System/Kernel
ps c:\windows\system32\inetsrv> systeminfo ; Get-ComputerInfo
host name: WORKER
os name: Microsoft Windows Server 2019 Standard
os version: 10.0.17763 N/A Build 17763
os manufacturer: Microsoft Corporation
os configuration: Standalone Server
os build type: Multiprocessor Free
registered owner: Windows User
registered organization:
product id: 00429-00000-00001-AA615
original install date: 2020-03-28, 13:59:53
system boot time: 2023-11-23, 18:28:20
system manufacturer: VMware, Inc.
system model: VMware7,1
system type: x64-based PC
processor(s): 4 Processor(s) Installed.
[01]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
[02]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
[03]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
[04]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2295 Mhz
bios version: VMware, Inc. VMW71.00V.16707776.B64.2008070230, 2020-08-07
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume2
system locale: sv;Swedish
input locale: en-us;English (United States)
time zone: (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
total physical memory: 6?143 MB
available physical memory: 1?237 MB
virtual memory: Max Size: 7?487 MB
virtual memory: Available: 2?252 MB
virtual memory: In Use: 5?235 MB
page file location(s): C:\pagefile.sys
domain: WORKGROUP
logon server: N/A
hotfix(s): 5 Hotfix(s) Installed.
[01]: KB4552924
[02]: KB4494174
[03]: KB4539571
[04]: KB4562562
[05]: KB4561608
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Ethernet0 2
dhcp enabled: No
IP address(es)
[01]: 10.10.10.203
[02]: fe80::88b5:926:be4b:fd40
[03]: dead:beef::88b5:926:be4b:fd40
[04]: dead:beef::248
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
windowsbuildlabex : 17763.1.amd64fre.rs5_release.180914-1434
windowscurrentversion : 6.3
windowseditionid : ServerStandard
windowsinstallationtype : Server Core
windowsinstalldatefromregistry : 2020-03-28 12:59:53
windowsproductid : 00429-00000-00001-AA615
windowsproductname : Windows Server 2019 Standard
windowsregisteredowner : Windows User
windowssystemroot : C:\Windows
windowsversion : 1809
osserverlevel : ServerCore
timezone : (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
powerplatformrole : Desktop
deviceguardsmartstatus : OffMicrosoft Windows Server 2019 Standard
10.0.17763 N/A Build 17763
1809
ServerCore
x64-based
4 Processor(s)
sv;Swedish
5 Hotfix(s)
Networks
PS C:\windows\system32\inetsrv> ipconfig /all ; arp -a
Windows IP Configuration
Host Name . . . . . . . . . . . . : Worker
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : htb
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . : htb
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-B9-0F-75
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : dead:beef::248(Preferred)
Lease Obtained. . . . . . . . . . : den 23 november 2023 18:28:41
Lease Expires . . . . . . . . . . : den 23 november 2023 19:56:59
IPv6 Address. . . . . . . . . . . : dead:beef::88b5:926:be4b:fd40(Preferred)
Link-local IPv6 Address . . . . . : fe80::88b5:926:be4b:fd40%4(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.203(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::250:56ff:feb9:d784%4
10.10.10.2
DHCPv6 IAID . . . . . . . . . . . : 117461078
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-AC-4B-C4-00-50-56-B9-89-30
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
htb
Interface: 10.10.10.203 --- 0x4
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-d7-84 dynamic
10.10.10.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static dead:beef::248
dead:beef::88b5:926:be4b:fd40
PS C:\windows\system32\inetsrv> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 940
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3690 0.0.0.0:0 LISTENING 1812
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 512
