

Page 97 of 204 Contoso Foods

Remove computer from docking station SeUndockPrivilege Configured BUILTIN\Administrators
Locally

Replace a process-level token SeAssignPrimaryTokenPrivilege Configured IIS APPPOOL\.NET v4.5

Locally IIS APPPOOL\.NET v4.5 Classic
IIS APPPOOL\DefaultAppPool
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE
NT SERVICE\MSSQL$SQLEXPRESS
NT SERVICE\SQLAgent$SQLEXPRESS

Restore files and directories SeRestorePrivilege Configured BUILTIN\Administrators

Locally BUILTIN\Backup Operators

Shut down the system SeShutdownPrivilege Configured BUILTIN\Administrators

Locally BUILTIN\Backup Operators

Synchronize directory service data SeSyncAgentPrivilege Configured

Locally

Take ownership of files or other objects SeTakeOwnershipPrivilege Configured BUILTIN\Administrators

Locally

Page 98 of 204 Contoso Foods

Windows Firewall
Windows Firewall with Advanced Security is a stateful firewall integrated into Windows operating systems
which blocks unauthorized network traffic flowing into or out of the local computer.

General Settings

Active Profile Domain

Domain Profile

Enabled True

Default Inbound Action Block

Default Outbound Action Allow

Domain Profile Settings

Display Notification False

Allow Unicast Response True

Apply Local Firewall Rules True

Apply Local Connection Security Rules True

Log File Path %systemroot%\system32\LogFiles\Firewall\pfirewall.log

Log File Size Limit (KB) 4,096

Log Dropped Packets False

Log Successful Connections False

Public Profile

Enabled True

Default Inbound Action Block

Default Outbound Action Allow

Public Profile Settings

Display Notification False

Allow Unicast Response True

Apply Local Firewall Rules True

Apply Local Connection Security Rules True

Log File Path %systemroot%\system32\LogFiles\Firewall\pfirewall.log

Log File Size Limit (KB) 4,096

Log Dropped Packets False

Log Successful Connections False

Page 99 of 204 Contoso Foods

Private Profile

Enabled True

Default Inbound Action Block

Default Outbound Action Allow

Private Profile Settings

Display Notification False

Allow Unicast Response True

Apply Local Firewall Rules True

Apply Local Connection Security Rules True

Log File Path %systemroot%\system32\LogFiles\Firewall\pfirewall.log

Log File Size Limit (KB) 4,096

Log Dropped Packets False

Log Successful Connections False

Page 100 of 204 Contoso Foods

Inbound Rules
Inbound rules determine what action should be taken by the firewall when inspecting traffic coming into the machine from external sources. Only enabled
rules are displayed.

93 Windows Firewall Rules

Rule Name Profile Names Protocol Local Local Ports Remote Remote
Addresses Addresses Ports

AllJoyn Router (TCP-In) Domain, Private TCP Any 9955 Any Any

AllJoyn Router (UDP-In) Domain, Private UDP Any Any Any Any

Cast to Device functionality (qWave-TCP-In) Private, Public TCP Any 2177 PlayToDevice Any

Cast to Device functionality (qWave-UDP-In) Private, Public UDP Any 2177 PlayToDevice Any

Cast to Device SSDP Discovery (UDP-In) Public UDP Any PlayToDiscovery Any Any

Cast to Device streaming server (HTTP-Streaming-In) Public TCP Any 10246 PlayToDevice Any

Cast to Device streaming server (HTTP-Streaming-In) Private TCP Any 10246 LocalSubnet Any

Cast to Device streaming server (HTTP-Streaming-In) Domain TCP Any 10246 Any Any

Cast to Device streaming server (RTCP-Streaming-In) Public UDP Any Any PlayToDevice Any

Cast to Device streaming server (RTCP-Streaming-In) Private UDP Any Any LocalSubnet Any

Cast to Device streaming server (RTCP-Streaming-In) Domain UDP Any Any Any Any

Cast to Device streaming server (RTSP-Streaming-In) Public TCP Any 23554, 23555, 23556 PlayToDevice Any

Cast to Device streaming server (RTSP-Streaming-In) Domain TCP Any 23554, 23555, 23556 Any Any

Cast to Device streaming server (RTSP-Streaming-In) Private TCP Any 23554, 23555, 23556 LocalSubnet Any

Cast to Device UPnP Events (TCP-In) Public TCP Any 2869 PlayToDevice Any

Core Networking - Destination Unreachable (ICMPv6-In) Any ICMPv6 Any RPC Any Any

Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) Any ICMPv4 Any RPC Any Any

Core Networking - Dynamic Host Configuration Protocol (DHCP-In) Any UDP Any 68 Any 67

Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-In) Any UDP Any 546 Any 547

Core Networking - Internet Group Management Protocol (IGMP-In) Any 2 Any Any Any Any

Page 101 of 204 Contoso Foods

Core Networking - IPHTTPS (TCP-In) Any TCP Any IPHTTPSIn Any Any

Core Networking - IPv6 (IPv6-In) Any 41 Any Any Any Any

Core Networking - Multicast Listener Done (ICMPv6-In) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Multicast Listener Query (ICMPv6-In) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Multicast Listener Report (ICMPv6-In) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Multicast Listener Report v2 (ICMPv6-In) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Neighbor Discovery Advertisement (ICMPv6-In) Any ICMPv6 Any RPC Any Any

Core Networking - Neighbor Discovery Solicitation (ICMPv6-In) Any ICMPv6 Any RPC Any Any

Core Networking - Packet Too Big (ICMPv6-In) Any ICMPv6 Any RPC Any Any

Core Networking - Parameter Problem (ICMPv6-In) Any ICMPv6 Any RPC Any Any

Core Networking - Router Advertisement (ICMPv6-In) Any ICMPv6 Any RPC fe80::/64 Any

Core Networking - Router Solicitation (ICMPv6-In) Any ICMPv6 Any RPC Any Any

Core Networking - Teredo (UDP-In) Any UDP Any Teredo Any Any

Core Networking - Time Exceeded (ICMPv6-In) Any ICMPv6 Any RPC Any Any

Cortana Domain, Private Any Any Any Any Any

Delivery Optimization (TCP-In) Any TCP Any 7680 Any Any

Delivery Optimization (UDP-In) Any UDP Any 7680 Any Any

Desktop App Web Viewer Domain, Private, Public Any Any Any Any Any

DIAL protocol server (HTTP-In) Private TCP Any 10247 LocalSubnet Any

DIAL protocol server (HTTP-In) Domain TCP Any 10247 Any Any

File and Printer Sharing (Echo Request - ICMPv4-In) Domain ICMPv4 Any RPC Any Any

File and Printer Sharing (Echo Request - ICMPv6-In) Domain ICMPv6 Any RPC Any Any

Page 102 of 204 Contoso Foods

File and Printer Sharing (LLMNR-UDP-In) Domain UDP Any 5355 LocalSubnet Any

File and Printer Sharing (NB-Datagram-In) Domain UDP Any 138 Any Any

File and Printer Sharing (NB-Name-In) Domain UDP Any 137 Any Any

File and Printer Sharing (NB-Session-In) Domain TCP Any 139 Any Any

File and Printer Sharing (SMB-In) Domain TCP Any 445 Any Any

File and Printer Sharing (Spooler Service - RPC) Domain TCP Any RPC Any Any

File and Printer Sharing (Spooler Service - RPC-EPMAP) Domain TCP Any RPCEPMap Any Any

File Server Remote Management (DCOM-In) Any TCP Any 135 Any Any

File Server Remote Management (SMB-In) Any TCP Any 445 Any Any

File Server Remote Management (WMI-In) Any TCP Any RPC Any Any

mDNS (UDP-In) Public UDP Any 5353 LocalSubnet Any

mDNS (UDP-In) Domain UDP Any 5353 Any Any

mDNS (UDP-In) Private UDP Any 5353 LocalSubnet Any

Network Discovery (LLMNR-UDP-In) Private UDP Any 5355 LocalSubnet Any

Network Discovery (NB-Datagram-In) Private UDP Any 138 Any Any

Network Discovery (NB-Name-In) Private UDP Any 137 Any Any

Network Discovery (Pub-WSD-In) Private UDP Any 3702 LocalSubnet Any

Network Discovery (SSDP-In) Private UDP Any 1900 LocalSubnet Any

Network Discovery (UPnP-In) Private TCP Any 2869 Any Any

Network Discovery (WSD Events-In) Private TCP Any 5357 Any Any

Network Discovery (WSD EventsSecure-In) Private TCP Any 5358 Any Any

Network Discovery (WSD-In) Private UDP Any 3702 LocalSubnet Any

Remote Assistance (DCOM-In) Any TCP Any 135 Any Any

Remote Assistance (PNRP-In) Any UDP Any 3540 Any Any

Remote Assistance (RA Server TCP-In) Any TCP Any Any Any Any

Remote Assistance (SSDP TCP-In) Any TCP Any 2869 LocalSubnet Any

Remote Assistance (SSDP UDP-In) Any UDP Any 1900 LocalSubnet Any

Page 103 of 204 Contoso Foods

Remote Assistance (TCP-In) Any TCP Any Any Any Any

Remote Desktop - Shadow (TCP-In) Any TCP Any Any Any Any

Remote Desktop - User Mode (TCP-In) Any TCP Any 3389 Any Any

Remote Desktop - User Mode (UDP-In) Any UDP Any 3389 Any Any

SNMP Service (UDP In) Private, Public UDP Any 161 LocalSubnet Any

SNMP Service (UDP In) Domain UDP Any 161 Any Any

Web Management Service (HTTP Traffic-In) Any TCP Any 8172 Any Any

Windows Remote Management (HTTP-In) Domain, Private TCP Any 5985 Any Any

Windows Remote Management (HTTP-In) Public TCP Any 5985 LocalSubnet Any

Work or school account Domain, Private Any Any Any Any Any

World Wide Web Services (HTTP Traffic-In) Any TCP Any 80 Any Any

World Wide Web Services (HTTPS Traffic-In) Any TCP Any 443 Any Any

Your account Domain, Private Any Any Any Any Any

Page 104 of 204 Contoso Foods

Outbound Rules
Outbound rules determine what action should be taken by the firewall when inspecting traffic coming from the machine going to external sources. Only
enabled rules are displayed.

107 Windows Firewall Rules

Rule Name Profile Names Protocol Local Local Remote Addresses Remote Ports
Addresses Ports

AllJoyn Router (TCP-Out) Domain, Private TCP Any Any Any Any

AllJoyn Router (UDP-Out) Domain, Private UDP Any Any Any Any

Captive Portal Flow Domain, Private, Public Any Any Any Any Any

Cast to Device functionality (qWave-TCP-Out) Private, Public TCP Any Any PlayToDevice 2177

Cast to Device functionality (qWave-UDP-Out) Private, Public UDP Any Any PlayToDevice 2177

Cast to Device streaming server (RTP-Streaming-Out) Domain UDP Any Any Any Any

Cast to Device streaming server (RTP-Streaming-Out) Private UDP Any Any LocalSubnet Any

Cast to Device streaming server (RTP-Streaming-Out) Public UDP Any Any PlayToDevice Any

Connected User Experiences and Telemetry Any TCP Any Any Any 443

Core Networking - DNS (UDP-Out) Any UDP Any Any Any 53

Core Networking - Dynamic Host Configuration Protocol (DHCP-Out) Any UDP Any 68 Any 67

Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-Out) Any UDP Any 546 Any 547

Core Networking - Group Policy (LSASS-Out) Domain TCP Any Any Any Any

Core Networking - Group Policy (NP-Out) Domain TCP Any Any Any 445

Core Networking - Group Policy (TCP-Out) Domain TCP Any Any Any Any

Core Networking - Internet Group Management Protocol (IGMP-Out) Any 2 Any Any Any Any

Core Networking - IPHTTPS (TCP-Out) Any TCP Any Any Any IPHTTPSOut

Page 105 of 204 Contoso Foods

Core Networking - IPv6 (IPv6-Out) Any 41 Any Any Any Any

Core Networking - Multicast Listener Done (ICMPv6-Out) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Multicast Listener Query (ICMPv6-Out) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Multicast Listener Report (ICMPv6-Out) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Multicast Listener Report v2 (ICMPv6-Out) Any ICMPv6 Any RPC LocalSubnet6 Any

Core Networking - Neighbor Discovery Advertisement (ICMPv6-Out) Any ICMPv6 Any RPC Any Any

Core Networking - Neighbor Discovery Solicitation (ICMPv6-Out) Any ICMPv6 Any RPC Any Any

Core Networking - Packet Too Big (ICMPv6-Out) Any ICMPv6 Any RPC Any Any

Core Networking - Parameter Problem (ICMPv6-Out) Any ICMPv6 Any RPC Any Any

Core Networking - Router Advertisement (ICMPv6-Out) Any ICMPv6 fe80::/64 RPC LocalSubnet6 Any
ff02::1
fe80::/64

Core Networking - Router Solicitation (ICMPv6-Out) Any ICMPv6 Any RPC LocalSubnet6 Any
ff02::2
fe80::/64

Core Networking - Teredo (UDP-Out) Any UDP Any Any Any Any

Core Networking - Time Exceeded (ICMPv6-Out) Any ICMPv6 Any RPC Any Any

Cortana Domain, Private, Public Any Any Any Any Any

Desktop App Web Viewer Domain, Private, Public Any Any Any Any Any

Email and accounts Domain, Private, Public Any Any Any Any Any

File and Printer Sharing (Echo Request - ICMPv4-Out) Domain ICMPv4 Any RPC Any Any

File and Printer Sharing (Echo Request - ICMPv6-Out) Domain ICMPv6 Any RPC Any Any

File and Printer Sharing (LLMNR-UDP-Out) Domain UDP Any Any LocalSubnet 5355

Page 106 of 204 Contoso Foods

File and Printer Sharing (NB-Datagram-Out) Domain UDP Any Any Any 138

File and Printer Sharing (NB-Name-Out) Domain UDP Any Any Any 137

File and Printer Sharing (NB-Session-Out) Domain TCP Any Any Any 139

File and Printer Sharing (SMB-Out) Domain TCP Any Any Any 445

mDNS (UDP-Out) Domain UDP Any Any Any 5353

mDNS (UDP-Out) Public UDP Any Any LocalSubnet 5353

mDNS (UDP-Out) Private UDP Any Any LocalSubnet 5353

Narrator QuickStart Domain, Private, Public Any Any Any Any Any

Network Discovery (LLMNR-UDP-Out) Private UDP Any Any LocalSubnet 5355

Network Discovery (NB-Datagram-Out) Private UDP Any Any Any 138

Network Discovery (NB-Name-Out) Private UDP Any Any Any 137

Network Discovery (Pub WSD-Out) Private UDP Any Any LocalSubnet 3702

Network Discovery (SSDP-Out) Private UDP Any Any LocalSubnet 1900

Network Discovery (UPnPHost-Out) Private TCP Any Any LocalSubnet 2869

Network Discovery (UPnP-Out) Private TCP Any Any Any 2869

Network Discovery (WSD Events-Out) Private TCP Any Any Any 5357

Network Discovery (WSD EventsSecure-Out) Private TCP Any Any Any 5358

Network Discovery (WSD-Out) Private UDP Any Any LocalSubnet 3702

Remote Assistance (PNRP-Out) Domain, Private UDP Any Any Any Any

Remote Assistance (RA Server TCP-Out) Any TCP Any Any Any Any

Remote Assistance (SSDP TCP-Out) Any TCP Any Any LocalSubnet Any

Remote Assistance (SSDP UDP-Out) Any UDP Any Any LocalSubnet 1900

Remote Assistance (TCP-Out) Any TCP Any Any Any Any

Shell Input Application Domain, Private, Public Any Any Any Any Any

Page 107 of 204 Contoso Foods

Shell Input Application Domain, Private, Public Any Any Any Any Any

SNMP Service (UDP Out) Private, Public UDP Any Any LocalSubnet 161

SNMP Service (UDP Out) Domain UDP Any Any Any 161

Windows Default Lock Screen Domain, Private, Public Any Any Any Any Any

Windows Defender SmartScreen Domain, Private, Public Any Any Any Any Any

Windows Device Management Certificate Installer (TCP out) Any TCP Any Any Any Any

Windows Device Management Enrollment Service (TCP out) Any TCP Any Any Any Any

Windows Device Management Sync Client (TCP out) Any TCP Any Any Any Any

Windows Security Domain, Private, Public Any Any Any Any Any

Windows Shell Experience Domain, Private, Public Any Any Any Any Any

Work or school account Domain, Private, Public Any Any Any Any Any

Page 108 of 204 Contoso Foods

Work or school account Domain, Private, Public Any Any Any Any Any

Your account Domain, Private, Public Any Any Any Any Any

Page 109 of 204 Contoso Foods

Windows Patches
This section provides information about the system-wide updates (commonly referred to as a quick-fix
engineering (QFE) updates) installed on this machine.

