System/Kernel
c:\Users\Administrator\.jenkins> systeminfo && cmd /c powershell -c "Get-ComputerInfo"
host name: JEEVES
os name: Microsoft Windows 10 Pro
os version: 10.0.10586 N/A Build 10586
os manufacturer: Microsoft Corporation
os configuration: Standalone Workstation
os build type: Multiprocessor Free
registered owner: Windows User
registered organization:
product id: 00331-20304-47406-AA297
original install date: 10/25/2017, 4:45:33 PM
system boot time: 11/30/2023, 12:06:21 PM
system manufacturer: VMware, Inc.
system model: VMware7,1
system type: x64-based PC
processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
bios version: VMware, Inc. VMW71.00V.16707776.B64.2008070230, 8/7/2020
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume2
system locale: en-us;English (United States)
input locale: en-us;English (United States)
time zone: (UTC-05:00) Eastern Time (US & Canada)
total physical memory: 2,047 MB
available physical memory: 1,023 MB
virtual memory: Max Size: 2,687 MB
virtual memory: Available: 1,585 MB
virtual memory: In Use: 1,102 MB
page file location(s): C:\pagefile.sys
domain: WORKGROUP
logon server: N/A
hotfix(s): 10 Hotfix(s) Installed.
[01]: KB3150513
[02]: KB3161102
[03]: KB3172729
[04]: KB3173428
[05]: KB4021702
[06]: KB4022633
[07]: KB4033631
[08]: KB4035632
[09]: KB4051613
[10]: KB4041689
network card(s): 1 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
connection name: Ethernet0
dhcp enabled: No
IP address(es)
[01]: 10.10.10.63
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
get-computerinfo : The term 'Get-ComputerInfo' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
at line:1 char:1
+ Get-ComputerInfo
+ ~~~~~~~~~~~~~~~~
+ categoryinfo : ObjectNotFound: (Get-ComputerInfo:String) [], CommandNotFoundException
+ fullyqualifiederrorid : CommandNotFoundExceptionMicrosoft Windows 10 Pro
10.0.10586 N/A Build 10586
x64-based
1 Processor(s)
10 Hotfix(s)
the get-computerinfo PowerShell cmdlet is NOT available
c:\Users\Administrator\.jenkins> powershell -c "$PSVersionTable.PSVersion"
Major Minor Build Revision
----- ----- ----- --------
5 0 10586 1176 This explains it. the get-computerinfo PowerShell cmdlet is only available from PowerShell 5.1
Networks
C:\Users\Administrator\.jenkins> ipconfig /ALL && arp -a
Windows IP Configuration
Host Name . . . . . . . . . . . . : Jeeves
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-50-56-B9-11-2F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.10.10.63(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.2
DNS Servers . . . . . . . . . . . : 10.10.10.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{4079B648-26D5-4A56-9108-2A55EC5CE6CA}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Interface: 10.10.10.63 --- 0x2
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-d7-84 dynamic
10.10.10.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.77.124.213 01-00-5e-4d-7c-d5 static
239.255.255.250 01-00-5e-7f-ff-fa static C:\Users\Administrator\.jenkins> cmd /c powershell -c "netstat -ano | Select-String LIST"
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 876
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1056
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1016
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1376
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 772
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 764
TCP 0.0.0.0:50000 0.0.0.0:0 LISTENING 3060
TCP 10.10.10.63:139 0.0.0.0:0 LISTENING 4
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 876
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 660
TCP [::]:49665 [::]:0 LISTENING 1056
TCP [::]:49666 [::]:0 LISTENING 1016
TCP [::]:49667 [::]:0 LISTENING 1376
TCP [::]:49668 [::]:0 LISTENING 772
TCP [::]:49669 [::]:0 LISTENING 764
TCP [::]:50000 [::]:0 LISTENING 306010.10.10.63:139
Users & Groups
c:\Users\Administrator\.jenkins> dir C:\Users && NET USERS
dir c:\Users && NET USERS
Volume in drive C has no label.
Volume Serial Number is 71A1-6FA1
directory of c:\Users
11/08/2017 05:22 PM <DIR> .
11/08/2017 05:22 PM <DIR> ..
