System/Kernel
PS C:\Users\dev-datasci-lowpriv> cmd /c ver
Microsoft Windows [Version 10.0.17763.3287]
PS C:\Users\dev-datasci-lowpriv> systeminfo ; Get-ComputerInfo
ERROR: Access denied
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerStandard
WindowsInstallationType : Server
WindowsInstallDateFromRegistry : 8/25/2022 11:33:52 AM
WindowsProductId : 00429-70000-00000-AA312
WindowsProductName : Windows Server 2019 Standard
WindowsRegisteredOwner : Windows User
WindowsSystemRoot : C:\Windows
WindowsVersion : 1809
OsServerLevel : FullServer
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
LogonServer : \\DEV-DATASCI-JUP
PowerPlatformRole : Desktop
DeviceGuardSmartStatus : OffMicrosoft Windows [Version 10.0.17763.3287]WindowsProductName : Windows Server 2019 Standard
Networks
PS C:\Users\dev-datasci-lowpriv> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : DEV-DATASCI-JUP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eu-west-1.ec2-utilities.amazonaws.com
eu-west-1.compute.internal
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . : eu-west-1.compute.internal
Description . . . . . . . . . . . : Amazon Elastic Network Adapter
Physical Address. . . . . . . . . : 02-79-80-FB-11-A1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d8e2:297b:2f60:4487%3(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.62.163(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Sunday, July 6, 2025 7:38:23 AM
Lease Expires . . . . . . . . . . : Sunday, July 6, 2025 9:08:23 AM
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.1
DHCPv6 IAID . . . . . . . . . . . : 134919363
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-99-40-96-00-0C-29-DE-7D-62
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 10.10.62.163 --- 0x3
Internet Address Physical Address Type
10.10.0.1 02-c8-85-b5-5a-aa dynamic
10.10.255.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Can't find file routePS C:\Users\dev-datasci-lowpriv> netstat -ano | Select-String LIST
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 1240
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 860
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 976
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2760
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 532
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 348
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1956
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 968
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 1768
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING 620
TCP 10.10.62.163:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:49749 0.0.0.0:0 LISTENING 544
TCP 127.0.0.1:49750 0.0.0.0:0 LISTENING 544
TCP 127.0.0.1:49751 0.0.0.0:0 LISTENING 544
TCP 127.0.0.1:49752 0.0.0.0:0 LISTENING 544
TCP 127.0.0.1:49753 0.0.0.0:0 LISTENING 544
TCP 127.0.0.1:51019 0.0.0.0:0 LISTENING 544
TCP [::]:22 [::]:0 LISTENING 1240
TCP [::]:135 [::]:0 LISTENING 860
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 976
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:8888 [::]:0 LISTENING 2760
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 532
TCP [::]:49665 [::]:0 LISTENING 348
TCP [::]:49667 [::]:0 LISTENING 1956
TCP [::]:49668 [::]:0 LISTENING 968
TCP [::]:49669 [::]:0 LISTENING 628
TCP [::]:49670 [::]:0 LISTENING 1768
TCP [::]:49671 [::]:0 LISTENING 620Users & Groups
PS C:\Users\dev-datasci-lowpriv> net users ; net user /DOMAIN ; ls C:\Users
User accounts for \\
-------------------------------------------------------------------------------
Administrator DefaultAccount dev-datasci-lowpriv
Guest sshd WDAGUtilityAccount
The command completed with one or more errors.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 8/25/2022 5:54 AM Administrator
d----- 8/25/2022 6:08 AM dev-datasci-lowpriv
d-r--- 8/25/2022 4:34 AM PublicPS C:\Users\dev-datasci-lowpriv> net localgroup ; net group /DOMAIN
Aliases for \\DEV-DATASCI-JUP
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Storage Replica Administrators
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.Processes
PS C:\Users\dev-datasci-lowpriv> Get-WmiObject Win32_Process | % { $s = (Get-CimInstance Win32_Service | ? { $_.ProcessId -eq $_.Process
Id }).Name -join ", "; $u = $_.GetOwner(); [PSCustomObject]@{ Name = $_.Name; PID = $_.ProcessId; User = "$($u.Domain)$($u.User)"} } | f
t -AutoSize
Get-WmiObject : Access denied
At line:1 char:1
+ Get-WmiObject Win32_Process | % { $s = (Get-CimInstance Win32_Service ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
PS C:\Users\dev-datasci-lowpriv> cmd /c tasklist /svc ; ps
ERROR: Access denied
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