3 Windows Patches

HotFix ID Description Installed By Installed On

KB4465664 Security Update NT AUTHORITY\SYSTEM 30/11/2018

KB4467708 Security Update NT AUTHORITY\SYSTEM 30/11/2018

KB4477029 Security Update XCS-2K19-LIVE\Administrator 30/11/2018

Page 110 of 204 Contoso Foods

Windows Update Configuration
Windows Update is a service provided by Microsoft that provides updates for the Windows operating
system and installed components. It can be expanded to provide support for other Microsoft software
and is then referred to as “Microsoft Update”.

The system can be configured either directly or using Group Policy, and updates can be obtained
directly from Microsoft over an internet connection or from a Windows Software Update (WSUS) Server
installed on the intranet.

General Settings

Windows Update Mode Never check for updates (not recommended)

Recommended Updates False

Include other Microsoft products False

Registered Services Windows Update

Advanced

Allow non-administrators to receive False

update notifications

Automatic Maintenance Enabled False

Windows Update Server

Enable Windows Update Server False

Page 111 of 204 Contoso Foods

Windows Update History
Windows Update is a service provided by Microsoft that provides updates for the Windows operating
system and installed components. This section provides historical information about the updates that
have been installed on this machine.

16 History Items

Action Date Title Operation Result

20/10/2020 11:25:23 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.1105.0)

22/10/2020 10:29:37 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.1215.0)

23/10/2020 15:28:21 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.1286.0)

29/10/2020 14:34:31 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.1633.0)

07/10/2020 09:52:57 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Failed
1.325.319.0)

07/10/2020 09:37:48 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Aborted
1.325.319.0)

08/10/2020 10:25:33 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.380.0)

08/10/2020 10:15:19 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Aborted
1.325.380.0)

08/10/2020 13:45:47 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.384.0)

10/10/2020 23:01:15 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.639.0)

15/10/2020 14:45:35 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.325.803.0)

02/11/2020 10:35:20 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.327.190.0)

15/01/2021 10:52:10 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Succeeded
1.329.2223.0)

15/01/2021 10:37:29 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version Install Aborted
1.329.2223.0)

08/10/2020 10:15:19 Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version Install Succeeded
4.18.2009.7)

15/01/2021 10:37:29 Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version Install Succeeded
4.18.2011.6)

Page 112 of 204 Contoso Foods

Software
Provides information about the software and operating system configuration of this machine.

Operating System

Operating System Name Microsoft Windows Server 2019 Datacenter

Service Pack [None Installed]

General

Installed Programs 15

Event Logs 10

Environment Variables 48

Scheduled Tasks 141

Page 113 of 204 Contoso Foods

.NET Framework
The .NET Framework is a software framework developed by Microsoft that runs primarily on Microsoft
Windows.

Common Language Runtime (CLR) 1

Name Status Service Pack

.NET Framework 1.0 Not Installed

.NET Framework 1.1 Not Installed

Common Language Runtime (CLR) 2

Name Status Service Pack

.NET Framework 2.0.50727 Not Installed

.NET Framework 3.0 Not Installed

.NET Framework 3.5 Not Installed

Common Language Runtime (CLR) 4

Name Status Service Pack

.NET Framework 4.0 Client Profile Installed

.NET Framework 4.0 Extended Installed

.NET Framework 4.5 Installed

.NET Framework 4.5.1 Installed

.NET Framework 4.5.2 Installed

.NET Framework 4.6 Installed

.NET Framework 4.6.1 Installed

.NET Framework 4.6.2 Installed

.NET Framework 4.7 Installed

.NET Framework 4.7.1 Installed

.NET Framework 4.7.2 Installed

.NET Framework 4.8 Not Installed

Page 114 of 204 Contoso Foods

Documented Files
Provides information about the files that have been configured to be documented on the XIA
Configuration Client.

1 Files

Display Name Name Type Located

Machine Config (.NET 4) machine.config .config True

Page 115 of 204 Contoso Foods

Machine Config (.NET 4)
Provides information about the files that have been configured to be documented on the XIA
Configuration Client.

File Details

Located True

General

Full Path C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

File Size 35.14KB

Creation Date 15/09/2018 08:16:49

Last Accessed 22/10/2020 11:21:36

Last Modified 15/09/2018 08:16:49

File Type .config

Hidden False

Read Only False

Advanced

Encrypted False

Compressed False

Security

Owner NT AUTHORITY\SYSTEM

NTFS Permissions

Account Name Inherited Action Rights Propegation

NT AUTHORITY\SYSTEM False Allow Change permissions, Delete subfolders This folder only
and files, Modify, Take ownership

BUILTIN\IIS_IUSRS False Allow Read & execute This folder only

BUILTIN\Administrators False Allow Change permissions, Delete subfolders This folder only
and files, Modify, Take ownership

BUILTIN\Users False Allow Read & execute This folder only

ALL APPLICATION PACKAGES False Allow Read & execute This folder only

ALL RESTRICTED APPLICATION PACKAGES False Allow Read & execute This folder only

File Contents

<?xml version="1.0" encoding="UTF-8" ?>

<!--
Please refer to machine.config.comments for a description and
the default values of each configuration section.

Page 116 of 204 Contoso Foods

For a full documentation of the schema please refer to
http://go.microsoft.com/fwlink/?LinkId=42127

To improve performance, machine.config should contain only those

settings that differ from their defaults.
-->
<configuration>
<configSections>
<section name="appSettings" type="System.Configuration.AppSettingsSection, System.Configuration, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
<section name="connectionStrings" type="System.Configuration.ConnectionStringsSection, System.Configuration, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" requirePermission="false" />
<section name="mscorlib" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false" />
<section name="runtime" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false" />
<section name="assemblyBinding" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false" />
<section name="satelliteassemblies" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false" />
<section name="startup" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false" />
<section name="system.codedom" type="System.CodeDom.Compiler.CodeDomConfigurationHandler, System, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="system.data" type="System.Data.Common.DbProviderFactoriesConfigurationHandler, System.Data,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="system.data.dataset" type="System.Configuration.NameValueFileSectionHandler, System, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" restartOnExternalChanges="false" />
<section name="system.data.odbc" type="System.Data.Common.DbProviderConfigurationHandler, System.Data, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="system.data.oledb" type="System.Data.Common.DbProviderConfigurationHandler, System.Data, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="system.data.oracleclient" type="System.Data.Common.DbProviderConfigurationHandler, System.Data,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="system.data.sqlclient" type="System.Data.Common.DbProviderConfigurationHandler, System.Data,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="system.diagnostics" type="System.Diagnostics.SystemDiagnosticsSection, System, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="system.runtime.remoting" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false" />
<section name="system.windows.forms" type="System.Windows.Forms.WindowsFormsSection, System.Windows.Forms,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="windows" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false" />
<section name="uri" type="System.Configuration.UriSection, System, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<sectionGroup name="system.runtime.caching" type="System.Runtime.Caching.Configuration.CachingSectionGroup,
System.Runtime.Caching, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<section name="memoryCache" type="System.Runtime.Caching.Configuration.MemoryCacheSection, System.Runtime.Caching,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
</sectionGroup>
<sectionGroup name="system.xml.serialization" type="System.Xml.Serialization.Configuration.SerializationSectionGroup,
System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="schemaImporterExtensions" type="System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection,
System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="dateTimeSerialization" type="System.Xml.Serialization.Configuration.DateTimeSerializationSection, System.Xml,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="xmlSerializer" type="System.Xml.Serialization.Configuration.XmlSerializerSection, System.Xml, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
<sectionGroup name="system.net" type="System.Net.Configuration.NetSectionGroup, System, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089">
<section name="authenticationModules" type="System.Net.Configuration.AuthenticationModulesSection, System, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="connectionManagement" type="System.Net.Configuration.ConnectionManagementSection, System,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="defaultProxy" type="System.Net.Configuration.DefaultProxySection, System, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<sectionGroup name="mailSettings" type="System.Net.Configuration.MailSettingsSectionGroup, System, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="smtp" type="System.Net.Configuration.SmtpSection, System, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
</sectionGroup>
<section name="requestCaching" type="System.Net.Configuration.RequestCachingSection, System, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="settings" type="System.Net.Configuration.SettingsSection, System, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<section name="webRequestModules" type="System.Net.Configuration.WebRequestModulesSection, System, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />

Page 117 of 204 Contoso Foods

</sectionGroup>
<sectionGroup name="system.runtime.serialization" type="System.Runtime.Serialization.Configuration.SerializationSectionGroup,
System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="dataContractSerializer" type="System.Runtime.Serialization.Configuration.DataContractSerializerSection,
System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</sectionGroup>
<sectionGroup name="system.serviceModel" type="System.ServiceModel.Configuration.ServiceModelSectionGroup,
System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="behaviors" type="System.ServiceModel.Configuration.BehaviorsSection, System.ServiceModel, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="bindings" type="System.ServiceModel.Configuration.BindingsSection, System.ServiceModel, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="client" type="System.ServiceModel.Configuration.ClientSection, System.ServiceModel, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="comContracts" type="System.ServiceModel.Configuration.ComContractsSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="commonBehaviors" type="System.ServiceModel.Configuration.CommonBehaviorsSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowDefinition="MachineOnly"
allowExeDefinition="MachineOnly"/>
<section name="diagnostics" type="System.ServiceModel.Configuration.DiagnosticSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="extensions" type="System.ServiceModel.Configuration.ExtensionsSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="machineSettings" type="System.ServiceModel.Configuration.MachineSettingsSection, SMDiagnostics,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowDefinition="MachineOnly"
allowExeDefinition="MachineOnly"/>
<section name="protocolMapping" type="System.ServiceModel.Configuration.ProtocolMappingSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="serviceHostingEnvironment" type="System.ServiceModel.Configuration.ServiceHostingEnvironmentSection,
System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowDefinition="MachineToApplication"/>
<section name="services" type="System.ServiceModel.Configuration.ServicesSection, System.ServiceModel, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="standardEndpoints" type="System.ServiceModel.Configuration.StandardEndpointsSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="routing" type="System.ServiceModel.Routing.Configuration.RoutingSection, System.ServiceModel.Routing,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<section name="tracking" type="System.ServiceModel.Activities.Tracking.Configuration.TrackingSection,
System.ServiceModel.Activities, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</sectionGroup>
<sectionGroup name="system.serviceModel.activation"
type="System.ServiceModel.Activation.Configuration.ServiceModelActivationSectionGroup, System.ServiceModel, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="diagnostics" type="System.ServiceModel.Activation.Configuration.DiagnosticSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="net.pipe" type="System.ServiceModel.Activation.Configuration.NetPipeSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<section name="net.tcp" type="System.ServiceModel.Activation.Configuration.NetTcpSection, System.ServiceModel,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</sectionGroup>
<sectionGroup name="system.transactions" type="System.Transactions.Configuration.TransactionsSectionGroup,
System.Transactions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, Custom=null">
<section name="defaultSettings" type="System.Transactions.Configuration.DefaultSettingsSection, System.Transactions,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, Custom=null" />
<section name="machineSettings" type="System.Transactions.Configuration.MachineSettingsSection, System.Transactions,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, Custom=null" allowDefinition="MachineOnly"
allowExeDefinition="MachineOnly"/>
</sectionGroup>
<sectionGroup name="system.web" type="System.Web.Configuration.SystemWebSectionGroup, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<section name="anonymousIdentification" type="System.Web.Configuration.AnonymousIdentificationSection, System.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="authentication" type="System.Web.Configuration.AuthenticationSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="authorization" type="System.Web.Configuration.AuthorizationSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="browserCaps" type="System.Web.Configuration.HttpCapabilitiesSectionHandler, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="clientTarget" type="System.Web.Configuration.ClientTargetSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="compilation" type="System.Web.Configuration.CompilationSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" requirePermission="false" />
<section name="customErrors" type="System.Web.Configuration.CustomErrorsSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="deployment" type="System.Web.Configuration.DeploymentSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineOnly" />
<section name="deviceFilters" type="System.Web.Mobile.DeviceFiltersSection, System.Web.Mobile, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="fullTrustAssemblies" type="System.Web.Configuration.FullTrustAssembliesSection, System.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />

Page 118 of 204 Contoso Foods

<section name="globalization" type="System.Web.Configuration.GlobalizationSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="healthMonitoring" type="System.Web.Configuration.HealthMonitoringSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="hostingEnvironment" type="System.Web.Configuration.HostingEnvironmentSection, System.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="httpCookies" type="System.Web.Configuration.HttpCookiesSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="httpHandlers" type="System.Web.Configuration.HttpHandlersSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="httpModules" type="System.Web.Configuration.HttpModulesSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="httpRuntime" type="System.Web.Configuration.HttpRuntimeSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="identity" type="System.Web.Configuration.IdentitySection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
<section name="machineKey" type="System.Web.Configuration.MachineKeySection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="membership" type="System.Web.Configuration.MembershipSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="mobileControls" type="System.Web.UI.MobileControls.MobileControlsSection, System.Web.Mobile,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="pages" type="System.Web.Configuration.PagesSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" requirePermission="false" />
<section name="partialTrustVisibleAssemblies" type="System.Web.Configuration.PartialTrustVisibleAssembliesSection,
System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="processModel" type="System.Web.Configuration.ProcessModelSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineOnly" allowLocation="false" />
<section name="profile" type="System.Web.Configuration.ProfileSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="protocols" type="System.Web.Configuration.ProtocolsSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToWebRoot" />
<section name="roleManager" type="System.Web.Configuration.RoleManagerSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="securityPolicy" type="System.Web.Configuration.SecurityPolicySection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="sessionPageState" type="System.Web.Configuration.SessionPageStateSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="sessionState" type="System.Web.Configuration.SessionStateSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="siteMap" type="System.Web.Configuration.SiteMapSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="trace" type="System.Web.Configuration.TraceSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
<section name="trust" type="System.Web.Configuration.TrustSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="urlMappings" type="System.Web.Configuration.UrlMappingsSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="webControls" type="System.Web.Configuration.WebControlsSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="webParts" type="System.Web.Configuration.WebPartsSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
<section name="webServices" type="System.Web.Services.Configuration.WebServicesSection, System.Web.Services,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<section name="xhtmlConformance" type="System.Web.Configuration.XhtmlConformanceSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<sectionGroup name="caching" type="System.Web.Configuration.SystemWebCachingSectionGroup, System.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<section name="cache" type="System.Web.Configuration.CacheSection, System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="outputCache" type="System.Web.Configuration.OutputCacheSection, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="outputCacheSettings" type="System.Web.Configuration.OutputCacheSettingsSection, System.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
<section name="sqlCacheDependency" type="System.Web.Configuration.SqlCacheDependencySection, System.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />
</sectionGroup>
</sectionGroup>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false"
allowDefinition="MachineToApplication"/>
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection,
System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false"

Page 119 of 204 Contoso Foods

allowDefinition="Everywhere" />
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false"
allowDefinition="MachineToApplication" />
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false"
allowDefinition="MachineToApplication" />
<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false"
allowDefinition="MachineToApplication" />
</sectionGroup>
</sectionGroup>
</sectionGroup>
<sectionGroup name="system.xaml.hosting" type="System.Xaml.Hosting.Configuration.XamlHostingSectionGroup,
System.Xaml.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="httpHandlers" type="System.Xaml.Hosting.Configuration.XamlHostingSection, System.Xaml.Hosting,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</sectionGroup>
<section name="system.webServer" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</configSections>

<system.data>
<DbProviderFactories />
</system.data>

<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="persistenceProvider" type="System.ServiceModel.Configuration.PersistenceProviderElement,
System.WorkflowServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="workflowRuntime" type="System.ServiceModel.Configuration.WorkflowRuntimeElement,
System.WorkflowServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="enableWebScript" type="System.ServiceModel.Configuration.WebScriptEnablingElement,
System.ServiceModel.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="webHttp" type="System.ServiceModel.Configuration.WebHttpElement, System.ServiceModel.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="serviceDiscovery" type="System.ServiceModel.Discovery.Configuration.ServiceDiscoveryElement,
System.ServiceModel.Discovery, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="endpointDiscovery" type="System.ServiceModel.Discovery.Configuration.EndpointDiscoveryElement,
System.ServiceModel.Discovery, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="etwTracking" type="System.ServiceModel.Activities.Configuration.EtwTrackingBehaviorElement,
System.ServiceModel.Activities, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="routing" type="System.ServiceModel.Routing.Configuration.RoutingExtensionElement,
System.ServiceModel.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="soapProcessing" type="System.ServiceModel.Routing.Configuration.SoapProcessingExtensionElement,
System.ServiceModel.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="workflowIdle" type="System.ServiceModel.Activities.Configuration.WorkflowIdleElement,
System.ServiceModel.Activities, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="workflowUnhandledException"
type="System.ServiceModel.Activities.Configuration.WorkflowUnhandledExceptionElement, System.ServiceModel.Activities,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

Page 120 of 204 Contoso Foods

Page 121 of 204 Contoso Foods

</configuration>

Page 122 of 204 Contoso Foods

Event Logs
The Windows Event Log stores information about significant occurrences in the system or in a program
in a log.