11/03/2017 10:07 PM <DIR> Administrator
11/05/2017 09:17 PM <DIR> DefaultAppPool
11/03/2017 10:19 PM <DIR> kohsuke
10/25/2017 03:46 PM <DIR> Public
0 File(s) 0 bytes
6 Dir(s) 2,334,572,544 bytes free
User accounts for \\JEEVES
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
kohsuke
The command completed successfully.c:\Users\Administrator\.jenkins> NET LOCALGROUP
Aliases for \\JEEVES
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.IIS_IUSRS
Processes
C:\Users\Administrator\.jenkins> tasklist /svc
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 508 N/A
csrss.exe 580 N/A
csrss.exe 652 N/A
wininit.exe 660 N/A
winlogon.exe 700 N/A
services.exe 764 N/A
lsass.exe 772 KeyIso, SamSs, VaultSvc
svchost.exe 840 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
svchost.exe 876 RpcEptMapper, RpcSs
dwm.exe 964 N/A
svchost.exe 1016 BITS, DsmSvc, iphlpsvc, LanmanServer,
lfsvc, ProfSvc, Schedule, SENS,
ShellHWDetection, Themes, UserManager,
Winmgmt
svchost.exe 528 BFE, CoreMessagingRegistrar, DPS, MpsSvc
svchost.exe 604 TimeBroker
svchost.exe 572 AudioEndpointBuilder,
DeviceAssociationService, DsSvc, PcaSvc,
StorSvc, SysMain, TrkWks, wudfsvc
vmacthlp.exe 928 VMware Physical Disk Helper Service
svchost.exe 1056 Audiosrv, Dhcp, EventLog, lmhosts, Wcmsvc,
wscsvc
svchost.exe 1096 EventSystem, FontCache, netprofm, nsi,
W32Time, WdiServiceHost, WinHttpAutoProxySv
svchost.exe 1192 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
spoolsv.exe 1376 Spooler
svchost.exe 1672 AppHostSvc
svchost.exe 1680 DiagTrack
svchost.exe 1832 W3SVC, WAS
vmtoolsd.exe 1840 VMTools
VGAuthService.exe 1856 VGAuthService
svchost.exe 1864 stisvc
MsMpEng.exe 1872 WinDefend
dasHost.exe 1980 N/A
svchost.exe 2136 PolicyAgent
WmiPrvSE.exe 2440 N/A
dllhost.exe 2624 COMSysApp
NisSrv.exe 2852 WdNisSvc
msdtc.exe 2912 MSDTC
jenkins.exe 3044 jenkins
java.exe 3060 N/A
conhost.exe 2724 N/A
LogonUI.exe 3260 N/A
SearchIndexer.exe 3304 WSearch
svchost.exe 2940 StateRepository
dllhost.exe 244 N/A
cmd.exe 1916 N/A
conhost.exe 1268 N/A
powershell.exe 2548 N/A
powershell.exe 2720 N/A
conhost.exe 2832 N/A
cmd.exe 1732 N/A
conhost.exe 2476 N/A
tasklist.exe 396 N/A jenkins.exe
java.exe
spoolsv.exe
Tasks
c:\Users\Administrator\.jenkins> cmd /c powershell -c "Get-ScheduledTask | where {$_.TaskPath -notlike '\Microsoft*' } | ft TaskName,TaskPath,State"
TaskName TaskPath State
-------- -------- -----
OneDrive Standalone Update Task-S-1-5-21-2851396806-8246019-2289784878-1001 \ ReadyFirewall & AV
C:\Users\Administrator\.jenkins> cmd /c netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound Java(TM) Platform SE binary / C:\program files (x86)\java\jre1.8.0_151\bin\java.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .fw is partially enabled
C:\Users\Administrator\.jenkins> cmd /c powershell -c "Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath"
Get-MpComputerStatus : The term 'Get-MpComputerStatus' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MpComputerStatus:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Get-MpPreference : The term 'Get-MpPreference' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:24
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MpPreference:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionGet-MpComputerStatus and Get-MpPreference is NOT available with the current installation of PowerShell Opting out..
C:\Users\Administrator\.jenkins> cmd /c powershell -c "Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct"
__GENUS : 2
__CLASS : AntiVirusProduct
__SUPERCLASS :
__DYNASTY : AntiVirusProduct
__RELPATH : AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
__PROPERTY_COUNT : 6
__DERIVATION : {}
__SERVER : JEEVES
__NAMESPACE : ROOT\SecurityCenter2
__PATH : \\JEEVES\ROOT\SecurityCenter2:AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4fae-9E44-DA132C
1ACF46}"
displayName : Windows Defender
instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe : %ProgramFiles%\Windows Defender\MSASCui.exe
pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe
productState : 397584
timestamp : Thu, 30 Nov 2023 17:08:48 GMT
PSComputerName : JEEVESAV is installed and likely enabled
Session Architecture
c:\Users\Administrator\.jenkins> cmd /c powershell -c "[Environment]::Is64BitProcess"
FalseFalse
Installed .NET Frameworks
C:\Users\Administrator\.jenkins> dir /A:D C:\Windows\Microsoft.NET\Framework && reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" && reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 71A1-6FA1
Directory of C:\Windows\Microsoft.NET\Framework
10/26/2017 02:33 AM <DIR> .
10/26/2017 02:33 AM <DIR> ..
10/30/2015 02:24 AM <DIR> v1.0.3705
10/30/2015 02:24 AM <DIR> v1.1.4322
10/30/2015 02:24 AM <DIR> v2.0.50727
10/26/2017 02:33 AM <DIR> v3.0
11/30/2023 12:17 PM <DIR> v4.0.30319
0 File(s) 0 bytes
7 Dir(s) 2,333,413,376 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x6040e
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01038
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x6040e
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01038
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x6040e
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01038
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x6040e
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.6.01038
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.6.01038