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 416
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1156
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 656
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:49685 0.0.0.0:0 LISTENING 1784
TCP 10.10.10.203:139 0.0.0.0:0 LISTENING 4
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 940
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:8080 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 512
TCP [::]:49665 [::]:0 LISTENING 416
TCP [::]:49666 [::]:0 LISTENING 1156
TCP [::]:49667 [::]:0 LISTENING 656
TCP [::]:49668 [::]:0 LISTENING 676
TCP [::]:49685 [::]:0 LISTENING 17840.0.0.0:135
10.10.10.203:139
0.0.0.0:445
0.0.0.0:8080
Users & Groups
ps c:\windows\system32\inetsrv> NET user ; ls C:\Users
User accounts for \\
-------------------------------------------------------------------------------
aaralf abrall aceals
adaama Administrator aidang
ainann alaann aleapp
alearb alearm aliart
aliaru alkash alpast
alyath alyath1 amaauc
amaave amaayr ancbal
andbal andbal1 andogi
angbal angban aniban
annbar annbar1 antbar
aribar aribar1 aribar2
armbar ashbea ashbea1
ashbec audbec audbed
aurbee autbel baibel
baiben beaber becbet
belbev benbev bevbig
biabil blabin brabin
brabir brabir1 brebla
brebla1 bribla briblo
bribog brobol brobol1
brobon cadbos caibou
calbou calboy calbra
cambra cambra1 carbre
carbre1 carbre2 carbri
carbri1 carbri2 carbri3
carbri4 carbro casbro
casbro1 casbro2 catbro
ceabro chabro chabry
chabuc chebuc chebuc1
chebuc2 chlbud chrbun
chrbur chrbur1 ciebur
clabur codbur colbur
colbur1 conbur conbus
corbut coubux coucad
daical dakcal dakcar
damcar dancar dancaw
dancax darcay darcha
davcha dawcha DefaultAccount
descha descha1 devche
devche1 domche dreche
drechi drechi1 dulchu
duscla dylcla eglcla
elacle elicli elicli1
eloclu emecob emecob1
emicoc emlcoc emlcof
emmcog ericol ericol1
ericol2 estcol ethcol
evacol fabcon faicon
fracon gabcoo gabcor
garcor gavcor gercor
gidcot gilcou giocov
glecra gracra gracra1
Guest guycro hancro
hancro1 harcul haycum
haycun heacup heldag
herdal holdal hondan
hopdar iandav indde
iridea isaden isader
jacdev jacdev1 jaddig
jaidin jamd'o jamdol
jandol jandor jardud
jasdum jasdun jaydun
jazdun jendun jerdup
jesdur jesdur1 jesdur2
jesdut joddyk jodeas
johebe johock jonedg
jonelp jonely josemm
josesh joseto judeur
juleve jusewe kadfai
kalfal karfal kasfan
katfar katfay katfel
katfer kayfif keafif
keafil keefla keifle
keifli kelfoo kelfor
kelfor1 kelfos kenfot
kenfot1 kenfot2 keofre
kerfro kerful khaful
kiogan kirgar kirgar1
kodgar kylgas lacgav
langet langih laugil
laugir lavgir leigla
leigle leigli lesglo
lesgoa levgor liagou
liagra lingra lingre
lyngri machad machai
madhal madhal1 maehal
makhal makham makham1
malham malhan malhan1
marhar marhar1 mathar
mauhar mayhar meghar
melhas melhas1 michat
michat1 mikhat mirhat
morhav morhay nadhed
naohed nathel nathen
nather nather1 neihey
nichin nichin1 noahip
nuahip oakhol o'bhol
owehol paihol parhol
parhol1 pathop pauhor
payhos perhou peyhou
phihou quehub quihud
rachul raehun ramhun
ranhut rebhyd reeinc
reeing reiing renipr
restorer rhiire riairv
ricisa robish robisl
robive ronkay rubkei
rupkel ryakel sabken
samken sapket sarkil
sarkil1 scakin scokin
seakin seckir shakir
shakir1 shakir2 shekno
shikyl sielac skylan
skylan1 slolay slolec
solleg soplel stelev
sutlew tallew tamley
tanlin tanlin1 taylin
taylin1 taylin2 teslip
teslis theliv tholon
timlud timman todman
tremar tremas tremay
trimay trimea trimed
tylmer vanmey vanmid
vanmid1 vanmil waymor
WDAGUtilityAccount vedmil vermil
wesmos wesmox whimun
whimun1 whinai wianan
vicmil vicmof vicmon
wilnee wilnew vinmon
virmor wyanis xavnog
xennor xzynor zacnor
zacnor1 zagnor zeonor
zitnot zoeoak
The command completed with one or more errors.
directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 2020-03-28 14:59 .NET v4.5
d----- 2020-03-28 14:59 .NET v4.5 Classic
d----- 2020-08-18 00:33 Administrator
d-r--- 2020-03-28 14:01 Public
d----- 2020-07-22 01:11 restorer
d----- 2020-07-08 19:22 robislrestorer
robisl
ps c:\windows\system32\inetsrv> NET localgroup
Aliases for \\WORKER
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Dev
*Device Owners
*Distributed COM Users
*Event Log Readers
*Finance
*Guests
*Human Resources
*Hyper-V Administrators
*IIS_IUSRS
*IT
*Logistics
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*Production
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Sourcing
*SQLServer2005SQLBrowserUser$WORKER
*Storage Replica Administrators
*System Managed Accounts Group
*TFS_APPTIER_SERVICE_WPG
*Users
*VSTS_AgentService_G181f7
*VSTS_AgentService_G3eff7
*VSTS_AgentService_G5f35d
*VSTS_AgentService_G81207
*VSTS_AgentService_G8be50
*VSTS_AgentService_G8f9d6
*VSTS_AgentService_G93a88
*VSTS_AgentService_Gb286d
*VSTS_AgentService_Gb4ad8
*VSTS_AgentService_Ge7dab
*VSTS_AgentService_Ged5e3
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.Dev
Finance
Human Resources
IT
Logistics
Sourcing
Production
SQLServer2005SQLBrowserUser$WORKER
TFS_APPTIER_SERVICE_WPG
VSTS_AgentService_G181f7
VSTS_AgentService_G3eff7
VSTS_AgentService_G5f35d
VSTS_AgentService_G81207
VSTS_AgentService_G8be50
VSTS_AgentService_G8f9d6
VSTS_AgentService_G93a88
VSTS_AgentService_Gb286d
VSTS_AgentService_Gb4ad8
VSTS_AgentService_Ge7dab
VSTS_AgentService_Ged5e3
Processes
PS C:\windows\system32\inetsrv> ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
549 36 26400 49816 1584 0 Agent.Listener
570 37 26612 50024 1692 0 Agent.Listener
555 36 26528 50144 1884 0 Agent.Listener
542 36 26288 49796 2848 0 Agent.Listener
562 37 26592 49992 3508 0 Agent.Listener
489 38 28108 52456 4568 0 Agent.Listener
541 36 26304 49724 4720 0 Agent.Listener
570 37 26672 50224 4824 0 Agent.Listener
560 36 26368 49824 4960 0 Agent.Listener
552 36 26636 49936 5828 0 Agent.Listener
567 37 26648 50200 7008 0 Agent.Listener
262 15 8160 12948 428 0 AgentService
256 15 8160 12980 672 0 AgentService
258 15 8128 12908 1896 0 AgentService
268 15 8224 13004 3548 0 AgentService
267 15 8188 12980 4164 0 AgentService
260 15 8112 12900 4700 0 AgentService
263 15 8196 12972 5052 0 AgentService
265 15 8124 12908 5344 0 AgentService
265 15 8128 12916 5904 0 AgentService
262 15 8124 12912 5980 0 AgentService
262 15 8116 12908 6164 0 AgentService
120 7 6436 11120 596 0 conhost
120 7 6436 11124 1004 0 conhost
148 9 6668 13000 0,13 1520 0 conhost
120 7 6432 11124 1892 0 conhost
120 7 6436 11124 3876 0 conhost
117 7 6436 11128 4264 0 conhost
120 7 6440 11124 4304 0 conhost
120 7 6436 11128 4552 0 conhost
164 11 6900 16372 4668 1 conhost
120 7 6436 11120 4856 0 conhost
117 7 6436 11136 4880 0 conhost
120 7 6428 11120 5840 0 conhost
120 7 6440 11124 7024 0 conhost
632 20 2312 5516 436 0 csrss
177 13 1680 4724 520 1 csrss
258 13 4156 13928 3100 0 dllhost
49 6 1516 4864 844 1 fontdrvhost
49 6 1388 4472 852 0 fontdrvhost
0 0 56 8 0 0 Idle
287 16 3076 13864 4588 1 LogonUI
1131 23 7672 17336 676 0 lsass
227 13 3064 10396 3428 0 msdtc
506 64 127876 131960 1088 0 MsMpEng
601 35 81448 123684 2,11 5536 0 powershell
0 14 380 21604 104 0 Registry
494 10 4200 8472 656 0 services
53 3 532 1208 340 0 smss
122 10 1448 4556 1736 0 sqlbrowser
504 28 55912 67684 2352 0 sqlceip
816 112 1341472 1249720 1784 0 sqlservr
137 9 1924 7876 1772 0 sqlwriter
309 13 9380 13800 416 0 svchost
232 11 2568 10152 756 0 svchost
146 9 1676 6484 776 0 svchost
85 5 880 3824 796 0 svchost