The Event Log Service records application, security, and system events which can be viewed with Event
Viewer. This can help identify and diagnose and predict system problems.

10 Event Logs

Name Maximum File Size Retention Policy

(KB)

Application 20,480KB Do not overwrite events (Clear logs manually)

HardwareEvents 20,480KB Overwrite events as needed (oldest events first)

Internet Explorer 1,028KB Overwrite events as needed (oldest events first)

Key Management Service 20,480KB Overwrite events as needed (oldest events first)

Parameters 1,028KB Overwrite events as needed (oldest events first)

Security 20,480KB Overwrite events as needed (oldest events first)

State 1,028KB Overwrite events as needed (oldest events first)

System 20,480KB Archive the log when full, do not overwrite events

ThinPrint Diagnostics 1,028KB Overwrite events as needed (oldest events first)

Windows PowerShell 15,360KB Overwrite events as needed (oldest events first)

Page 123 of 204 Contoso Foods

Application
Event Log Settings

Name Application

Creation Date 04/10/2018 09:32:52

Filename C:\Windows\System32\Winevt\Logs\Application.evtx

File Size 3,140

Number Of Records 4,365

Retention

Maximum File Size (KB) 20,480

Retention Policy Do not overwrite events (Clear logs manually)

Most recent 10 entries

Event ID Type Source Message

1000 Information Microsoft-Windows-LoadPerf Performance counters for the WmiApRpl

(WmiApRpl) service were loaded
successfully. The Record Data in the data
section contains the new index values
assigned to this service.

1001 Information Microsoft-Windows-LoadPerf Performance counters for the WmiApRpl

(WmiApRpl) service were removed
successfully. The Record Data contains
the new values of the system Last Counter
and Last Help registry entries.

16384 Information Software Protection Platform Service Successfully scheduled Software

Protection service for re-start at
2021-01-20T16:24:40Z. Reason:
RulesEngine.

8198 Error Software Protection Platform Service License Activation (slui.exe) failed with the
following error code:
hr=0x87E10BC6
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a
1c79ba;Action=AutoActivate;AppId=55c92
734-d682-4d71-983e-d6ec3f16059f;SkuId
=175a4401-9571-44e3-b7ed-1418ac983e
2b;NotificationInterval=1440;Trigger=Time
rEvent

Page 124 of 204 Contoso Foods

95, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 7305f85e-3cc0-4168-807e-af0afae1f51f
, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 7c815a7a-6d68-4369-9cfa-c3671c8d1a
3f, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 864fa973-9c03-4e02-81d2-87fd17bc0b
8c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 950d5c80-3a8b-4c7a-991b-6487e045d
bc3, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 9db83b52-9904-4326-8957-ebe6feedf
37c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: c28b8385-97ea-4fb1-acae-57fa346e6
158, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: ceae6266-8034-48db-92e4-fc94eb117
42f, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: d8966f28-347f-4d92-8912-1e57d3572
00b, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]

1003 Information Software Protection Platform Service The Software Protection service has
completed licensing status check.
Application Id=55c92734-d682-4d71-983e-
d6ec3f16059f
Licensing Status=
1: 1124ad22-3737-4c21-bfab-ae36a53238
28, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 175a4401-9571-44e3-b7ed-1418ac983
e2b, 1, 1 [(0 )(1 )(2 [0xC004E003, 0, 0], [(
1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?
)(?)(?)])(3 [0x00000000, 0, 0], [( 6
0xC004F009 0 0)( 1 0x00000000)( 6
0xC004F009 0 0)(?)(?)(?)( 10 0x00000000
msft:rm/algorithm/flags/1.0)( 11
0x00000000 0xC004F034)])]
3: 2e7a9ad1-a849-4b56-babe-17d5a29fe4
b4, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 34e1ae55-27f8-4950-8877-7a03be5fb1
81, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 44aba848-245e-4e1a-ac42-1def36871f
95, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 7305f85e-3cc0-4168-807e-af0afae1f51f
, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 7c815a7a-6d68-4369-9cfa-c3671c8d1a
3f, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 864fa973-9c03-4e02-81d2-87fd17bc0b
8c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 950d5c80-3a8b-4c7a-991b-6487e045d
bc3, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 9db83b52-9904-4326-8957-ebe6feedf
37c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: c28b8385-97ea-4fb1-acae-57fa346e6
158, 1, 0 [(0 [0xC004F014, 0, 0],

Page 125 of 204 Contoso Foods

[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: ceae6266-8034-48db-92e4-fc94eb117
42f, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: d8966f28-347f-4d92-8912-1e57d3572
00b, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]

Page 126 of 204 Contoso Foods

5: 44aba848-245e-4e1a-ac42-1def36871f
95, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 7305f85e-3cc0-4168-807e-af0afae1f51f
, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 7c815a7a-6d68-4369-9cfa-c3671c8d1a
3f, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 864fa973-9c03-4e02-81d2-87fd17bc0b
8c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 950d5c80-3a8b-4c7a-991b-6487e045d
bc3, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 9db83b52-9904-4326-8957-ebe6feedf
37c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: c28b8385-97ea-4fb1-acae-57fa346e6
158, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: ceae6266-8034-48db-92e4-fc94eb117
42f, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: d8966f28-347f-4d92-8912-1e57d3572
00b, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]

16394 Information Software Protection Platform Service Offline downlevel migration succeeded.

Page 127 of 204 Contoso Foods

HardwareEvents
Event Log Settings

Name HardwareEvents

Creation Date 04/10/2018 09:32:52

Filename C:\Windows\System32\Winevt\Logs\HardwareEvents.evtx

File Size 68

Number Of Records 0

Retention

Maximum File Size (KB) 20,480

Retention Policy Overwrite events as needed (oldest events first)

Page 128 of 204 Contoso Foods

Internet Explorer
Event Log Settings

Name Internet Explorer

Creation Date 04/10/2018 09:32:52

Filename C:\Windows\System32\Winevt\Logs\Internet Explorer.evtx

File Size 68

Number Of Records 0

Retention

Maximum File Size (KB) 1,028

Retention Policy Overwrite events as needed (oldest events first)

Page 129 of 204 Contoso Foods

Key Management Service
Event Log Settings

Name Key Management Service

Creation Date 04/10/2018 09:32:52

Filename C:\Windows\System32\Winevt\Logs\Key Management Service.evtx

File Size 68

Number Of Records 0

Retention

Maximum File Size (KB) 20,480

Retention Policy Overwrite events as needed (oldest events first)

Page 130 of 204 Contoso Foods

Parameters
Event Log Settings

Name Parameters

Creation Date 04/10/2018 10:35:36

Filename C:\Windows\System32\Winevt\Logs\Parameters.evtx

File Size 68

Number Of Records 0

Retention

Maximum File Size (KB) 1,028

Retention Policy Overwrite events as needed (oldest events first)

Page 131 of 204 Contoso Foods

Security
Event Log Settings

Name Security

Creation Date 04/10/2018 09:32:52

Filename C:\Windows\System32\Winevt\Logs\Security.evtx

File Size 15,428

Number Of Records 19,204

Retention

Maximum File Size (KB) 20,480

Retention Policy Overwrite events as needed (oldest events first)

Most recent 10 entries

Event ID Type Source Message

4616 Success Audit Microsoft-Windows-Security-Auditing The system time was changed.

Subject:
Security ID: S-1-5-18
Account Name: XCS-2K19-LIVE$
Account Domain: TEST2019
Logon ID: 0x3e7

Process Information:
Process ID: 0xaec
Name: C:\Program
Files\VMware\VMware Tools\vmtoolsd.exe

Previous Time: 2021-01-18T01:23:35.618

576800Z
New Time: 2021-01-19T16:29:49.532000
000Z

This event is generated when the system

time is changed. It is normal for the
Windows Time Service, which runs with
System privilege, to change the system
time on a regular basis. Other system time
changes may be indicative of attempts to
tamper with the computer.

4616 Success Audit Microsoft-Windows-Security-Auditing The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x428
Name: C:\Windows\System32\svchost.ex
e

Previous Time: 2021-01-19T16:28:49.502

271900Z
New Time: 2021-01-18T01:22:35.588666
600Z

This event is generated when the system

Page 132 of 204 Contoso Foods

4616 Success Audit Microsoft-Windows-Security-Auditing The system time was changed.

Subject:
Security ID: S-1-5-18
Account Name: XCS-2K19-LIVE$
Account Domain: TEST2019
Logon ID: 0x3e7

Process Information:
Process ID: 0xaec
Name: C:\Program
Files\VMware\VMware Tools\vmtoolsd.exe

Previous Time: 2021-01-15T17:51:52.618

072900Z
New Time: 2021-01-19T16:27:40.057000
000Z

This event is generated when the system

4616 Success Audit Microsoft-Windows-Security-Auditing The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x428
Name: C:\Windows\System32\svchost.ex
e

Previous Time: 2021-01-15T17:50:52.525

154100Z
New Time: 2021-01-15T17:50:52.529370
700Z

This event is generated when the system

4616 Success Audit Microsoft-Windows-Security-Auditing The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x428
Name: C:\Windows\System32\svchost.ex
e

Previous Time: 2021-01-19T16:26:39.958

178900Z
New Time: 2021-01-15T17:50:52.525154
100Z

This event is generated when the system

4799 Success Audit Microsoft-Windows-Security-Auditing A security-enabled local group

membership was enumerated.

Page 133 of 204 Contoso Foods

Subject:
Security ID: S-1-5-18
Account Name: XCS-2K19-LIVE$
Account Domain: TEST2019
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Process Information:
Process ID: 0x6cc
Process Name: C:\Windows\System32\s
vchost.exe

4799 Success Audit Microsoft-Windows-Security-Auditing A security-enabled local group

membership was enumerated.

Subject:
Security ID: S-1-5-18
Account Name: XCS-2K19-LIVE$
Account Domain: TEST2019
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-544
Group Name: Administrators
Group Domain: Builtin

Process Information:
Process ID: 0x6cc
Process Name: C:\Windows\System32\s
vchost.exe

4797 Success Audit Microsoft-Windows-Security-Auditing An attempt was made to query the

existence of a blank password for an
account.

Subject:
Security ID: S-1-5-21-1597374802-18346
2725-2612050851-1103
Account Name: sysadmin
Account Domain: TEST2019
Logon ID: 0x570d2

Additional Information:
Caller Workstation: XCS-2K19-LIVE
Target Account Name:
WDAGUtilityAccount
Target Account Domain: XCS-2K19-LIVE

4797 Success Audit Microsoft-Windows-Security-Auditing An attempt was made to query the

existence of a blank password for an
account.

Subject:
Security ID: S-1-5-21-1597374802-18346
2725-2612050851-1103
Account Name: sysadmin
Account Domain: TEST2019
Logon ID: 0x570d2

Additional Information:
Caller Workstation: XCS-2K19-LIVE
Target Account Name: Guest
Target Account Domain: XCS-2K19-LIVE

4797 Success Audit Microsoft-Windows-Security-Auditing An attempt was made to query the

existence of a blank password for an
account.

Subject:
Security ID: S-1-5-21-1597374802-18346
2725-2612050851-1103
Account Name: sysadmin
Account Domain: TEST2019
Logon ID: 0x570d2

Page 134 of 204 Contoso Foods

Additional Information:
Caller Workstation: XCS-2K19-LIVE
Target Account Name: DefaultAccount
Target Account Domain: XCS-2K19-LIVE

Page 135 of 204 Contoso Foods

State
Event Log Settings

Name State

Creation Date 04/10/2018 10:35:36

Filename C:\Windows\System32\Winevt\Logs\State.evtx

File Size 68

Number Of Records 0

Retention

Maximum File Size (KB) 1,028

Retention Policy Overwrite events as needed (oldest events first)

Page 136 of 204 Contoso Foods

System
Event Log Settings

Name System

Creation Date 04/10/2018 09:32:52

Filename C:\Windows\System32\Winevt\Logs\System.evtx

File Size 4,164

Number Of Records 9,388

Retention

Maximum File Size (KB) 20,480

Retention Policy Archive the log when full, do not overwrite events

Most recent 10 entries

Event ID Type Source Message

1 Information Microsoft-Windows-Kernel-General Possible detection of CVE: 2021-01-19T16

:29:49.532000000Z
Additional Information: 2021-01-18T01:23:
35.618576800Z

This Event is generated when an attempt

to exploit a known vulnerability (2021-01-1
9T16:29:49.532000000Z) is detected.
This Event is raised by a User mode
process.

6013 Information EventLog The system uptime is 25937 seconds.

34 Error Microsoft-Windows-Time-Service The time service has detected that the

system time needs to be changed by
140773 seconds. The time service will not
change the system time by more than
4294967295 seconds. Verify that your
time and time zone are correct, and that
the time source 2K19-DC.test2019.net (nt
p.d|0.0.0.0:123->192.168.131.191:123) is
working properly.

52 Warning Microsoft-Windows-Time-Service The time service has set the time with
offset 140773 seconds.

1 Information Microsoft-Windows-Kernel-General Possible detection of CVE: 2021-01-18T01

:22:35.588666600Z
Additional Information: 2021-01-19T16:28:
49.502271900Z

This Event is generated when an attempt

to exploit a known vulnerability (2021-01-1
8T01:22:35.588666600Z) is detected.
This Event is raised by a User mode
process.

7036 Information Service Control Manager The Microsoft Account Sign-in Assistant
service entered the stopped state.

1 Information Microsoft-Windows-Kernel-General Possible detection of CVE: 2021-01-19T16

:27:40.057000000Z
Additional Information: 2021-01-15T17:51:
52.618072900Z

This Event is generated when an attempt

to exploit a known vulnerability (2021-01-1
9T16:27:40.057000000Z) is detected.
This Event is raised by a User mode
process.

Page 137 of 204 Contoso Foods

6013 Information EventLog The system uptime is 25808 seconds.

7036 Information Service Control Manager The Background Intelligent Transfer

Service service entered the stopped state.

7040 Information Service Control Manager The start type of the Background
Intelligent Transfer Service service was
changed from auto start to demand start.

Page 138 of 204 Contoso Foods

ThinPrint Diagnostics
Event Log Settings

Name ThinPrint Diagnostics

Creation Date 04/10/2018 10:33:32

Filename C:\Windows\System32\Winevt\Logs\ThinPrint Diagnostics.evtx

File Size 68

Number Of Records 11

Retention

Maximum File Size (KB) 1,028

Retention Policy Overwrite events as needed (oldest events first)

Most recent 10 entries

Event ID Type Source Message

4001 Information ThinPrint AutoConnect The description for Event ID '4001' in

Source 'ThinPrint AutoConnect' cannot
be found. The local computer may not
have the necessary registry information
or message DLL files to display the
message, or you may not have
permission to access them. The
following information is part of the
event:''

4002 Information ThinPrint AutoConnect The description for Event ID '4002' in

Page 139 of 204 Contoso Foods

'HP Officejet 5740 series (Network)#:5'
... is now the default printer.

