System/Kernel
ps c:\windows\system32\inetsrv> systeminfo
host name: SILO
os name: Microsoft Windows Server 2012 R2 Standard
os version: 6.3.9600 N/A Build 9600
os manufacturer: Microsoft Corporation
os configuration: Standalone Server
os build type: Multiprocessor Free
registered owner: Windows User
registered organization:
product id: 00252-00115-23036-AA976
original install date: 12/31/2017, 11:01:23 PM
system boot time: 10/18/2022, 1:22:10 PM
system manufacturer: VMware, Inc.
system model: VMware Virtual Platform
system type: x64-based PC
processor(s): 2 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
[02]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: Phoenix Technologies LTD 6.00, 12/12/2018
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume1
system locale: en-gb;English (United Kingdom)
input locale: en-us;English (United States)
time zone: (UTC+00:00) Dublin, Edinburgh, Lisbon, London
total physical memory: 4,095 MB
available physical memory: 3,009 MB
virtual memory: Max Size: 4,799 MB
virtual memory: Available: 3,440 MB
virtual memory: In Use: 1,359 MB
page file location(s): C:\pagefile.sys
domain: HTB
logon server: N/A
hotfix(s): 149 Hotfix(s) Installed.
[01]: KB2868626
[02]: KB2883200
[03]: KB2887595
[04]: KB2894852
[05]: KB2903939
[06]: KB2911106
[07]: KB2919355
[08]: KB2919394
[09]: KB2928680
[10]: KB2934520
[11]: KB2938066
[12]: KB2954879
[13]: KB2966826
[14]: KB2966828
[15]: KB2967917
[16]: KB2968296
[17]: KB2972103
[18]: KB2973114
[19]: KB2973351
[20]: KB2989930
[21]: KB3000850
[22]: KB3003057
[23]: KB3004361
[24]: KB3004365
[25]: KB3012702
[26]: KB3013172
[27]: KB3013791
[28]: KB3014442
[29]: KB3019978
[30]: KB3021910
[31]: KB3022777
[32]: KB3023219
[33]: KB3023266
[34]: KB3024751
[35]: KB3024755
[36]: KB3029603
[37]: KB3030377
[38]: KB3030947
[39]: KB3033446
[40]: KB3035126
[41]: KB3036612
[42]: KB3037576
[43]: KB3037924
[44]: KB3038002
[45]: KB3042085
[46]: KB3043812
[47]: KB3044374
[48]: KB3044673
[49]: KB3045634
[50]: KB3045685
[51]: KB3045717
[52]: KB3045719
[53]: KB3045755
[54]: KB3045992
[55]: KB3045999
[56]: KB3046017
[57]: KB3046737
[58]: KB3048043
[59]: KB3054169
[60]: KB3054203
[61]: KB3054256
[62]: KB3054464
[63]: KB3055323
[64]: KB3055343
[65]: KB3055642
[66]: KB3059317
[67]: KB3060681
[68]: KB3060793
[69]: KB3061512
[70]: KB3063843
[71]: KB3071756
[72]: KB3072307
[73]: KB3074228
[74]: KB3074545
[75]: KB3075220
[76]: KB3077715
[77]: KB3078405
[78]: KB3078676
[79]: KB3080042
[80]: KB3080149
[81]: KB3082089
[82]: KB3084135
[83]: KB3086255
[84]: KB3087041
[85]: KB3087137
[86]: KB3091297
[87]: KB3092601
[88]: KB3092627
[89]: KB3094486
[90]: KB3095701
[91]: KB3097992
[92]: KB3099834
[93]: KB3100473
[94]: KB3103616
[95]: KB3103696
[96]: KB3103709
[97]: KB3109103
[98]: KB3109976
[99]: KB3110329
[100]: KB3115224
[101]: KB3121261
[102]: KB3121461
[103]: KB3122651
[104]: KB3123245
[105]: KB3126033
[106]: KB3126434
[107]: KB3126587
[108]: KB3127222
[109]: KB3128650
[110]: KB3133043
[111]: KB3133690
[112]: KB3134179
[113]: KB3134815
[114]: KB3137728
[115]: KB3138602
[116]: KB3139164
[117]: KB3139398
[118]: KB3139914
[119]: KB3140219
[120]: KB3140234
[121]: KB3145384
[122]: KB3145432
[123]: KB3146604
[124]: KB3146723
[125]: KB3146751
[126]: KB3147071
[127]: KB3153704
[128]: KB3155784
[129]: KB3156059
[130]: KB3159398
[131]: KB3161949
[132]: KB3161958
[133]: KB3162343
[134]: KB3169704
[135]: KB3172614
[136]: KB3172729
[137]: KB3173424
[138]: KB3175024
[139]: KB3178539
[140]: KB3179574
[141]: KB3186539
[142]: KB4033369
[143]: KB4033428
[144]: KB4040972
[145]: KB4040974
[146]: KB4040981
[147]: KB4041777
[148]: KB4054854
[149]: KB4054519
network card(s): 1 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
connection name: Ethernet0
dhcp enabled: No
IP address(es)
[01]: 10.10.10.82
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.Microsoft Windows Server 2012 R2 Standard
6.3.9600 N/A Build 9600
x64-based PC
2 Processor(s) Installed
149 Hotfix(s) Installed
Networks
PS C:\windows\system32\inetsrv> netstat -ano -p tcp