275 12 3044 9332 820 0 svchost
551 15 3896 10120 940 0 svchost
235 10 1760 6884 988 0 svchost
174 9 1856 7532 1012 0 svchost
421 9 2852 9044 1032 0 svchost
120 9 1228 5416 1120 0 svchost
325 17 4392 13692 1156 0 svchost
137 21 5456 9412 1192 0 svchost
229 13 3008 8468 1228 0 svchost
214 9 2256 7648 1236 0 svchost
395 31 6592 14420 1336 0 svchost
115 7 1216 5760 1396 0 svchost
190 10 1880 7612 1416 0 svchost
179 10 1876 8492 1508 0 svchost
165 11 3896 10920 1608 0 svchost
265 13 2560 7940 1616 0 svchost
384 18 14852 27384 1624 0 svchost
118 7 1180 5472 1632 0 svchost
336 14 4220 11148 1640 0 svchost
230 24 3340 12292 1652 0 svchost
211 11 2308 8400 1684 0 svchost
169 8 2196 7468 1696 0 svchost
140 8 1516 6132 1836 0 svchost
244 14 11104 10700 1856 0 svchost
364 15 12700 21600 1900 0 svchost
216 12 1828 7544 1912 0 svchost
251 15 5356 12624 1976 0 svchost
243 13 3960 11168 2336 0 svchost
456 17 3288 11300 2660 0 svchost
264 10 2392 8392 2904 0 svchost
167 10 1856 7364 3216 0 svchost
301 16 4224 16812 4184 0 svchost
274 20 8040 13152 4532 0 svchost
151 14 2008 8120 1812 0 svnserve
1473 0 192 124 4 0 System
2360 348 696068 793172 2372 0 TfsJobAgent
2700 461 1607728 1535504 3620 0 w3wp
178 12 3228 10300 1932 0 VGAuthService
174 11 1480 6732 512 0 wininit
235 11 2488 10880 584 1 winlogon
333 15 9336 18372 3344 0 WmiPrvSE
385 22 9784 23424 1924 0 vmtoolsd Agent.Listener
AgentService
MsMpEng; Defender
sqlbrowser
sqlceip
sqlservr
sqlwriter
svnserve
TfsJobAgent
Services
ps c:\windows\system32\inetsrv> Get-Service | Where-Object {$_.Status -eq "Running"}
Status Name DisplayName
------ ---- -----------
Running AppHostSvc Application Host Helper Service
Running BFE Base Filtering Engine
Running COMSysApp COM+ System Application
Running CoreMessagingRe... CoreMessaging
Running CryptSvc Cryptographic Services
Running DcomLaunch DCOM Server Process Launcher
Running Dhcp DHCP Client
Running DiagTrack Connected User Experiences and Tele...
Running Dnscache DNS Client
Running DPS Diagnostic Policy Service
Running EventLog Windows Event Log
Running EventSystem COM+ Event System
Running gpsvc Group Policy Client
Running IKEEXT IKE and AuthIP IPsec Keying Modules
Running iphlpsvc IP Helper
Running KeyIso CNG Key Isolation
Running LanmanServer Server
Running LanmanWorkstation Workstation
Running lmhosts TCP/IP NetBIOS Helper
Running LSM Local Session Manager
Running mpssvc Windows Defender Firewall
Running MSDTC Distributed Transaction Coordinator
Running MSSQL$SQLEXPRESS SQL Server (SQLEXPRESS)
Running netprofm Network List Service
Running NlaSvc Network Location Awareness
Running nsi Network Store Interface Service
Running PlugPlay Plug and Play
Running PolicyAgent IPsec Policy Agent
Running Power Power
Running ProfSvc User Profile Service
Running RpcEptMapper RPC Endpoint Mapper
Running RpcSs Remote Procedure Call (RPC)
Running SamSs Security Accounts Manager
Running Schedule Task Scheduler
Running SENS System Event Notification Service
Running SQLBrowser SQL Server Browser
Running SQLTELEMETRY$SQ... SQL Server CEIP service (SQLEXPRESS)
Running SQLWriter SQL Server VSS Writer
Running svnserve Subversion Server
Running SysMain SysMain
Running SystemEventsBroker System Events Broker
Running TFSJobAgent Azure DevOps Server Background Job ...
Running TimeBrokerSvc Time Broker
Running UALSVC User Access Logging Service
Running UserManager User Manager
Running UsoSvc Update Orchestrator Service
Running W32Time Windows Time
Running W3SVC World Wide Web Publishing Service
Running WAS Windows Process Activation Service
Running VGAuthService VMware Alias Manager and Ticket Ser...