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax>: Length : 6960
Count: 6 Options: 1
Create "Fax#:4" from "TPOG!, Port:
TPVM:" (189) ... OK

ID=5
Printer name=HP Officejet 5740 series
(Network)
Driver=HP Officejet 5740 series
Class=
Type=0
Default=1

ID=2
Printer name=Microsoft XPS Document
Writer
Driver=Microsoft XPS Document Writer
v4
Class=
Type=0
Default=0

ID=4
Printer name=Fax
Driver=Microsoft Shared Fax Driver
Class=
Type=0
Default=0

ID=1

Page 140 of 204 Contoso Foods

Printer name=Send To OneNote 2016
Driver=Send to Microsoft OneNote 16
Driver
Class=
Type=0
Default=0

ID=6
Printer name=Fax - HP Officejet 5740
series (Network)
Driver=Fax - HP Officejet 5740 series
Class=
Type=0
Default=0

ID=3
Printer name=Microsoft Print to PDF
Driver=Microsoft Print To PDF
Class=
Type=0
Default=0

4002 Information ThinPrint AutoConnect The description for Event ID '4002' in

Virtual channel initialized.

Page 141 of 204 Contoso Foods

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax>: Length : 6960
Count: 6 Options: 1
Create "Fax#:4" from "TPOG!, Port:
TPVM:" (359) ... OK

Virtual channel initialized.

ID=5
Printer name=HP Officejet 5740 series
(Network)
Driver=HP Officejet 5740 series
Class=
Type=0
Default=1

ID=2
Printer name=Microsoft XPS Document
Writer
Driver=Microsoft XPS Document Writer
v4
Class=
Type=0
Default=0

ID=4
Printer name=Fax
Driver=Microsoft Shared Fax Driver
Class=
Type=0
Default=0

ID=1
Printer name=Send To OneNote 2016
Driver=Send to Microsoft OneNote 16
Driver
Class=
Type=0
Default=0

ID=6
Printer name=Fax - HP Officejet 5740
series (Network)
Driver=Fax - HP Officejet 5740 series
Class=
Type=0
Default=0

Page 142 of 204 Contoso Foods

ID=3
Printer name=Microsoft Print to PDF
Driver=Microsoft Print To PDF
Class=
Type=0
Default=0

4002 Information ThinPrint AutoConnect The description for Event ID '4002' in

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax>: Length : 6960
Count: 6 Options: 1
Create "Fax#:4" from "TPOG!, Port:
TPVM:" (518) ... OK

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Send To OneNote
2016>: Length : 832 Count: 6
Options: 1

Page 143 of 204 Contoso Foods

Create "Send To OneNote 2016#:1"
from "TPOG!, Port: TPVM:" (440) ... OK

Virtual channel initialized.

ID=5
Printer name=HP Officejet 5740 series
(Network)
Driver=HP Officejet 5740 series
Class=
Type=0
Default=1

ID=2
Printer name=Microsoft XPS Document
Writer
Driver=Microsoft XPS Document Writer
v4
Class=
Type=0
Default=0

ID=4
Printer name=Fax
Driver=Microsoft Shared Fax Driver
Class=
Type=0
Default=0

ID=1
Printer name=Send To OneNote 2016
Driver=Send to Microsoft OneNote 16
Driver
Class=
Type=0
Default=0

ID=6
Printer name=Fax - HP Officejet 5740
series (Network)
Driver=Fax - HP Officejet 5740 series
Class=
Type=0
Default=0

ID=3
Printer name=Microsoft Print to PDF
Driver=Microsoft Print To PDF
Class=
Type=0
Default=0

4001 Information ThinPrint AutoConnect The description for Event ID '4001' in

Source 'ThinPrint AutoConnect' cannot
be found. The local computer may not
have the necessary registry information
or message DLL files to display the
message, or you may not have

Page 144 of 204 Contoso Foods

permission to access them. The
following information is part of the
event:''

4002 Information ThinPrint AutoConnect The description for Event ID '4002' in

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax>: Length : 6960
Count: 6 Options: 1
Create "Fax#:4" from "TPOG!, Port:
TPVM:" (767) ... OK

Virtual channel initialized.

Client Type --> [0x00]: WIN32

Page 145 of 204 Contoso Foods

Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax - HP Officejet
5740 series (Network)>: Length : 438
Count: 6 Options: 1
Create "Fax - HP Officejet 5740 series
(Network)#:6" from "TPOG!, Port:
TPVM:" (516) ... OK

Virtual channel initialized.

ID=5
Printer name=HP Officejet 5740 series
(Network)
Driver=HP Officejet 5740 series
Class=
Type=0
Default=1

ID=2
Printer name=Microsoft XPS Document
Writer
Driver=Microsoft XPS Document Writer
v4
Class=
Type=0
Default=0

ID=4
Printer name=Fax
Driver=Microsoft Shared Fax Driver
Class=
Type=0
Default=0

ID=1
Printer name=Send To OneNote 2016
Driver=Send to Microsoft OneNote 16
Driver
Class=
Type=0
Default=0

ID=6
Printer name=Fax - HP Officejet 5740
series (Network)
Driver=Fax - HP Officejet 5740 series
Class=
Type=0
Default=0

ID=3
Printer name=Microsoft Print to PDF
Driver=Microsoft Print To PDF
Class=
Type=0
Default=0

4001 Information ThinPrint AutoConnect The description for Event ID '4001' in

4002 Information ThinPrint AutoConnect The description for Event ID '4002' in

Page 146 of 204 Contoso Foods

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax>: Length : 6960
Count: 6 Options: 1
Create "Fax#:4" from "TPOG!, Port:
TPVM:" (869) ... OK

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax - HP Officejet
5740 series (Network)>: Length : 438
Count: 6 Options: 1

Page 147 of 204 Contoso Foods

Create "Fax - HP Officejet 5740 series
(Network)#:6" from "TPOG!, Port:
TPVM:" (422) ... OK

Virtual channel initialized.

ID=5
Printer name=HP Officejet 5740 series
(Network)
Driver=HP Officejet 5740 series
Class=
Type=0
Default=1

ID=2
Printer name=Microsoft XPS Document
Writer
Driver=Microsoft XPS Document Writer
v4
Class=
Type=0
Default=0

ID=4
Printer name=Fax
Driver=Microsoft Shared Fax Driver
Class=
Type=0
Default=0

ID=1
Printer name=Send To OneNote 2016
Driver=Send to Microsoft OneNote 16
Driver
Class=
Type=0
Default=0

ID=6
Printer name=Fax - HP Officejet 5740
series (Network)
Driver=Fax - HP Officejet 5740 series
Class=
Type=0
Default=0

ID=3
Printer name=Microsoft Print to PDF
Driver=Microsoft Print To PDF
Class=
Type=0
Default=0

4002 Information ThinPrint AutoConnect The description for Event ID '4002' in

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted

Page 148 of 204 Contoso Foods

connection.
Length : 796 Count: 6 Default Printer
ID : 5
Printer: HP Officejet 5740 series
(Network) Class: ID: 5 (*)
Printer: Microsoft XPS Document Writer
Class: ID: 2
Printer: Fax Class: ID: 4
Printer: Send To OneNote 2016 Class:
ID: 1
Printer: Fax - HP Officejet 5740 series
(Network) Class: ID: 6
Printer: Microsoft Print to PDF Class:
ID: 3

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax>: Length : 6960
Count: 6 Options: 1
Create "Fax#:4" from "TPOG!, Port:
TPVM:" (462) ... OK

Virtual channel initialized.

Page 149 of 204 Contoso Foods

ID=5
Printer name=HP Officejet 5740 series
(Network)
Driver=HP Officejet 5740 series
Class=
Type=0
Default=1

ID=2
Printer name=Microsoft XPS Document
Writer
Driver=Microsoft XPS Document Writer
v4
Class=
Type=0
Default=0

ID=4
Printer name=Fax
Driver=Microsoft Shared Fax Driver
Class=
Type=0
Default=0

ID=1
Printer name=Send To OneNote 2016
Driver=Send to Microsoft OneNote 16
Driver
Class=
Type=0
Default=0

ID=6
Printer name=Fax - HP Officejet 5740
series (Network)
Driver=Fax - HP Officejet 5740 series
Class=
Type=0
Default=0

ID=3
Printer name=Microsoft Print to PDF
Driver=Microsoft Print To PDF
Class=
Type=0
Default=0

4002 Information ThinPrint AutoConnect The description for Event ID '4002' in

Virtual channel initialized.

Page 150 of 204 Contoso Foods

Virtual channel initialized.
Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <HP Officejet 5740
series (Network)>: Length : 2692
Count: 6 Options: 2
Create "HP Officejet 5740 series
(Network)#:5" from "TPOG!, Port:
TPVM:" (766) ... OK
'HP Officejet 5740 series (Network)#:5'
... is now the default printer.

Virtual channel initialized.

Client Type --> [0x00]: WIN32
Client reply --> [0x01]: Client accepted
connection.
Printer properties <Fax>: Length : 6960
Count: 6 Options: 1
Create "Fax#:4" from "TPOG!, Port:
TPVM:" (719) ... OK

Virtual channel initialized.

ID=5
Printer name=HP Officejet 5740 series
(Network)
Driver=HP Officejet 5740 series
Class=
Type=0
Default=1

ID=2
Printer name=Microsoft XPS Document
Writer
Driver=Microsoft XPS Document Writer
v4
Class=
Type=0

Page 151 of 204 Contoso Foods

Default=0

ID=4
Printer name=Fax
Driver=Microsoft Shared Fax Driver
Class=
Type=0
Default=0

ID=1
Printer name=Send To OneNote 2016
Driver=Send to Microsoft OneNote 16
Driver
Class=
Type=0
Default=0

ID=6
Printer name=Fax - HP Officejet 5740
series (Network)
Driver=Fax - HP Officejet 5740 series
Class=
Type=0
Default=0

ID=3
Printer name=Microsoft Print to PDF
Driver=Microsoft Print To PDF
Class=
Type=0
Default=0

Page 152 of 204 Contoso Foods

Windows PowerShell
Event Log Settings

Name Windows PowerShell

Creation Date 04/10/2018 09:32:52

Filename C:\Windows\System32\Winevt\Logs\Windows PowerShell.evtx

File Size 10,308

Number Of Records 2,854

Retention

Maximum File Size (KB) 15,360

Retention Policy Overwrite events as needed (oldest events first)

Most recent 10 entries

Event ID Type Source Message

800 Information PowerShell Pipeline execution details for command

line: else { $result = Add-Type
-TypeDefinition $securitySupportCoreSourc
e}
.

Context Information:
DetailSequence=1
DetailTotal=1

SequenceNumber=19

UserId=TEST2019\sysadmin
HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=5.1.17763.134
RunspaceId=adbf0ea9-e1a4-4b90-b21e-f1
fd413403a3
PipelineId=3
ScriptName=
CommandLine=else { $result = Add-Type
-TypeDefinition $securitySupportCoreSourc
e}

Details:
CommandInvocation(Add-Type):
"Add-Type"
ParameterBinding(Add-Type):
name="TypeDefinition"; value="using
System;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;

namespace CENTREL.XIA.Network.Manag
ement.Windows.SecuritySupportCore
{

/// <summary>
/// Provides security support functions.
/// </summary>
public class SecuritySupportCore
{

Page 153 of 204 Contoso Foods

/// <summary>
/// The LookupAccountName function
accepts the name of a system and an
account as input. It retrieves a security
identifier (SID) for the account and the
name of the domain on which the account
was found.
/// </summary>
/// <param name="systemName">The
name of the system on which to execute
the method.</param>
/// <param name="accountName">The
account name for which the SID should be
obtained in the format "domain\username".
</param>
/// <param name="sid">A pointer to a
buffer that receives the SID
structure.</param>
/// <param name="cbSid">A pointer to
a variable. On input, this value specifies the
size, in bytes, of the Sid buffer.</param>
/// <param name="referencedDomain
Name">A pointer to a buffer that receives
the name of the domain where the account
name is found.</param>
/// <param name="cbReferencedDoma
inName">A pointer to a variable. On input,
this value specifies the size, in TCHARs, of
the ReferencedDomainName buffer.
</param>
/// <param name="use">A pointer to a
SID_NAME_USE enumerated type that
indicates the type of the account when the
function returns.</param>
/// <returns>A System.Boolean value
that indicates whether the method
succeeded.</returns>
/// <remarks>http://msdn.microsoft.co
m/en-us/library/windows/desktop/aa379159
(v=vs.85).aspx</remarks>
[DllImport("advapi32.dll", CharSet =
CharSet.Auto, SetLastError = true)]
internal static extern bool
LookupAccountName(
[In, MarshalAs(UnmanagedType.LP
TStr)] string systemName,
[In, MarshalAs(UnmanagedType.LP
TStr)] string accountName,
IntPtr sid,
ref int cbSid,
StringBuilder
referencedDomainName,
ref int cbReferencedDomainName,
out int use
);

/// <summary>
/// Obtains the security identifier of the
account name on the specified remote
machine.
/// </summary>
/// <param name="machineName">Th
e name of the remote system on which to
perform the resolution.</param>
/// <param name="accountName">The
name of the account to resolve in the
format "domain\username".</param>
/// <returns>The security identifier on
the remote machine in SDDL
format.</returns>
public static String
GetAccountSid(String machineName,
String accountName)
{
IntPtr sidPtr = IntPtr.Zero;
try
{
int ERROR_INSUFFICIENT_BUF

Page 154 of 204 Contoso Foods

FER = 122;
int ERROR_INVALID_FLAGS =
1004;
int sidLength = 0;
int domainLength = 0;
int use = 0;
StringBuilder domainName = new
StringBuilder();
int errorCode = 0;
LookupAccountName(machineNa
me, accountName, sidPtr, ref sidLength,
domainName, ref domainLength, out use);
errorCode = Marshal.GetLastWin
32Error();
if (errorCode != ERROR_INSUFF
ICIENT_BUFFER && errorCode !=
ERROR_INVALID_FLAGS) { throw new Inv
alidOperationException(String.Format("Erro
r code {0}", errorCode)); }
domainName = new StringBuilder
(domainLength);
sidPtr = Marshal.AllocHGlobal(sid
Length);
bool success = LookupAccountN
ame(machineName, accountName, sidPtr,
ref sidLength, domainName, ref
domainLength, out use);
if (success)
{
SecurityIdentifier sid = new
SecurityIdentifier(sidPtr);
return sid.ToString();
}
errorCode = Marshal.GetLastWin
32Error();
throw new InvalidOperationExcep
tion(String.Format("Error code {0}",
errorCode));
}
catch (Exception ex) { throw new Ar
gumentException(String.Format("Could not
get the SID for the account name '{0}' on
machine '{1}'. {2}", accountName,
machineName, ex.Message), ex); }
finally { Marshal.FreeHGlobal(sidPtr
); }
}

}
}
"

400 Information PowerShell Engine state is changed from None to

Available.

Details:
NewEngineState=Available
PreviousEngineState=None

SequenceNumber=17

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=5.1.17763.134
RunspaceId=adbf0ea9-e1a4-4b90-b21e-f1
fd413403a3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "WSMan" is Started.

Page 155 of 204 Contoso Foods

Details:
ProviderName=WSMan
NewProviderState=Started

SequenceNumber=15

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "Certificate" is Started.

Details:
ProviderName=Certificate
NewProviderState=Started

SequenceNumber=13

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "Variable" is Started.

Details:
ProviderName=Variable
NewProviderState=Started

SequenceNumber=11

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "Function" is Started.

Details:
ProviderName=Function
NewProviderState=Started

Page 156 of 204 Contoso Foods

SequenceNumber=9

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "FileSystem" is Started.

Details:
ProviderName=FileSystem
NewProviderState=Started

SequenceNumber=7

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "Environment" is Started.

Details:
ProviderName=Environment
NewProviderState=Started

SequenceNumber=5

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "Alias" is Started.

Details:
ProviderName=Alias
NewProviderState=Started

SequenceNumber=3

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b

Page 157 of 204 Contoso Foods

977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

600 Information PowerShell Provider "Registry" is Started.

Details:
ProviderName=Registry
NewProviderState=Started

SequenceNumber=1

HostName=Default Host
HostVersion=5.1.17763.134
HostId=969cac80-b142-4b44-8023-1c185b
977703
HostApplication=C:\Program
Files\CENTREL Solutions\XIA
Configuration\XIA Configuration Service\CE
NTREL.XIA.Configuration.Service.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Page 158 of 204 Contoso Foods

Environment Variables
Details the environmental variables found on this machine. Environmental variables can be accessed on Windows Machines by using the SET command at
a command prompt. Variables can be user based or SYSTEM variables which are accessible to all users.