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 624
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING 1216
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 1216
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 424
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 772
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 828
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 936
TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING 1080
TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING 532
TCP 0.0.0.0:49161 0.0.0.0:0 LISTENING 524
TCP 0.0.0.0:49162 0.0.0.0:0 LISTENING 1704
TCP 10.10.10.82:139 0.0.0.0:0 LISTENING 4
TCP 10.10.10.82:49166 10.10.14.5:9999 ESTABLISHED 2120
TCP 127.0.0.1:49156 0.0.0.0:0 LISTENING 1216Users & Groups
ps c:\windows\system32\inetsrv> net users
User accounts for \\
-------------------------------------------------------------------------------
Administrator Guest Phineas
The command completed with one or more errors.Phineas
Processes
PS C:\windows\system32\inetsrv> ps
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
46 5 712 3096 28 0.02 2152 conhost
287 12 1832 4068 48 340 csrss
91 8 1280 3656 43 440 csrss
195 13 3340 10796 49 2140 dllhost
177 15 16220 25468 93 724 dwm
0 0 0 4 0 0 Idle
294 22 12588 25252 137 2716 LogonUI
648 18 3784 9620 41 532 lsass
162 12 2268 6968 41 2248 msdtc
552 60 609572 440568 1289 1080 oracle
44 4 484 2480 12 1192 OraClrAgnt
560 39 156780 164084 617 3.69 2120 powershell
210 9 2160 5508 22 524 services
52 2 280 1008 4 232 smss
371 21 3628 10540 77 936 spoolsv
353 33 8188 10656 54 304 svchost
291 12 2748 7380 33 596 svchost
283 14 2612 6692 29 624 svchost
472 19 8960 12312 54 772 svchost
524 30 6392 15036 1147 808 svchost
1095 43 17920 30896 135 828 svchost
658 24 5344 10984 74 880 svchost
114 11 3500 8076 42 1028 svchost
168 12 2560 7516 76 1044 svchost
266 19 8044 10540 650 1276 svchost
166 14 4544 9092 47 1452 svchost
109 11 1108 4564 21 1704 svchost
639 0 108 276 3 4 System
193 24 17332 20316 133 1216 TNSLSNR
116 12 2836 8552 62 1300 VGAuthService
80 6 1052 3832 45 712 vm3dservice
318 22 8980 18924 93 1424 vmtoolsd
79 8 740 3908 20 424 wininit
123 8 1292 9032 71 484 winlogon
298 15 6500 12956 51 1916 WmiPrvSE Tasks
ps c:\windows\system32\inetsrv> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SmartScreenSpecific N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProgramDataUpdater N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 1/18/2023 9:00:00 AM Ready
KernelCeipTask N/A Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
serverceipassistant 1/18/2023 4:07:51 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 2/17/2023 1:32:40 PM Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
BindingWorkItemQueueHandler N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
RacTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MRT_ERROR_HB N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Idle Maintenance N/A Ready
Manual Maintenance N/A Ready
regular maintenance 1/18/2023 2:10:27 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AUFirmwareInstall N/A Disabled
AUScheduledInstall N/A Disabled
AUSessionConnect N/A Disabled
scheduled start 1/18/2023 8:26:24 PM Ready
scheduled start with network 1/18/2023 8:26:36 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Workplace-Join N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
License Validation N/A Disabled
WSTask N/A Ready Firewall & AV
PS C:\windows\system32\inetsrv> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Disable Inbound Oracle TNSLSNR Executable / C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 8 Allow inbound echo request
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 8 Allow inbound echo request
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .Session Architecture
ps c:\windows\system32\inetsrv> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\windows\system32\inetsrv> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0