0 53 1788 3520 1052 0 bash
0 9 388 1600 3240 0 bash
73 5 2260 816 0.00 2652 1 cmd
78 5 2360 4020 0.00 3828 0 cmd
99 5 884 4300 2540 0 CompatTelRunner
551 23 39272 4944 4000 0 CompatTelRunner
159 10 6688 12892 2128 0 conhost
114 6 1208 5060 0.22 2680 0 conhost
152 9 6668 1752 2704 0 conhost
204 12 7212 2052 0.14 3508 1 conhost
156 9 6644 12952 3580 0 conhost
133 8 6528 1204 3708 0 conhost
356 14 2256 5184 400 0 csrss
263 11 2112 5040 476 1 csrss
359 15 3560 14720 0.19 3116 1 ctfmon
584 29 21012 47928 948 1 dwm
1417 55 21488 76704 2.38 3376 1 explorer
53 6 1924 5488 772 1 fontdrvhost
53 6 1428 3760 776 0 fontdrvhost
241 14 2456 1772 3032 0 GoogleUpdate
0 0 56 8 0 0 Idle
0 3 136 156 3272 0 init
0 3 136 156 3440 0 init
865 23 5052 14476 628 0 lsass
232 13 2932 10492 2772 0 msdtc
656 31 61520 76884 1.23 2332 0 powershell
75 6 5384 468 0.08 3596 1 python
0 547 34860 42496 544 0 python3.7
0 786 48140 56964 2760 0 python3.7
0 38 3652 6760 3860 0 python3.8
0 13 480 85508 84 0 Registry
226 12 2180 12456 0.13 2220 1 RuntimeBroker
236 12 2672 16832 0.09 3844 1 RuntimeBroker
288 15 5304 16636 0.38 4032 1 RuntimeBroker
673 32 19684 62476 0.69 3816 1 SearchUI
316 11 3744 7964 620 0 services
763 29 17948 59648 0.94 3688 1 ShellExperienceHost
451 17 5080 24840 0.53 2556 1 sihost
53 3 496 1224 280 0 smss
477 22 5788 16780 1956 0 spoolsv
121 12 1560 6892 1240 0 sshd
134 10 2232 7404 0.05 3748 0 sshd
130 9 2116 7628 3800 0 sshd
0 24 588 2092 3588 0 su
0 26 844 2708 3476 0 sudo
598 32 11972 22292 268 0 svchost
625 19 12856 23880 348 0 svchost
852 22 6332 23252 748 0 svchost
707 16 4572 11116 860 0 svchost
1875 104 44292 76584 968 0 svchost
506 19 4232 13336 976 0 svchost
586 30 8216 25284 1132 0 svchost
684 38 8412 22684 1196 0 svchost
484 21 16780 31580 2012 0 svchost
203 10 2136 8320 2116 0 svchost
480 21 7224 32428 0.52 2708 1 svchost
229 12 2484 10636 3016 0 svchost
11700 0 192 140 4 0 System
181 11 2044 11080 0.05 2456 1 taskhostw
148 8 1712 7088 1444 0 vm3dservice
141 9 1816 7568 2060 1 vm3dservice
142 9 1788 7544 2792 1 vm3dservice
172 11 1428 6836 532 0 wininit
283 12 2688 12684 548 1 winlogon
176 10 2648 9128 1496 0 WmiPrvSE
125 7 1212 1388 2624 0 wsl
106 6 980 1572 3544 0 wslhost241 14 2456 1772 3032 0 GoogleUpdate75 6 5384 468 0.08 3596 1 python0 547 34860 42496 544 0 python3.70 786 48140 56964 2760 0 python3.70 38 3652 6760 3860 0 python3.8477 22 5788 16780 1956 0 spoolsv125 7 1212 1388 2624 0 wsl106 6 980 1572 3544 0 wslhost
Tasks
PS C:\Users\dev-datasci-lowpriv> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
Get-ScheduledTask : Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-ScheduledTask
PS C:\Users\dev-datasci-lowpriv> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
Python N/A Running
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
Server Initial Configuration Task N/A Disabled
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 7/7/2025 3:19:11 AM Ready
ProgramDataUpdater N/A Running
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 7/6/2025 12:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Scan 8/2/2025 4:45:29 AM Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 7/7/2025 3:59:03 AM Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 7/6/2025 11:00:03 AM Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Queued
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
Folder: \Microsoft\Windows\Server Manager
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\Software Inventory Logging
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
SpeechModelDownloadTask 7/7/2025 1:25:56 AM Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 7/6/2025 9:18:12 AM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start N/A Ready
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Recovery-Check N/A Disabled\Python
Services
PS C:\Users\dev-datasci-lowpriv> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object
ERROR:
Description = Access denied
PS C:\Users\dev-datasci-lowpriv> Get-Service
Get-Service : Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
+ Get-Service
+ ~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-Service], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetServiceCommand
PS C:\Users\dev-datasci-lowpriv> Get-CimInstance -ClassName win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'R
unning'}
Get-CimInstance : Access denied
At line:1 char:1
+ Get-CimInstance -ClassName win32_service | Select Name,State,PathName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (root\cimv2:win32_service:String) [Get-CimInstance], CimException
+ FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
PS C:\Users\dev-datasci-lowpriv> net start
System error 5 has occurred.