48 Environment Variables

Variable Name User Name Value

%ALLUSERSPROFILE% <SYSTEM> C:\ProgramData

%CommonProgramFiles% <SYSTEM> C:\Program Files\Common Files

%ComSpec% <SYSTEM> C:\Windows\system32\cmd.exe

%DriverData% <SYSTEM> C:\Windows\System32\Drivers\DriverData

%NUMBER_OF_PROCESSORS% <SYSTEM> 4

%OS% <SYSTEM> Windows_NT

%Path% <SYSTEM> C:\Windows\system32

C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\
C:\Program Files\Microsoft SQL Server\150\Tools\Binn\
C:\Program Files\Microsoft SQL Server\150\DTS\Binn\

%Path% IIS APPPOOL\.NET v4.5 %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

%Path% IIS APPPOOL\.NET v4.5 Classic %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

%Path% NT AUTHORITY\LOCAL SERVICE %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

%Path% NT AUTHORITY\NETWORK SERVICE %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

%Path% NT AUTHORITY\SYSTEM %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

%Path% NT SERVICE\MSSQL$SQLEXPRESS %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

Page 159 of 204 Contoso Foods

%Path% NT %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
SERVICE\SQLTELEMETRY$SQLEXPRESS

%Path% TEST2019\sysadmin %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

%Path% XCS-2K19-LIVE\Administrator %USERPROFILE%\AppData\Local\Microsoft\WindowsApps

%PATHEXT% <SYSTEM> .COM

.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH
.MSC

%PROCESSOR_ARCHITECTURE% <SYSTEM> AMD64

%PROCESSOR_IDENTIFIER% <SYSTEM> Intel64 Family 6 Model 94 Stepping 3, GenuineIntel

%PROCESSOR_LEVEL% <SYSTEM> 6

%PROCESSOR_REVISION% <SYSTEM> 5e03

%ProgramFiles% <SYSTEM> C:\Program Files

%ProgramFiles(x86)% <SYSTEM> C:\Program Files (x86)

%PSModulePath% <SYSTEM> C:\Program Files\WindowsPowerShell\Modules

C:\Windows\system32\WindowsPowerShell\v1.0\Modules
C:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules\

%SystemDrive% <SYSTEM> C:

%SystemRoot% <SYSTEM> C:\Windows

%TEMP% <SYSTEM> C:\Windows\TEMP

%TEMP% IIS APPPOOL\.NET v4.5 %USERPROFILE%\AppData\Local\Temp

%TEMP% IIS APPPOOL\.NET v4.5 Classic %USERPROFILE%\AppData\Local\Temp

%TEMP% NT AUTHORITY\LOCAL SERVICE %USERPROFILE%\AppData\Local\Temp

%TEMP% NT AUTHORITY\NETWORK SERVICE %USERPROFILE%\AppData\Local\Temp

%TEMP% NT AUTHORITY\SYSTEM %USERPROFILE%\AppData\Local\Temp

Page 160 of 204 Contoso Foods

%TEMP% NT SERVICE\MSSQL$SQLEXPRESS %USERPROFILE%\AppData\Local\Temp

%TEMP% NT %USERPROFILE%\AppData\Local\Temp
SERVICE\SQLTELEMETRY$SQLEXPRESS

%TEMP% TEST2019\sysadmin %USERPROFILE%\AppData\Local\Temp

%TEMP% XCS-2K19-LIVE\Administrator %USERPROFILE%\AppData\Local\Temp

%TMP% <SYSTEM> C:\Windows\TEMP

%TMP% IIS APPPOOL\.NET v4.5 %USERPROFILE%\AppData\Local\Temp

%TMP% IIS APPPOOL\.NET v4.5 Classic %USERPROFILE%\AppData\Local\Temp

%TMP% NT AUTHORITY\LOCAL SERVICE %USERPROFILE%\AppData\Local\Temp

%TMP% NT AUTHORITY\NETWORK SERVICE %USERPROFILE%\AppData\Local\Temp

%TMP% NT AUTHORITY\SYSTEM %USERPROFILE%\AppData\Local\Temp

%TMP% NT SERVICE\MSSQL$SQLEXPRESS %USERPROFILE%\AppData\Local\Temp

%TMP% NT %USERPROFILE%\AppData\Local\Temp
SERVICE\SQLTELEMETRY$SQLEXPRESS

%TMP% TEST2019\sysadmin %USERPROFILE%\AppData\Local\Temp

%TMP% XCS-2K19-LIVE\Administrator %USERPROFILE%\AppData\Local\Temp

%USERNAME% <SYSTEM> SYSTEM

%windir% <SYSTEM> C:\Windows

Page 161 of 204 Contoso Foods

Installed Software
Provides information about the programs installed on this Windows machine.

15 Installed Programs

Name Publisher Platform Version Installation Date

Browser for SQL Server 2019 Microsoft Corporation 32 bit 15.0.2000.5 08 June 2020

Local Administrator Password Solution Microsoft Corporation 64 bit 6.2.0.0 15 October 2020

Microsoft ODBC Driver 17 for SQL Server Microsoft Corporation 64 bit 17.4.0.1 08 June 2020

Microsoft OLE DB Driver for SQL Server Microsoft Corporation 64 bit 18.2.3.0 08 June 2020

Microsoft SQL Server 2012 Native Client Microsoft Corporation 64 bit 11.4.7462.6 08 June 2020

Microsoft SQL Server 2019 (64-bit) Microsoft Corporation 64 bit 08 June 2020

Microsoft SQL Server 2019 Setup (English) Microsoft Corporation 64 bit 15.0.4013.40 08 June 2020

Microsoft SQL Server 2019 T-SQL Language Service Microsoft Corporation 64 bit 15.0.2000.5 08 June 2020

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 64 bit 9.0.30729.6161 04 October 2018

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 32 bit 9.0.30729.4148 04 October 2018

Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 Microsoft Corporation 32 bit 14.14.26429.4 08 June 2020

Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 Microsoft Corporation 32 bit 14.14.26429.4 08 June 2020

Microsoft VSS Writer for SQL Server 2019 Microsoft Corporation 64 bit 15.0.2000.5 08 June 2020

VMware Tools VMware, Inc. 64 bit 10.0.5.3228253 04 October 2018

XIA Configuration Server CENTREL Solutions 64 bit 13.0.0 15 January 2021

Page 162 of 204 Contoso Foods

Internet Settings
This section provides information about the Internet Settings for the machine including the system level
proxy settings.

Internet Settings

Internet Explorer Version 11.134.17763.0

System Proxy

Connection Type Direct Connection

Internet Explorer Enhanced Security

Administrators False

Users False

Page 163 of 204 Contoso Foods

ODBC Configuration
Open Database Connectivity (ODBC) is a standard interface for accessing data in an array of relational
and non-relational database management systems (DBMS) without the need for independent software
vendors and corporate developers to learn multiple application programming interfaces.

Drivers 23

Data Sources 1

Page 164 of 204 Contoso Foods

ODBC Drivers
An ODBC driver provides the ability to translate commands between an ODBC client applications and
the backend data source.

23 ODBC Drivers

Name Platform ODBC File Version Filename

Version

Driver da Microsoft para arquivos texto (*.txt; *.csv) x86 2.50 odbcjt32.dll

Driver do Microsoft Access (*.mdb) x86 2.50 odbcjt32.dll

Driver do Microsoft dBase (*.dbf) x86 2.50 odbcjt32.dll

Driver do Microsoft Excel(*.xls) x86 2.50 odbcjt32.dll

Driver do Microsoft Paradox (*.db ) x86 2.50 odbcjt32.dll

Microsoft Access Driver (*.mdb) x86 2.50 odbcjt32.dll

Microsoft Access-Treiber (*.mdb) x86 2.50 odbcjt32.dll

Microsoft dBase Driver (*.dbf) x86 2.50 odbcjt32.dll

Microsoft dBase-Treiber (*.dbf) x86 2.50 odbcjt32.dll

Microsoft Excel Driver (*.xls) x86 2.50 odbcjt32.dll

Microsoft Excel-Treiber (*.xls) x86 2.50 odbcjt32.dll

Microsoft ODBC for Oracle x86 2.50 msorcl32.dll

Microsoft Paradox Driver (*.db ) x86 2.50 odbcjt32.dll

Microsoft Paradox-Treiber (*.db ) x86 2.50 odbcjt32.dll

Microsoft Text Driver (.txt; .csv) x86 2.50 odbcjt32.dll

Microsoft Text-Treiber (.txt; .csv) x86 2.50 odbcjt32.dll

ODBC Driver 17 for SQL Server x86 3.80 2017.173.0.1 msodbcsql17.dll

ODBC Driver 17 for SQL Server x64 3.80 2017.173.0.1 msodbcsql17.dll

SQL Server x86 3.50 6.2.17763.1 SQLSRV32.dll

SQL Server x64 3.50 6.2.17763.1 SQLSRV32.dll

SQL Server Native Client 11.0 x86 3.80 2011.110.7462.6 sqlncli11.dll

SQL Server Native Client 11.0 x64 3.80 2011.110.7462.6 sqlncli11.dll

SQL Server Native Client RDA 11.0 x64 3.80 2011.110.5069.66 sqlnclirda11.dll

Page 165 of 204 Contoso Foods

Data Sources
A data source, also known as a data source name (DSN) provides the information required to connect to
an ODBC compliant data source such as a Microsoft SQL server or Excel Spreadsheet. This information
includes the ODBC driver to use, the location of the database file or server and other settings such as the
connection credentials.

1 ODBC Data Sources

Name Platform Driver Name Description

SQL Server Data Source x64 SQL Server This is a SQL Server data source.

Page 166 of 204 Contoso Foods

SQL Server Data Source
Provides detailed information about the configuration of this ODBC data source.

General Settings

Description This is a SQL Server data source.

Driver Name SQL Server

Driver C:\Windows\system32\SQLSRV32.dll

Platform x64

Type Display Name SQL Server Data Source

SQL Server

Server XCS-2K19-LIVE

Authentication Type Windows NT (integrated) authentication

ANSI Nulls True

Auto Translate True

Database master

Database Filename

Encrypt True

Failover Server False

Language us_english

Quoted Identifiers True

Use Regional Settings True

3 Properties

Name Value

LastUser sysadmin

QueryLog_On Yes

StatsLog_On Yes

Page 167 of 204 Contoso Foods

Operating System
Provides details about the general operating system configuration.

Operating System

Operating System Name Microsoft Windows Server 2019 Datacenter

Service Pack [None Installed]

General

Version 10.0.17763

Operating System Architecture 64-bit

Server Installation Type Full Server

Build Number 17763

Build Type Multiprocessor Free

Code Page 1252

Country Code 44

Last BootUp Time 15/01/2021 10:41:42

Install Date 08/06/2020 14:18:22

Locale 0809

MUI Languages en-US

Operating System Language 1033

Serial Number 00430-70000-00001-AA890

Windows Directory C:\Windows

System Directory C:\Windows\system32

Page 168 of 204 Contoso Foods

Naming and Role

Domain test2019.net

Domain Role Member Server

NetBIOS Name XCS-2K19-LIVE

Fully Qualified Domain Name xcs-2k19-live.test2019.net

Timezone

Time Zone Name (UTC+00:00) Dublin, Edinburgh, Lisbon, London

Daylight In Effect False

Time Zone Bias 0

Registry

Registry Size (Current) 100

Registry Size (Maximum) 4,095

Page Files

Automatically manage paging file size for all drives

Page 169 of 204 Contoso Foods

PowerShell Settings
Windows PowerShell is a task-based command-line shell and scripting language built on the .NET
Framework designed specifically for system administration.

PowerShell Settings

Is Installed True

Version Version 5.1.17763.134

Runtime Version 4.0.30319.42000

Compatible Versions 1.0

2.0
3.0
4.0
5.0
5.1.17763.134

Machine Execution Policy Remote Signed

Machine Execution Policy Source Local

Permissions

Type Principal Access

Allow BUILTIN\Administrators Full Control (All Operations)

Allow NT AUTHORITY\INTERACTIVE Full Control (All Operations)

Allow BUILTIN\Remote Management Users Full Control (All Operations)

Audit Rules

Type Principal Access

Failure Everyone Full Control (All Operations)

Succes Everyone Execute (Invoke), Write (Put, Delete,

s Create)

Page 170 of 204 Contoso Foods

Registry
The Windows registry is a hierarchical database that contains configuration data for the operating
system, applications, and services.

1 Registry Keys

Display Name Registry Hive Located

Internet Explorer Key HKEY_LOCAL_MACHINE True

1 Registry Values

Display Name Value Type Value Located

Internet Explorer Version REG_SZ 11.134.17763.0 True

Page 171 of 204 Contoso Foods

Internet Explorer Key
The Windows registry is a hierarchical database that contains configuration data for the operating
system, applications, and services. A registry key is a container which stores registry values.

Registry Key

Located True

Registry Key Properties

Hive HKEY_LOCAL_MACHINE

Key Name SOFTWARE\Microsoft\Internet Explorer

9 Values

Name Value Type Data

Build REG_SZ 917763

IntegratedBrowser REG_DWORD 0x00000001 (1)

MkEnabled REG_SZ Yes

svcKBFWLink REG_SZ https://aka.ms/IECU1811B

svcKBNumber REG_SZ KB4466536

svcUpdateVersion REG_SZ 11.0.95

svcVersion REG_SZ 11.134.17763.0

Version REG_SZ 9.11.17763.0

W2kVersion REG_SZ 9.11.17763.0

Security

Owner Account Name NT AUTHORITY\SYSTEM

Permissions

Type Principal Access

Allow BUILTIN\Users Read

Allow BUILTIN\Administrators Full Control

Allow NT AUTHORITY\SYSTEM Full Control

Allow CREATOR OWNER Full Control

Allow APPLICATION PACKAGE AUTHORITY\ALL APPLICATION Read

PACKAGES

Allow S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-4 Read

32734479-3232135806-4053264122-3456934681

Audit Rules

Page 172 of 204 Contoso Foods

There are no audit rules for this object.

Page 173 of 204 Contoso Foods

Internet Explorer Version
The Windows registry is a hierarchical database that contains configuration data for the operating
system, applications, and services. A registry value stores an individual value within a registry key.

Registry Value

Located True

Registry Value Properties

Parent Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

Value Name svcVersion

Value 11.134.17763.0

Value Type REG_SZ

Page 174 of 204 Contoso Foods

Server Roles and Features
Provides information about the Windows server roles and features such as "DNS Server" enabled on this
machine. Server features are found on Windows Server 2008 and above only.