Running WinDefend Windows Defender Antivirus Service
Running WinHttpAutoProx... WinHTTP Web Proxy Auto-Discovery Se...
Running Winmgmt Windows Management Instrumentation
Running WinRM Windows Remote Management (WS-Manag...
Running VMTools VMware Tools
Running vstsagent.127.D... Azure Pipelines Agent (127.Default....
Running vstsagent.127.D... Azure Pipelines Agent (127.Default....
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...
Running vstsagent.127.S... Azure Pipelines Agent (127.Setup.Ha...svnserve
Tasks
PS C:\windows\system32\inetsrv> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
PS C:\windows\system32\inetsrv> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 2023-11-24 04:43:06 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 2023-11-24 00:00:00 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Scan 2023-12-20 12:13:03 Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Device 2023-11-24 04:32:57 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 2023-11-23 21:03:37 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan 2023-11-24 02:40:02 Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 2023-11-23 20:14:17 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start 2023-11-24 18:27:49 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready Firewall & AV
ps c:\windows\system32\inetsrv> netsh firewall show config
domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
allowed programs configuration for domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
enable inbound azure devops server: TeamFoundationSshService / C:\Program Files\Azure DevOps Server 2019\Application Tier\Web Services\bin\TeamFoundationSshService.exe
port configuration for domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
5985 TCP Enable Inbound open winrm
3690 TCP Enable Inbound Open Port 3690
8080 tcp enable inbound azure devops server:8080
icmp configuration for domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 8 Allow inbound echo request
standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
allowed programs configuration for standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
enable inbound azure devops server: TeamFoundationSshService / C:\Program Files\Azure DevOps Server 2019\Application Tier\Web Services\bin\TeamFoundationSshService.exe
port configuration for standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
5985 TCP Enable Inbound open winrm
3690 TCP Enable Inbound Open Port 3690
8080 tcp enable inbound azure devops server:8080
icmp configuration for standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 8 Allow inbound echo request
log configuration:
-------------------------------------------------------------------
file location = c:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
important: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .FW is partially enable, yet ineffective
ps c:\windows\system32\inetsrv> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
amengineversion : 1.1.17300.4
amproductversion : 4.18.2007.8
amserviceenabled : True
amserviceversion : 4.18.2007.8
antispywareenabled : True
antispywaresignatureage : 1189
antispywaresignaturelastupdated : 2020-08-21 05:49:01
antispywaresignatureversion : 1.321.1860.0
antivirusenabled : True
antivirussignatureage : 1189
antivirussignaturelastupdated : 2020-08-21 05:49:02
antivirussignatureversion : 1.321.1860.0
behaviormonitorenabled : False
computerid : 3090246E-55B1-40DC-A650-44969D546850
computerstate : 0
fullscanage : 4294967295
fullscanendtime :
fullscanstarttime :
ioavprotectionenabled : False
istamperprotected : False
isvirtualmachine : True
lastfullscansource : 0
lastquickscansource : 2
nisenabled : False
nisengineversion : 0.0.0.0
nissignatureage : 4294967295
nissignaturelastupdated :
nissignatureversion : 0.0.0.0
onaccessprotectionenabled : False
quickscanage : 0
quickscanendtime : 2023-11-23 18:59:55
quickscanstarttime : 2023-11-23 18:58:51
realtimeprotectionenabled : False
realtimescandirection : 0
pscomputername :
exclusionpath : {C:\Program Files\Azure DevOps Server 2019\, C:\Program Files\Microsoft SQL Server\, C:\Windows\Service
profiles\networkservice\appdata\local\temp, c:\Windows\System32\inetsrv\...}AV is partially enabled
Session Architecture
PS C:\windows\system32\inetsrv> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
ps c:\windows\system32\inetsrv> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 32D6-9041
directory of c:\Windows\Microsoft.NET\Framework
2018-09-15 08:12 <DIR> .
2018-09-15 08:12 <DIR> ..
2018-09-15 08:12 <DIR> v1.0.3705
2018-09-15 08:12 <DIR> v1.1.4322
2018-09-15 08:12 <DIR> v2.0.50727
2023-11-23 18:39 <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 10?119?110?656 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
smsvchostpath reg_sz c:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
installpath reg_sz c:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
installpath reg_sz c:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03190