Access is denied.Installed Programs
PS C:\Users\dev-datasci-lowpriv> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432
Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyC
ontinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique ; ls "C:\P
rogram Files" ; ls "C:\Program Files (x86)"
Amazon SSM Agent
Google Chrome
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913
Python 3.10.6 (64-bit)
Python 3.10.6 Add to Path (64-bit)
Python 3.10.6 Core Interpreter (64-bit)
Python 3.10.6 Development Libraries (64-bit)
Python 3.10.6 Documentation (64-bit)
Python 3.10.6 Executables (64-bit)
Python 3.10.6 pip Bootstrap (64-bit)
Python 3.10.6 Standard Library (64-bit)
Python 3.10.6 Tcl/Tk Support (64-bit)
Python 3.10.6 Test Suite (64-bit)
Python 3.10.6 Utility Scripts (64-bit)
Python Launcher
VMware Tools
Directory: C:\Program Files
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 8/25/2022 10:19 AM Amazon
d----- 8/25/2022 4:36 AM Common Files
d----- 8/25/2022 5:16 AM Google
d----- 8/25/2022 4:59 AM internet explorer
d----- 8/25/2022 10:13 AM VMware
d-r--- 8/25/2022 4:59 AM Windows Defender
d----- 8/25/2022 4:59 AM Windows Defender Advanced Threat Protection
d----- 8/25/2022 4:59 AM Windows Mail
d----- 8/25/2022 4:59 AM Windows Media Player
d----- 9/15/2018 12:19 AM Windows Multimedia Platform
d----- 9/15/2018 12:28 AM windows nt
d----- 8/25/2022 4:59 AM Windows Photo Viewer
d----- 9/15/2018 12:19 AM Windows Portable Devices
d----- 9/15/2018 12:19 AM Windows Security
d----- 9/15/2018 12:19 AM WindowsPowerShell
Directory: C:\Program Files (x86)
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 9/15/2018 12:28 AM Common Files
d----- 7/6/2025 7:56 AM Google
d----- 8/25/2022 4:59 AM Internet Explorer
d----- 9/15/2018 12:19 AM Microsoft.NET
d----- 8/25/2022 4:59 AM Windows Defender
d----- 8/25/2022 4:59 AM Windows Mail
d----- 8/25/2022 4:59 AM Windows Media Player
d----- 9/15/2018 12:19 AM Windows Multimedia Platform
d----- 9/15/2018 12:28 AM windows nt
d----- 8/25/2022 4:59 AM Windows Photo Viewer
d----- 9/15/2018 12:19 AM Windows Portable Devices
d----- 9/15/2018 12:19 AM WindowsPowerShellGoogle ChromePython
Firewall & AV
PS C:\Users\dev-datasci-lowpriv> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable Yes Network Discovery
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\Users\dev-datasci-lowpriv> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Get-MpComputerStatus : Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpComputerStatus:String) [Get-MpComputerStatus], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpComputerStatus
Get-MpPreference : Cannot connect to CIM server. Access denied
At line:1 char:24
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpPreference:String) [Get-MpPreference], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpPreferenceSession Architecture
PS C:\Users\dev-datasci-lowpriv> [Environment]::Is64BitProcess
True Installed .NET Frameworks
PS C:\Users\dev-datasci-lowpriv> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Micr
osoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 8AA3-53D1
Directory of C:\Windows\Microsoft.NET\Framework
09/15/2018 12:19 AM <DIR> .
09/15/2018 12:19 AM <DIR> ..
09/15/2018 12:19 AM <DIR> v1.0.3705
09/15/2018 12:19 AM <DIR> v1.1.4322
09/15/2018 12:19 AM <DIR> v2.0.50727
07/06/2025 07:48 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 36,659,597,312 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03190