Roles and Features

Feature

.NET Framework 3.5 Features

.NET Framework 3.5 (includes .NET 2.0 and 3.0)

HTTP Activation

Non-HTTP Activation

.NET Framework 4.7 Features

.NET Framework 4.7

ASP.NET 4.7

WCF Services

HTTP Activation

Message Queuing (MSMQ) Activation

Named Pipe Activation

TCP Activation

TCP Port Sharing

Active Directory Certificate Services

Certificate Enrollment Policy Web Service

Certificate Enrollment Web Service

Certification Authority

Certification Authority Web Enrollment

Network Device Enrollment Service

Online Responder

Active Directory Domain Services

Active Directory Federation Services

Active Directory Lightweight Directory Services

Active Directory Rights Management Services

Active Directory Rights Management Server

Identity Federation Support

Background Intelligent Transfer Service (BITS)

Compact Server

IIS Server Extension

BitLocker Drive Encryption

BitLocker Network Unlock

BranchCache

Client for NFS

Page 175 of 204 Contoso Foods

Containers

Data Center Bridging

Device Health Attestation

DHCP Server

Direct Play

DNS Server

Enhanced Storage

Failover Clustering

Fax Server

File and Storage Services

File and iSCSI Services

BranchCache for Network Files

Data Deduplication

DFS Namespaces

DFS Replication

File Server

File Server Resource Manager

File Server VSS Agent Service

iSCSI Target Server

iSCSI Target Storage Provider (VDS and VSS hardware providers)

Server for NFS

Work Folders

Storage Services

Group Policy Management

Host Guardian Hyper-V Support

Host Guardian Service

Hyper-V

I/O Quality of Service

IIS Hostable Web Core

Internet Printing Client

IP Address Management (IPAM) Server

iSNS Server service

LPR Port Monitor

Management OData IIS Extension

Media Foundation

Message Queuing

Message Queuing DCOM Proxy

Message Queuing Services

Directory Service Integration

HTTP Support

Page 176 of 204 Contoso Foods

Message Queuing Server

Message Queuing Triggers

Multicasting Support

Routing Service

Multipath I/O

MultiPoint Connector

MultiPoint Connector Services

MultiPoint Manager and MultiPoint Dashboard

Network Controller

Network Load Balancing

Network Policy and Access Services

Network Virtualization

Peer Name Resolution Protocol

Print and Document Services

Internet Printing

LPD Service

Print Server

Quality Windows Audio Video Experience

RAS Connection Manager Administration Kit (CMAK)

Remote Access

DirectAccess and VPN (RAS)

Routing

Web Application Proxy

Remote Assistance

Remote Desktop Services

Remote Desktop Connection Broker

Remote Desktop Gateway

Remote Desktop Licensing

Remote Desktop Session Host

Remote Desktop Virtualization Host

Remote Desktop Web Access

Remote Differential Compression

Remote Server Administration Tools

Feature Administration Tools

BitLocker Drive Encryption Administration Utilities

BitLocker Drive Encryption Tools

BitLocker Recovery Password Viewer

BITS Server Extensions Tools

DataCenterBridging LLDP Tools

Failover Clustering Tools

Page 177 of 204 Contoso Foods

Failover Cluster Automation Server

Failover Cluster Command Interface

Failover Cluster Management Tools

Failover Cluster Module for Windows PowerShell

IP Address Management (IPAM) Client

Network Load Balancing Tools

Shielded VM Tools

SMTP Server Tools

SNMP Tools

Storage Migration Service Tools

Storage Replica Module for Windows PowerShell

System Insights Module for Windows PowerShell

WINS Server Tools

Role Administration Tools

Active Directory Certificate Services Tools

Certification Authority Management Tools

Online Responder Tools

Active Directory Rights Management Services Tools

AD DS and AD LDS Tools

Active Directory module for Windows PowerShell

AD DS Tools

Active Directory Administrative Center

AD DS Snap-Ins and Command-Line Tools

AD LDS Snap-Ins and Command-Line Tools

DHCP Server Tools

DNS Server Tools

Fax Server Tools

File Services Tools

DFS Management Tools

File Server Resource Manager Tools

Services for Network File System Management Tools

Hyper-V Management Tools

Hyper-V GUI Management Tools

Hyper-V Module for Windows PowerShell

Network Controller Management Tools

Network Policy and Access Services Tools

Print and Document Services Tools

Remote Access Management Tools

Remote Access GUI and Command-Line Tools

Remote Access module for Windows PowerShell

Page 178 of 204 Contoso Foods

Remote Desktop Services Tools

Remote Desktop Gateway Tools

Remote Desktop Licensing Diagnoser Tools

Remote Desktop Licensing Tools

Volume Activation Tools

Windows Deployment Services Tools

Windows Server Update Services Tools

API and PowerShell cmdlets

User Interface Management Console

RPC over HTTP Proxy

Setup and Boot Event Collection

Simple TCP/IP Services

SMB 1.0/CIFS File Sharing Support

SMB 1.0/CIFS Client

SMB 1.0/CIFS Server

SMB Bandwidth Limit

SMTP Server

SNMP Service

SNMP WMI Provider

Software Load Balancer

Storage Migration Service

Storage Migration Service Proxy

Storage Replica

System Data Archiver

System Insights

Telnet Client

TFTP Client

VM Shielding Tools for Fabric Management

Volume Activation Services

Web Server (IIS)

FTP Server

FTP Extensibility

FTP Service

Management Tools

IIS 6 Management Compatibility

IIS 6 Management Console

IIS 6 Metabase Compatibility

IIS 6 Scripting Tools

IIS 6 WMI Compatibility

IIS Management Console

Page 179 of 204 Contoso Foods

IIS Management Scripts and Tools

Management Service

Web Server

Application Development

.NET Extensibility 3.5

.NET Extensibility 4.7

Application Initialization

ASP

ASP.NET 3.5

ASP.NET 4.7

CGI

ISAPI Extensions

ISAPI Filters

Server Side Includes

WebSocket Protocol

Common HTTP Features

Default Document

Directory Browsing

HTTP Errors

HTTP Redirection

Static Content

WebDAV Publishing

Health and Diagnostics

Custom Logging

HTTP Logging

Logging Tools

ODBC Logging

Request Monitor

Tracing

Performance

Dynamic Content Compression

Static Content Compression

Security

Basic Authentication

Centralized SSL Certificate Support

Client Certificate Mapping Authentication

Digest Authentication

IIS Client Certificate Mapping Authentication

IP and Domain Restrictions

Request Filtering

Page 180 of 204 Contoso Foods

URL Authorization

Windows Authentication

WebDAV Redirector

Windows Biometric Framework

Windows Defender Antivirus

Windows Deployment Services

Deployment Server

Transport Server

Windows Identity Foundation 3.5

Windows Internal Database

Windows PowerShell

Windows PowerShell 2.0 Engine

Windows PowerShell 5.1

Windows PowerShell Desired State Configuration Service

Windows PowerShell ISE

Windows PowerShell Web Access

Windows Process Activation Service

.NET Environment 3.5

Configuration APIs

Process Model

Windows Search Service

Windows Server Backup

Windows Server Migration Tools

Windows Server Update Services

SQL Server Connectivity

WID Connectivity

WSUS Services

Windows Standards-Based Storage Management

Windows Subsystem for Linux

Windows TIFF IFilter

WinRM IIS Extension

WINS Server

Wireless LAN Service

WoW64 Support

XPS Viewer

Page 181 of 204 Contoso Foods

Startup Commands
Provides information about the commands configured to run at startup for the users of this Windows
machine.

bginfo

Command C:\bginfo\bginfo64.exe c:\bginfo\bg-vm.bgi /silent /timer:0 /nolicprompt

Location Common Startup

User Public

SecurityHealth

Command %windir%\system32\SecurityHealthSystray.exe

Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

User Public

VMware User Process

Command "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n vmusr

Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

User Public

Page 182 of 204 Contoso Foods

Task Scheduler Library
The Task Scheduler Library automates tasks that perform actions at a specific time or when a certain event occurs and replaces Scheduled Tasks on
previous versions of Windows.

141 Scheduled Tasks

Name Triggers Account Name

.NET Framework NGEN v4.0.30319 No triggers defined NT AUTHORITY\SYSTEM

.NET Framework NGEN v4.0.30319 64 No triggers defined NT AUTHORITY\SYSTEM

.NET Framework NGEN v4.0.30319 64 Critical On idle NT AUTHORITY\SYSTEM

.NET Framework NGEN v4.0.30319 Critical On idle NT AUTHORITY\SYSTEM

AC Power Download No triggers defined NT AUTHORITY\SYSTEM

Account Cleanup No triggers defined NT AUTHORITY\SYSTEM

AD RMS Rights Policy Template Management (Automated) Multiple triggers defined Everyone

AD RMS Rights Policy Template Management (Manual) At log on of any user Everyone

AikCertEnrollTask No triggers defined NT AUTHORITY\SYSTEM

AnalyzeSystem No triggers defined NT AUTHORITY\SYSTEM

appuriverifierdaily No triggers defined NT AUTHORITY\INTERACTIVE

appuriverifierinstall No triggers defined NT AUTHORITY\INTERACTIVE

Automatic-Device-Join Multiple triggers defined NT AUTHORITY\SYSTEM

Background Synchronization At 00:00 on 01/01/2008 NT AUTHORITY\Authenticated Users

Backup Scan At 13:18 on 22/06/2020 NT AUTHORITY\SYSTEM

BfeOnServiceStartTypeChange On an event NT AUTHORITY\SYSTEM

BgTaskRegistrationMaintenanceTask No triggers defined NT AUTHORITY\SYSTEM

BitLocker Encrypt All Drives No triggers defined NT AUTHORITY\INTERACTIVE

BitLocker MDM policy Refresh No triggers defined NT AUTHORITY\INTERACTIVE

Page 183 of 204 Contoso Foods

CacheTask At log on of any user BUILTIN\Users

Calibration Loader Multiple triggers defined BUILTIN\Users

CleanupOldPerfLogs No triggers defined NT AUTHORITY\SYSTEM

CleanupTemporaryState No triggers defined NT AUTHORITY\SYSTEM

Collection At 03:00 on 01/01/2000 NT AUTHORITY\SYSTEM

Configuration At startup NT AUTHORITY\SYSTEM

Consolidator At 00:00 on 02/01/2004 NT AUTHORITY\SYSTEM

CreateObjectTask No triggers defined NT AUTHORITY\SYSTEM

CryptoPolicyTask No triggers defined NT AUTHORITY\SYSTEM

Data Integrity Scan Multiple triggers defined NT AUTHORITY\SYSTEM

Data Integrity Scan for Crash Recovery No triggers defined NT AUTHORITY\SYSTEM

Device At 03:00 on 01/09/2008 NT AUTHORITY\SYSTEM

Device Install Group Policy No triggers defined NT AUTHORITY\SYSTEM

Device Install Reboot Required At log on of any user NT AUTHORITY\INTERACTIVE

Diagnostics No triggers defined NT AUTHORITY\SYSTEM

DsSvcCleanup No triggers defined NT AUTHORITY\SYSTEM

DXGIAdapterCache No triggers defined NT AUTHORITY\SYSTEM

EDP App Launch Task No triggers defined NT AUTHORITY\INTERACTIVE

EDP Auth Task No triggers defined NT AUTHORITY\INTERACTIVE

EDP Inaccessible Credentials Task No triggers defined NT AUTHORITY\INTERACTIVE

EDP Policy Manager No triggers defined NT AUTHORITY\LOCAL SERVICE

ExploitGuard MDM policy Refresh At startup NT AUTHORITY\SYSTEM

ForceSynchronizeTime No triggers defined NT AUTHORITY\LOCAL SERVICE

GatherNetworkInfo No triggers defined BUILTIN\Users

HeadsetButtonPress No triggers defined NT AUTHORITY\INTERACTIVE

Page 184 of 204 Contoso Foods

HiveUploadTask At 00:00 on 28/08/2007 NT AUTHORITY\SYSTEM

IndexerAutomaticMaintenance No triggers defined NT AUTHORITY\LOCAL SERVICE

Installation Multiple triggers defined NT AUTHORITY\INTERACTIVE

Interactive No triggers defined NT AUTHORITY\INTERACTIVE

KeyPreGenTask Multiple triggers defined NT AUTHORITY\SYSTEM

License Validation At startup NT AUTHORITY\SYSTEM

LoginCheck At log on of any user NT AUTHORITY\SYSTEM

Logon Synchronization At log on of any user NT AUTHORITY\Authenticated Users

LPRemove No triggers defined NT AUTHORITY\SYSTEM

Maintenance Install No triggers defined NT AUTHORITY\SYSTEM

MapsToastTask No triggers defined NT AUTHORITY\INTERACTIVE

MapsUpdateTask At 00:00 on 21/10/2014 NT AUTHORITY\NETWORK SERVICE

Metadata Refresh No triggers defined NT AUTHORITY\INTERACTIVE

Microsoft Compatibility Appraiser At 03:00 on 01/09/2008 NT AUTHORITY\SYSTEM

Microsoft-Windows-DiskDiagnosticDataCollector No triggers defined NT AUTHORITY\SYSTEM

Microsoft-Windows-DiskDiagnosticResolver At log on of any user BUILTIN\Users

MNO Metadata Parser On an event NT AUTHORITY\SYSTEM

MobilityManager On an event NT AUTHORITY\LOCAL SERVICE

MsCtfMonitor At log on of any user BUILTIN\Users

Notifications No triggers defined NT AUTHORITY\Authenticated Users

PerformRemediation At 03:00 on 15/10/2000 NT AUTHORITY\SYSTEM

PolicyConverter No triggers defined NT AUTHORITY\SYSTEM

Pre-staged app cleanup At log on of any user NT AUTHORITY\SYSTEM

ProactiveScan No triggers defined NT AUTHORITY\SYSTEM

Process Explorer-TEST2019-sysadmin At log on of TEST2019\sysadmin TEST2019\sysadmin

Process Explorer-WIN-424T9I2S68Q-Administrator At log on of XCS-2K19-LIVE\Administrator BUILTIN\Administrators

Page 185 of 204 Contoso Foods

ProcessMemoryDiagnosticEvents Multiple triggers defined BUILTIN\Administrators

ProgramDataUpdater No triggers defined NT AUTHORITY\SYSTEM

Property Definition Sync At 03:00 every day NT AUTHORITY\SYSTEM

Proxy At startup NT AUTHORITY\SYSTEM

QueueReporting Multiple triggers defined NT AUTHORITY\SYSTEM

Reboot At 17:29 on 30/11/2018 NT AUTHORITY\SYSTEM

Recovery-Check At log on of any user NT AUTHORITY\INTERACTIVE

RefreshCache At 22:56 on 03/11/2020 NT AUTHORITY\SYSTEM

RegIdleBackup No triggers defined NT AUTHORITY\SYSTEM

Registration At 00:00 on 01/01/2017 NT AUTHORITY\SYSTEM

RemoteAssistanceTask Multiple triggers defined NT AUTHORITY\SYSTEM

ResolutionHost No triggers defined NT AUTHORITY\INTERACTIVE

RunFullMemoryDiagnostic No triggers defined BUILTIN\Administrators

ScanForUpdates Multiple triggers defined NT AUTHORITY\SYSTEM

ScanForUpdatesAsUser No triggers defined NT AUTHORITY\INTERACTIVE

Schedule Scan At 08:39 on 05/10/2018 NT AUTHORITY\SYSTEM

Schedule Scan Static Task On an event NT AUTHORITY\SYSTEM

Scheduled No triggers defined NT AUTHORITY\INTERACTIVE

Scheduled Start Multiple triggers defined NT AUTHORITY\SYSTEM

ScheduledDefrag No triggers defined NT AUTHORITY\SYSTEM

SDN Diagnostics Task Multiple triggers defined NT AUTHORITY\SYSTEM

Secure-Boot-Update No triggers defined NT AUTHORITY\SYSTEM

Server Initial Configuration Task At startup NT AUTHORITY\SYSTEM

Server Manager Performance Monitor At startup NT AUTHORITY\SYSTEM

ServerManager At log on of any user BUILTIN\Administrators

ShadowCopyVolume{91695457-0000-0000-0000-602200000000} Multiple triggers defined NT AUTHORITY\SYSTEM

Page 186 of 204 Contoso Foods

SilentCleanup No triggers defined BUILTIN\Users

SmartRetry Multiple triggers defined NT AUTHORITY\SYSTEM

SpaceAgentTask At startup NT AUTHORITY\SYSTEM

SpaceManagerTask At startup NT AUTHORITY\SYSTEM

SpeechModelDownloadTask At 00:00 on 01/01/2004 NT AUTHORITY\NETWORK SERVICE

Sqm-Tasks No triggers defined NT AUTHORITY\SYSTEM

StartComponentCleanup No triggers defined NT AUTHORITY\SYSTEM

StartupAppTask No triggers defined NT AUTHORITY\INTERACTIVE

Storage Tiers Management Initialization No triggers defined NT AUTHORITY\SYSTEM

Storage Tiers Optimization At 01:00 on 01/01/2013 NT AUTHORITY\SYSTEM

StorageCardEncryption Task No triggers defined NT AUTHORITY\INTERACTIVE

StorageSense No triggers defined BUILTIN\Users

SvcRestartTask At 16:24 every day NT AUTHORITY\NETWORK SERVICE

SvcRestartTaskLogon At log on of any user NT AUTHORITY\INTERACTIVE

SvcRestartTaskNetwork On an event NT AUTHORITY\NETWORK SERVICE

SynchronizeTime No triggers defined NT AUTHORITY\LOCAL SERVICE

SynchronizeTimeZone No triggers defined NT AUTHORITY\SYSTEM

SyspartRepair No triggers defined NT AUTHORITY\SYSTEM

Sysprep Generalize Drivers No triggers defined NT AUTHORITY\SYSTEM

SystemSoundsService At log on of any user BUILTIN\Users

SystemTask Multiple triggers defined NT AUTHORITY\SYSTEM

TempSignedLicenseExchange No triggers defined NT AUTHORITY\INTERACTIVE

Tpm-HASCertRetr No triggers defined NT AUTHORITY\SYSTEM

Tpm-Maintenance No triggers defined NT AUTHORITY\SYSTEM

Uninstallation No triggers defined NT AUTHORITY\SYSTEM

UninstallDeviceTask No triggers defined NT AUTHORITY\SYSTEM

Page 187 of 204 Contoso Foods

UpdateLibrary On an event NT AUTHORITY\Authenticated Users

UPnPHostConfig No triggers defined NT AUTHORITY\SYSTEM

UsbCeip No triggers defined NT AUTHORITY\SYSTEM

User_Feed_Synchronization-{30581633-00AE-4F5E-9189-327EF10FF38E} At 23:14 every day TEST2019\sysadmin

User_Feed_Synchronization-{5B085D6B-DEA6-4713-8ED8-EDE46B06BFB6} At 17:10 every day XCS-2K19-LIVE\Administrator

UserTask Multiple triggers defined NT AUTHORITY\INTERACTIVE

UserTask-Roam Multiple triggers defined NT AUTHORITY\INTERACTIVE

USO_UxBroker At 03:00 every day NT AUTHORITY\SYSTEM

VerifiedPublisherCertStoreCheck At startup NT AUTHORITY\LOCAL SERVICE

VerifyWinRE No triggers defined BUILTIN\Administrators

WakeUpAndContinueUpdates No triggers defined NT AUTHORITY\SYSTEM

WakeUpAndScanForUpdates At 00:00 on 01/01/2014 NT AUTHORITY\SYSTEM

Windows Defender Cache Maintenance No triggers defined NT AUTHORITY\SYSTEM

Windows Defender Cleanup No triggers defined NT AUTHORITY\SYSTEM

Windows Defender Scheduled Scan At 03:02 every day NT AUTHORITY\SYSTEM

Windows Defender Verification No triggers defined NT AUTHORITY\SYSTEM

WindowsActionDialog No triggers defined NT AUTHORITY\Authenticated Users

WinSAT No triggers defined BUILTIN\Administrators

Page 188 of 204 Contoso Foods

Windows Remote Management (WinRM)
Windows Remote Management (WinRM) is the Microsoft implementation of the WS-MAN management
protocol, and the underlying communication technology used by PowerShell remoting.

Service Settings

Allow Remote Server Management True

Allow Unencrypted Traffic False

Channel Binding Token Hardening Relaxed

Disallow Storing RunAs Credentials False

IPv4 Filter *

IPv6 Filter *

Started True

Use HTTP Compatibility Listener False

Use HTTPS Compatibility Listener False

Version 10.0.17763.1

Service Authentication Settings

Allow Basic Authentication False

Allow CredSSP Authentication False

Allow Kerberos Authentication True

Allow Negotiate Authentication True

Listener Listener_1084132640

Enabled True

Address *

Port 5985

Protocol HTTP

URI Prefix wsman

Client Settings

Allow Unencrypted Traffic False

Default HTTP Port 5985

Default HTTPS Port 5986

Trusted Hosts

Trusted Hosts Source Not Defined

Page 189 of 204 Contoso Foods

Client Authentication Settings

Allow Basic Authentication True

Allow CredSSP Authentication False

Allow Digest Authentication True

Allow Kerberos Authentication True

Allow Negotiate Authentication True

Windows Remote Shell

Allow Remote Shell Access True

Allow Remote Shell Access Source Not Defined

Idle Timeout (ms) 7,200,000

Maximum Concurrent Users 2,147,483,647

Maximum Memory Per Shell (MB) 2,147,483,647

Maximum Processes Per Shell 2,147,483,647

Maximum Shells Per User 2,147,483,647

Page 190 of 204 Contoso Foods

Windows Services
Displays the configuration of the Windows services on this machine

223 Windows Services

Display Name Start Mode Account Name

ActiveX Installer (AxInstSV) Disabled LocalSystem

AllJoyn Router Service Manual (Trigger Start) NT AUTHORITY\LocalService

App Readiness Manual LocalSystem

Application Host Helper Service Automatic localSystem

Application Identity Manual (Trigger Start) NT Authority\LocalService

Application Information Manual (Trigger Start) LocalSystem

Application Layer Gateway Service Manual NT AUTHORITY\LocalService

Application Management Manual LocalSystem

AppX Deployment Service (AppXSVC) Manual LocalSystem

ASP.NET State Service Manual NT AUTHORITY\NetworkService

Auto Time Zone Updater Disabled NT AUTHORITY\LocalService

AVCTP service Manual (Trigger Start) NT AUTHORITY\LocalService

AzureAttestService Automatic LocalSystem

Background Intelligent Transfer Service Manual LocalSystem

Background Tasks Infrastructure Service Automatic LocalSystem

Base Filtering Engine Automatic NT AUTHORITY\LocalService

Bluetooth Audio Gateway Service Manual (Trigger Start) NT AUTHORITY\LocalService

Bluetooth Support Service Manual (Trigger Start) NT AUTHORITY\LocalService

Capability Access Manager Service Manual LocalSystem

CaptureService_58703 Manual

Page 191 of 204 Contoso Foods

Certificate Propagation Manual (Trigger Start) LocalSystem

Client License Service (ClipSVC) Manual (Trigger Start) LocalSystem

Clipboard User Service_58703 Manual

CNG Key Isolation Manual (Trigger Start) LocalSystem

COM+ Event System Automatic NT AUTHORITY\LocalService

COM+ System Application Manual LocalSystem

Connected Devices Platform Service Automatic (Delayed Start, Trigger Start) NT AUTHORITY\LocalService

Connected Devices Platform User Service_58703 Automatic

Connected User Experiences and Telemetry Automatic LocalSystem

ConsentUX_58703 Manual

Contact Data_58703 Manual

CoreMessaging Automatic NT AUTHORITY\LocalService

Credential Manager Manual LocalSystem

Cryptographic Services Automatic NT Authority\NetworkService

Data Sharing Service Manual (Trigger Start) LocalSystem

DCOM Server Process Launcher Automatic LocalSystem

Delivery Optimization Manual (Trigger Start) NT Authority\NetworkService

Device Association Service Manual (Trigger Start) LocalSystem

Device Install Service Manual (Trigger Start) LocalSystem

Device Management Enrollment Service Manual LocalSystem

Device Management Wireless Application Protocol (WAP) Push message Routing Service Disabled LocalSystem

Device Setup Manager Manual (Trigger Start) LocalSystem

DevicePicker_58703 Disabled

DevicesFlow_58703 Manual

DevQuery Background Discovery Broker Manual (Trigger Start) LocalSystem

DHCP Client Automatic NT Authority\LocalService

Page 192 of 204 Contoso Foods

Diagnostic Policy Service Automatic (Delayed Start) NT AUTHORITY\LocalService

Diagnostic Service Host Manual NT AUTHORITY\LocalService

Diagnostic System Host Manual LocalSystem

Distributed Link Tracking Client Automatic LocalSystem

Distributed Transaction Coordinator Automatic (Delayed Start) NT AUTHORITY\NetworkService

DNS Client Automatic (Trigger Start) NT AUTHORITY\NetworkService

Downloaded Maps Manager Disabled NT AUTHORITY\NetworkService

Embedded Mode Manual (Trigger Start) LocalSystem

Encrypting File System (EFS) Manual (Trigger Start) LocalSystem

Enterprise App Management Service Manual LocalSystem

Extensible Authentication Protocol Manual localSystem

Function Discovery Provider Host Manual NT AUTHORITY\LocalService

Function Discovery Resource Publication Manual (Trigger Start) NT AUTHORITY\LocalService

Geolocation Service Disabled LocalSystem

GraphicsPerfSvc Disabled LocalSystem

Group Policy Client Automatic (Trigger Start) LocalSystem

Human Interface Device Service Manual (Trigger Start) LocalSystem

HV Host Service Manual (Trigger Start) LocalSystem

Hyper-V Data Exchange Service Manual (Trigger Start) LocalSystem

Hyper-V Guest Service Interface Manual (Trigger Start) LocalSystem

Hyper-V Guest Shutdown Service Manual (Trigger Start) LocalSystem

Hyper-V Heartbeat Service Manual (Trigger Start) LocalSystem

Hyper-V PowerShell Direct Service Manual (Trigger Start) LocalSystem

Hyper-V Remote Desktop Virtualization Service Manual (Trigger Start) LocalSystem

Hyper-V Time Synchronization Service Manual (Trigger Start) NT AUTHORITY\LocalService

Hyper-V Volume Shadow Copy Requestor Manual (Trigger Start) LocalSystem

Page 193 of 204 Contoso Foods

IKE and AuthIP IPsec Keying Modules Automatic (Trigger Start) LocalSystem

Internet Connection Sharing (ICS) Disabled LocalSystem

IP Helper Automatic LocalSystem

IPsec Policy Agent Manual (Trigger Start) NT Authority\NetworkService

KDC Proxy Server service (KPS) Manual NT AUTHORITY\NetworkService

KtmRm for Distributed Transaction Coordinator Manual (Trigger Start) NT AUTHORITY\NetworkService

Link-Layer Topology Discovery Mapper Disabled NT AUTHORITY\LocalService

Local Session Manager Automatic LocalSystem

Microsoft (R) Diagnostics Hub Standard Collector Service Manual LocalSystem

Microsoft Account Sign-in Assistant Manual (Trigger Start) LocalSystem

Microsoft App-V Client Disabled LocalSystem

Microsoft iSCSI Initiator Service Manual LocalSystem

Microsoft Passport Manual (Trigger Start) LocalSystem

Microsoft Passport Container Manual (Trigger Start) NT AUTHORITY\LocalService

Microsoft Software Shadow Copy Provider Manual LocalSystem

Microsoft Storage Spaces SMP Manual NT AUTHORITY\NetworkService

Microsoft Store Install Service Manual LocalSystem

Net.Tcp Port Sharing Service Disabled NT AUTHORITY\LocalService

Netlogon Automatic LocalSystem

Network Connection Broker Manual (Trigger Start) LocalSystem

Network Connections Manual LocalSystem

Network Connectivity Assistant Manual (Trigger Start) LocalSystem

Network List Service Manual NT AUTHORITY\LocalService

Network Location Awareness Automatic NT AUTHORITY\NetworkService

Network Setup Service Manual (Trigger Start) LocalSystem

Network Store Interface Service Automatic NT Authority\LocalService

Page 194 of 204 Contoso Foods

Offline Files Disabled LocalSystem

OpenSSH Authentication Agent Disabled LocalSystem

Optimize drives Manual localSystem

Payments and NFC/SE Manager Disabled NT AUTHORITY\LocalService

Performance Counter DLL Host Manual NT AUTHORITY\LocalService

Performance Logs & Alerts Manual NT AUTHORITY\LocalService

Phone Service Disabled NT Authority\LocalService

Plug and Play Manual LocalSystem

Portable Device Enumerator Service Manual (Trigger Start) LocalSystem

Power Automatic LocalSystem

Print Spooler Automatic LocalSystem

Printer Extensions and Notifications Manual LocalSystem

PrintWorkflow_58703 Manual

Problem Reports and Solutions Control Panel Support Manual localSystem

Program Compatibility Assistant Service Manual LocalSystem

Quality Windows Audio Video Experience Manual NT AUTHORITY\LocalService

Radio Management Service Disabled NT AUTHORITY\LocalService

Remote Access Auto Connection Manager Manual localSystem

Remote Access Connection Manager Automatic localSystem

Remote Desktop Configuration Manual localSystem

Remote Desktop Services Manual NT Authority\NetworkService

Remote Desktop Services UserMode Port Redirector Manual localSystem

Remote Procedure Call (RPC) Automatic NT AUTHORITY\NetworkService

Remote Procedure Call (RPC) Locator Manual NT AUTHORITY\NetworkService

Remote Registry Automatic (Trigger Start) NT AUTHORITY\LocalService

Resultant Set of Policy Provider Manual LocalSystem

Page 195 of 204 Contoso Foods

Routing and Remote Access Disabled localSystem

RPC Endpoint Mapper Automatic NT AUTHORITY\NetworkService

Secondary Logon Manual LocalSystem

Secure Socket Tunneling Protocol Service Manual NT Authority\LocalService

Security Accounts Manager Automatic LocalSystem

Sensor Data Service Disabled LocalSystem

Sensor Monitoring Service Manual (Trigger Start) NT AUTHORITY\LocalService

Sensor Service Manual (Trigger Start) LocalSystem

Server Automatic (Trigger Start) LocalSystem

Shared PC Account Manager Disabled LocalSystem

Shell Hardware Detection Automatic LocalSystem

Smart Card Manual (Trigger Start) NT AUTHORITY\LocalService

Smart Card Device Enumeration Service Disabled LocalSystem

Smart Card Removal Policy Manual LocalSystem

SNMP Service Automatic LocalSystem

SNMP Trap Manual NT AUTHORITY\LocalService

Software Protection Automatic (Delayed Start, Trigger Start) NT AUTHORITY\NetworkService

Special Administration Console Helper Manual LocalSystem

Spot Verifier Manual (Trigger Start) LocalSystem

SQL Server (SQLEXPRESS) Automatic NT Service\MSSQL$SQLEXPRESS

SQL Server Agent (SQLEXPRESS) Disabled NT AUTHORITY\NETWORKSERVICE

SQL Server Browser Automatic NT AUTHORITY\LOCALSERVICE

SQL Server CEIP service (SQLEXPRESS) Automatic NT Service\SQLTELEMETRY$SQLEXPRESS

SQL Server VSS Writer Automatic LocalSystem

SSDP Discovery Disabled NT AUTHORITY\LocalService

State Repository Service Manual LocalSystem

Page 196 of 204 Contoso Foods

Still Image Acquisition Events Manual LocalSystem

Storage Service Manual (Trigger Start) LocalSystem

Storage Tiers Management Manual localSystem

SysMain Automatic LocalSystem

System Event Notification Service Automatic LocalSystem

System Events Broker Automatic (Trigger Start) LocalSystem

System Guard Runtime Monitor Broker Manual LocalSystem

Task Scheduler Automatic LocalSystem

TCP/IP NetBIOS Helper Manual (Trigger Start) NT AUTHORITY\LocalService

Telephony Manual NT AUTHORITY\NetworkService

Themes Automatic LocalSystem

Time Broker Manual (Trigger Start) NT AUTHORITY\LocalService

Touch Keyboard and Handwriting Panel Service Manual (Trigger Start) LocalSystem

TP AutoConnect Service Manual LocalSystem

TP VC Gateway Service Manual LocalSystem

Update Orchestrator Service Automatic (Delayed Start) LocalSystem

UPnP Device Host Disabled NT AUTHORITY\LocalService

User Access Logging Service Automatic (Delayed Start) LocalSystem

User Data Access_58703 Manual

User Data Storage_58703 Manual

User Experience Virtualization Service Disabled LocalSystem

User Manager Automatic (Trigger Start) LocalSystem

User Profile Service Automatic LocalSystem

Virtual Disk Manual LocalSystem

VMware Alias Manager and Ticket Service Automatic LocalSystem

VMware Physical Disk Helper Service Automatic LocalSystem

Page 197 of 204 Contoso Foods

VMware Snapshot Provider Manual LocalSystem

VMware Tools Automatic LocalSystem

Volume Shadow Copy Manual LocalSystem

W3C Logging Service Manual localSystem

WalletService Disabled LocalSystem

WarpJITSvc Manual (Trigger Start) NT Authority\LocalService

Web Account Manager Manual LocalSystem

Web Management Service Manual NT AUTHORITY\LocalService

Windows Audio Manual NT AUTHORITY\LocalService

Windows Audio Endpoint Builder Manual LocalSystem

Windows Biometric Service Manual (Trigger Start) LocalSystem

Windows Camera Frame Server Manual (Trigger Start) NT AUTHORITY\LocalService

Windows Connection Manager Automatic (Trigger Start) NT Authority\LocalService

Windows Defender Advanced Threat Protection Service Manual LocalSystem

Windows Defender Antivirus Network Inspection Service Manual NT AUTHORITY\LocalService

Windows Defender Antivirus Service Automatic LocalSystem

Windows Defender Firewall Automatic NT Authority\LocalService

Windows Encryption Provider Host Service Manual (Trigger Start) NT AUTHORITY\LocalService

Windows Error Reporting Service Manual (Trigger Start) localSystem

Windows Event Collector Manual NT AUTHORITY\NetworkService

Windows Event Log Automatic NT AUTHORITY\LocalService

Windows Font Cache Service Automatic NT AUTHORITY\LocalService

Windows Image Acquisition (WIA) Manual NT Authority\LocalService

Windows Insider Service Disabled LocalSystem

Windows Installer Manual LocalSystem

Windows License Manager Service Manual (Trigger Start) NT Authority\LocalService

Page 198 of 204 Contoso Foods

Windows Management Instrumentation Automatic localSystem

Windows Media Player Network Sharing Service Manual NT AUTHORITY\NetworkService

Windows Mobile Hotspot Service Disabled NT Authority\LocalService

Windows Modules Installer Manual localSystem

Windows Process Activation Service Manual localSystem

Windows Push Notifications System Service Automatic LocalSystem

Windows Push Notifications User Service_58703 Automatic

Windows PushToInstall Service Disabled LocalSystem

Windows Remote Management (WS-Management) Automatic NT AUTHORITY\NetworkService

Windows Search Disabled LocalSystem

Windows Security Service Manual LocalSystem

Windows Time Automatic (Trigger Start) NT AUTHORITY\LocalService

Windows Update Manual (Trigger Start) LocalSystem

Windows Update Medic Service Manual LocalSystem

WinHTTP Web Proxy Auto-Discovery Service Manual NT AUTHORITY\LocalService

Wired AutoConfig Manual localSystem

WMI Performance Adapter Manual localSystem

Workstation Automatic NT AUTHORITY\NetworkService

World Wide Web Publishing Service Automatic localSystem

XIA Configuration Scheduler Automatic NT AUTHORITY\NETWORK SERVICE

XIA Configuration Service Automatic TEST2019\sysadmin

Page 199 of 204 Contoso Foods

Windows Time
The Windows Time service, also known as W32Time, synchronizes the date on Windows computers.
Time synchronization is critical for the proper operation of many Windows services and line-of-business
applications.

Active Directory

Domain Role Member Server

Service Information

Start Mode Automatic (Trigger Start)

Service State Running

Global Settings

MaxNegPhaseCorrection 4,294,967,295

MaxPosPhaseCorrection 4,294,967,295

VMIC Provider Status Enabled

Client Settings

Enabled True

Client Type Domain Hierarchy (NT5DS)

Special Poll Interval 1,024

Server Settings

Enabled False

Page 200 of 204 Contoso Foods

Support Provisions
This section provides information about the support provisions associated with this item.

2 Support Provisions

Name Relationship Type Hours Start Date Expiry Date

Network Support Technical Support 8am-5pm 01 October 2015 01 October 2020

Hardware Warranty Hardware Maintenance 9-5pm Mon-Fri 04 October 2018 04 October 2023

Page 201 of 204 Contoso Foods

Network Support
This section provides information about the support provisions associated with this item.

Relationship Information

Relationship Type Technical Support

Support Provision Details

Support Hours 8am-5pm

Reference Number 53964

Self Service Web Site http://www.contoso.com

Email Address [email protected]

Telephone Number +441234 123456

Validity Period

Start Date 01 October 2015

Expiry Date 01 October 2020

Page 202 of 204 Contoso Foods

Hardware Warranty
This section provides information about the support provisions associated with this item.

Relationship Information

Relationship Type Hardware Maintenance

Support Provision Details

Support Hours 9-5pm Mon-Fri

Reference Number 633673356

Self Service Web Site http://www.hpwarranty.com/logcall.aspx

Email Address [email protected]

Telephone Number +44 (0)1235 589123

Validity Period

Start Date 04 October 2018

Expiry Date 04 October 2023

Page 203 of 204 Contoso Foods

Version History
The version history displays the changes that have been made to the documentation of this item over
time - either automatically when a change has been detected, or manually by users of the system.

22 versions

Version Username Date Time Description

1.21 DEMO2012R2\sysadmin 20 January 2021 10:40 Changed item description.

1.20 DEMO2012R2\sysadmin 19 January 2021 16:33 Updated by XIA Configuration Client Data

1.19 DEMO2012R2\sysadmin 08 November 2020 15:07

1.18 DEMO2012R2\sysadmin 29 October 2020 14:49 Updated by XIA Configuration Client Data

1.17 DEMO2012R2\sysadmin 29 October 2020 13:56 Updated hardware information.

1.16 DEMO2012R2\sysadmin 29 October 2020 13:52 Added an item description.

1.15 DEMO2012R2\sysadmin 23 October 2020 17:53 Updated by XIA Configuration Client Data

1.14 DEMO2012R2\sysadmin 23 October 2020 17:48 Updated by XIA Configuration Client Data

1.13 DEMO2012R2\sysadmin 23 October 2020 17:41 Updated by XIA Configuration Client Data

1.12 DEMO2012R2\sysadmin 23 October 2020 16:40 Updated by XIA Configuration Client Data

1.11 DEMO2012R2\sysadmin 23 October 2020 16:25 Updated by XIA Configuration Client Data

1.10 DEMO2012R2\sysadmin 22 October 2020 11:30 Updated by XIA Configuration Client Data

1.09 DEMO2012R2\sysadmin 20 October 2020 12:29 Updated by XIA Configuration Client Data

1.08 DEMO2012R2\sysadmin 20 October 2020 12:20 Updated by XIA Configuration Client Data

1.07 DEMO2012R2\sysadmin 16 October 2020 14:48 Updated by XIA Configuration Client Data

1.06 DEMO2012R2\sysadmin 15 October 2020 16:25 Updated by XIA Configuration Client Data

1.05 DEMO2012R2\sysadmin 15 October 2020 16:11 Updated by XIA Configuration Client Data

1.04 DEMO2012R2\sysadmin 15 October 2020 16:05 Updated by XIA Configuration Client Data

1.03 DEMO2012R2\sysadmin 15 October 2020 15:53 Updated by XIA Configuration Client Data

1.02 DEMO2012R2\sysadmin 12 October 2020 13:47 Updated by XIA Configuration Client Data

1.01 DEMO2012R2\sysadmin 09 October 2020 11:16 Updated by XIA Configuration Client Data

1.00 DEMO2012R2\sysadmin 09 October 2020 11:16 Item created.

Page 204 of 204 Contoso Foods

Yamaha FZS V3 English
No ratings yet
Yamaha FZS V3 English
240 pages
Historical Reporting and Data Dictionary
67% (3)
Historical Reporting and Data Dictionary
1,502 pages
Windows Server Documentation
No ratings yet
Windows Server Documentation
127 pages
Hands-On Linux Administration on Azure - Second Edition: Develop, maintain, and automate applications on the Azure cloud platform, 2nd Edition
From Everand
Hands-On Linux Administration on Azure - Second Edition: Develop, maintain, and automate applications on the Azure cloud platform, 2nd Edition
Kamesh Ganesan
2/5 (1)
Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform
From Everand
Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform
Zahir Hussain Shah
No ratings yet
Microsoft 70 413
100% (1)
Microsoft 70 413
190 pages
MCA Microsoft 365 Certified Associate Modern Desktop Administrator Complete Study Guide with 900 Practice Test Questions: Exam MD-100 and Exam MD-101
From Everand
MCA Microsoft 365 Certified Associate Modern Desktop Administrator Complete Study Guide with 900 Practice Test Questions: Exam MD-100 and Exam MD-101
William Panek
No ratings yet
Windows Machine Report
No ratings yet
Windows Machine Report
205 pages
Troubleshooting PDF
No ratings yet
Troubleshooting PDF
991 pages
Upsc Cse
No ratings yet
Upsc Cse
18 pages
MFT 1053 ManagedFileTransferUserGuide en
No ratings yet
MFT 1053 ManagedFileTransferUserGuide en
852 pages
Powerconnect-8024 Reference Guide En-Us
No ratings yet
Powerconnect-8024 Reference Guide En-Us
1,818 pages
PAN-OS ™ Command Line Interface Reference Guide
No ratings yet
PAN-OS ™ Command Line Interface Reference Guide
466 pages
MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417
From Everand
MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417
William Panek
No ratings yet
Windows Server SDN
No ratings yet
Windows Server SDN
992 pages
Virtualization Security: Protecting Virtualized Environments
From Everand
Virtualization Security: Protecting Virtualized Environments
Dave Shackleford
3/5 (1)
Networking PDF
No ratings yet
Networking PDF
944 pages
Customizing The IDS For Your ENV
No ratings yet
Customizing The IDS For Your ENV
546 pages
PRTG Manual
No ratings yet
PRTG Manual
1,257 pages
Cloud Infrastructure and Data Center
From Everand
Cloud Infrastructure and Data Center
Duong Tran
No ratings yet
Partituradebanda - Band Folio - Book 2 - Sax Tenor
No ratings yet
Partituradebanda - Band Folio - Book 2 - Sax Tenor
25 pages
Windows Server 2016
No ratings yet
Windows Server 2016
4 pages
Exam 70-642 Windows Server 2008 Network Infrastructure, Configuring
No ratings yet
Exam 70-642 Windows Server 2008 Network Infrastructure, Configuring
6 pages
S&C Util
No ratings yet
S&C Util
352 pages
Windows Command For Security Analysis
No ratings yet
Windows Command For Security Analysis
33 pages
Palo Alto CLI Cheat Sheet
100% (2)
Palo Alto CLI Cheat Sheet
7 pages
A Microsoft Windows 2003 Server Manual
100% (3)
A Microsoft Windows 2003 Server Manual
45 pages
Automation Studio Evergreen Notes For Interview
No ratings yet
Automation Studio Evergreen Notes For Interview
41 pages
Basic and Advanced Laboratory Techniques in Histopathology and Cytology
100% (12)
Basic and Advanced Laboratory Techniques in Histopathology and Cytology
275 pages
The Kinetics of Enzyme - Catalyzed Reactions
100% (1)
The Kinetics of Enzyme - Catalyzed Reactions
38 pages
70-413 New
No ratings yet
70-413 New
274 pages
Active Directory Administration Essentials
No ratings yet
Active Directory Administration Essentials
177 pages
Innopro Paramix C Blending System PDF
100% (1)
Innopro Paramix C Blending System PDF
2 pages
LM & D - Practical Manual
No ratings yet
LM & D - Practical Manual
175 pages
Proton for Linux Gaming: Definitive Reference for Developers and Engineers
From Everand
Proton for Linux Gaming: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
COT-MATH - Identifying Parallel, Inter-Secting and Perpendicular Lines
70% (10)
COT-MATH - Identifying Parallel, Inter-Secting and Perpendicular Lines
3 pages
Sqlinstance
No ratings yet
Sqlinstance
165 pages
Pop!_OS System Administration Guide: Definitive Reference for Developers and Engineers
From Everand
Pop!_OS System Administration Guide: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
138 Modeling Stochastic Wind - Loads - On Vertical - Axis Wind Turbines VEERS SANDIA
No ratings yet
138 Modeling Stochastic Wind - Loads - On Vertical - Axis Wind Turbines VEERS SANDIA
20 pages
Mitsubishi FD70N Part 4 Circuit Diagram
No ratings yet
Mitsubishi FD70N Part 4 Circuit Diagram
42 pages
VyOS Configuration and Deployment Guide: Definitive Reference for Developers and Engineers
From Everand
VyOS Configuration and Deployment Guide: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Jetson Platform Development Guide: Definitive Reference for Developers and Engineers
From Everand
Jetson Platform Development Guide: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Information Technology 2016
From Everand
Information Technology 2016
Duong Tran
No ratings yet
Iconlibrary Production Oct2016
No ratings yet
Iconlibrary Production Oct2016
137 pages
SAP Solution Manager
From Everand
SAP Solution Manager
equitypress
4/5 (10)
Optimization of Transportation Costs in Supply Cha PDF
No ratings yet
Optimization of Transportation Costs in Supply Cha PDF
83 pages
Design and Implementation with i.MX Processors: Definitive Reference for Developers and Engineers
From Everand
Design and Implementation with i.MX Processors: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Resource Manager Guide
No ratings yet
Resource Manager Guide
118 pages
Windows Server 2008 and Vista Cookbook
No ratings yet
Windows Server 2008 and Vista Cookbook
78 pages
MCSA 70-340 Notes
No ratings yet
MCSA 70-340 Notes
34 pages
Activedirectory
No ratings yet
Activedirectory
51 pages
Windowsitpro201306 DL
No ratings yet
Windowsitpro201306 DL
80 pages
Dhcpserver
No ratings yet
Dhcpserver
44 pages
BSBSUS401 Assess 1 ProjecT
No ratings yet
BSBSUS401 Assess 1 ProjecT
16 pages
SmartPilot S1 Wheel & Tiller Service Manual
No ratings yet
SmartPilot S1 Wheel & Tiller Service Manual
45 pages
Cocos2d-x Intermediate Level: Elevating Your Game Development Skills: Cocos2d-x Series
From Everand
Cocos2d-x Intermediate Level: Elevating Your Game Development Skills: Cocos2d-x Series
Kameron Hussain
No ratings yet
Executive Report 31mar2024 30apr2024
No ratings yet
Executive Report 31mar2024 30apr2024
35 pages
3700 Guide To Using The System
No ratings yet
3700 Guide To Using The System
35 pages
01-Historical Perspectives
No ratings yet
01-Historical Perspectives
22 pages
Thermodynamics I
No ratings yet
Thermodynamics I
34 pages
Adfs2 How To Setup Lab Environment For Federated Collaboration
No ratings yet
Adfs2 How To Setup Lab Environment For Federated Collaboration
49 pages
Administering A Server Core Installation
No ratings yet
Administering A Server Core Installation
12 pages
Chap 05
No ratings yet
Chap 05
45 pages
ETOM Processes
No ratings yet
ETOM Processes
45 pages
11 Watt Light
No ratings yet
11 Watt Light
14 pages
Chapter 13 - CLI Cheat Sheet
No ratings yet
Chapter 13 - CLI Cheat Sheet
5 pages
Assignment
No ratings yet
Assignment
22 pages
Information Brochure Diploma Certificate Courses
No ratings yet
Information Brochure Diploma Certificate Courses
12 pages
Configuring Managing and Maintaining Windows Server 2008 Servers m6419
No ratings yet
Configuring Managing and Maintaining Windows Server 2008 Servers m6419
6 pages
Theory of Structures 3 CIV 301 DR M Abdel Kader Double Integration Method
No ratings yet
Theory of Structures 3 CIV 301 DR M Abdel Kader Double Integration Method
14 pages
Instructional Writing Sample: Windows 2000
No ratings yet
Instructional Writing Sample: Windows 2000
16 pages
Course Outline CSCD 607 Advanced Computer Networks
No ratings yet
Course Outline CSCD 607 Advanced Computer Networks
9 pages
A.1.2 TestOut Server Pro 2016 - Install and Storage Objectives by Course Section
No ratings yet
A.1.2 TestOut Server Pro 2016 - Install and Storage Objectives by Course Section
7 pages
Uc3 All Steps
No ratings yet
Uc3 All Steps
5 pages
Configure # Set Deviceconfig System Ip-Address X.X.X.X Netmask X.X.X.X Default-Gateway X.X.X.X # Commit To Verify The Change: Show System Info
No ratings yet
Configure # Set Deviceconfig System Ip-Address X.X.X.X Netmask X.X.X.X Default-Gateway X.X.X.X # Commit To Verify The Change: Show System Info
7 pages
Managing NetApp Cluster With NetApp OnCommand System Manager
No ratings yet
Managing NetApp Cluster With NetApp OnCommand System Manager
12 pages
Fixed Displacement Vane Pumps Datasheet
No ratings yet
Fixed Displacement Vane Pumps Datasheet
6 pages
Mcsa Syllabus
No ratings yet
Mcsa Syllabus
4 pages
Mcse Linux PDF
No ratings yet
Mcse Linux PDF
4 pages
70-411: Administering Windows Server 2012: Target Audience
No ratings yet
70-411: Administering Windows Server 2012: Target Audience
4 pages
Remover A Senha de ROOT
No ratings yet
Remover A Senha de ROOT
3 pages
The American College
No ratings yet
The American College
2 pages
Jama Caricchio 2021 Oi 210064 1626283669.23567
No ratings yet
Jama Caricchio 2021 Oi 210064 1626283669.23567
10 pages
M - 04 - Configuration of User Accounts For SNOASIS
No ratings yet
M - 04 - Configuration of User Accounts For SNOASIS
5 pages
Frekuens
No ratings yet
Frekuens
3 pages
Amc 71
No ratings yet
Amc 71
1 page
Clasa A 9a Limba Engleza
No ratings yet
Clasa A 9a Limba Engleza
2 pages
Lgep 2: SKF High Load, Extreme Pressure Bearing Grease
No ratings yet
Lgep 2: SKF High Load, Extreme Pressure Bearing Grease
2 pages
Icd 16 5 Eng V2.1 PDF
No ratings yet
Icd 16 5 Eng V2.1 PDF
2 pages
File Services Getting Started Cmdlets
No ratings yet
File Services Getting Started Cmdlets
1 page