Skip to content

Instantly share code, notes, and snippets.

@Peilonrayz

Peilonrayz/info.txt Secret

Created April 5, 2018 11:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Peilonrayz/6d7844a1cff379ad13006de316a3d45d to your computer and use it in GitHub Desktop.
Save Peilonrayz/6d7844a1cff379ad13006de316a3d45d to your computer and use it in GitHub Desktop.
Download ZIP
Output of `.\DockerDebugInfo.ps1 | Out-File .\info.txt`
Raw
info.txt
>>>>>> OS Version
SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 14393
RegisteredUser : Windows User
SerialNumber : 00377-70192-18323-AA345
Version : 10.0.14393
>>>>>> Computer Info
PSComputerName : [hostname]
AdminPasswordStatus : 1
BootupState : Normal boot
ChassisBootupState : 3
KeyboardPasswordStatus : 3
PowerOnPasswordStatus : 0
PowerSupplyState : 3
PowerState : 0
FrontPanelResetStatus : 3
ThermalState : 3
Status : OK
Name : [hostname]
PowerManagementCapabilities :
PowerManagementSupported :
__GENUS : 2
__CLASS : Win32_ComputerSystem
__SUPERCLASS : CIM_UnitaryComputerSystem
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_ComputerSystem.Name="[hostname]"
__PROPERTY_COUNT : 64
__DERIVATION : {CIM_UnitaryComputerSystem, CIM_ComputerSystem, CIM_System, CIM_LogicalElement...}
__SERVER : [hostname]
__NAMESPACE : root\cimv2
__PATH : \\[hostname]\root\cimv2:Win32_ComputerSystem.Name="[hostname]"
AutomaticManagedPagefile : True
AutomaticResetBootOption : True
AutomaticResetCapability : True
BootOptionOnLimit : 3
BootOptionOnWatchDog : 3
BootROMSupported : True
BootStatus : {0, 0, 0, 0...}
Caption : [hostname]
ChassisSKUNumber :
CreationClassName : Win32_ComputerSystem
CurrentTimeZone : 60
DaylightInEffect : True
Description : AT/AT COMPATIBLE
DNSHostName : [hostname]
Domain : [fq domain name]
DomainRole : 3
EnableDaylightSavingsTime : True
HypervisorPresent : True
InfraredSupported : False
InitialLoadInfo :
InstallDate :
LastLoadInfo :
Manufacturer : VMware, Inc.
Model : VMware Virtual Platform
NameFormat :
NetworkServerModeEnabled : True
NumberOfLogicalProcessors : 4
NumberOfProcessors : 4
OEMLogoBitmap :
OEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7], Welcome to the Virtual Machine}
PartOfDomain : True
PauseAfterReset : 3932100000
PCSystemType : 1
PCSystemTypeEx : 1
PrimaryOwnerContact :
PrimaryOwnerName : Windows User
ResetCapability : 1
ResetCount : -1
ResetLimit : -1
Roles : {LM_Workstation, LM_Server, NT, Server_NT}
SupportContactDescription :
SystemFamily :
SystemSKUNumber :
SystemStartupDelay :
SystemStartupOptions :
SystemStartupSetting :
SystemType : x64-based PC
TotalPhysicalMemory : 8589463552
UserName :
WakeUpType : 6
Workgroup :
Scope : System.Management.ManagementScope
Path : \\[hostname]\root\cimv2:Win32_ComputerSystem.Name="[hostname]"
Options : System.Management.ObjectGetOptions
ClassPath : \\[hostname]\root\cimv2:Win32_ComputerSystem
Properties : {AdminPasswordStatus, AutomaticManagedPagefile, AutomaticResetBootOption, AutomaticResetCapability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
>>>>>> CPU Info
PSComputerName : [hostname]
Availability : 3
CpuStatus : 1
CurrentVoltage : 33
DeviceID : CPU0
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 38
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize : 512
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 2305
SocketDesignation : CPU socket #0
Version : Model 9, Stepping 1
VoltageCaps : 2
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU0"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : [hostname]
__NAMESPACE : root\cimv2
__PATH : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU0"
Architecture : 9
AssetTag :
Caption : AMD64 Family 16 Model 9 Stepping 1
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : AMD64 Family 16 Model 9 Stepping 1
Family : 2
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 16
Manufacturer : AuthenticAMD
Name : AMD Opteron(tm) Processor 6176 SE
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 078BFBFF00100F91
Role : CPU
SecondLevelAddressTranslationExtensions : False
SerialNumber :
Stepping : 1
SystemCreationClassName : Win32_ComputerSystem
SystemName : [hostname]
ThreadCount :
UniqueId :
UpgradeMethod : 4
VirtualizationFirmwareEnabled : True
VMMonitorModeExtensions : False
Scope : System.Management.ManagementScope
Path : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU0"
Options : System.Management.ObjectGetOptions
ClassPath : \\[hostname]\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture, AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
PSComputerName : [hostname]
Availability : 3
CpuStatus : 1
CurrentVoltage : 33
DeviceID : CPU1
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 55
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize : 512
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 2305
SocketDesignation : CPU socket #1
Version : Model 9, Stepping 1
VoltageCaps : 2
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU1"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : [hostname]
__NAMESPACE : root\cimv2
__PATH : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU1"
Architecture : 9
AssetTag :
Caption : AMD64 Family 16 Model 9 Stepping 1
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : AMD64 Family 16 Model 9 Stepping 1
Family : 2
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 16
Manufacturer : AuthenticAMD
Name : AMD Opteron(tm) Processor 6176 SE
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 078BFBFF00000F91
Role : CPU
SecondLevelAddressTranslationExtensions : False
SerialNumber :
Stepping : 1
SystemCreationClassName : Win32_ComputerSystem
SystemName : [hostname]
ThreadCount :
UniqueId :
UpgradeMethod : 4
VirtualizationFirmwareEnabled : True
VMMonitorModeExtensions : False
Scope : System.Management.ManagementScope
Path : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU1"
Options : System.Management.ObjectGetOptions
ClassPath : \\[hostname]\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture, AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
PSComputerName : [hostname]
Availability : 3
CpuStatus : 1
CurrentVoltage : 33
DeviceID : CPU2
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 8
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize : 512
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 2305
SocketDesignation : CPU socket #2
Version : Model 9, Stepping 1
VoltageCaps : 2
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU2"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : [hostname]
__NAMESPACE : root\cimv2
__PATH : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU2"
Architecture : 9
AssetTag :
Caption : AMD64 Family 16 Model 9 Stepping 1
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : AMD64 Family 16 Model 9 Stepping 1
Family : 2
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 16
Manufacturer : AuthenticAMD
Name : AMD Opteron(tm) Processor 6176 SE
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 078BFBFF00000F91
Role : CPU
SecondLevelAddressTranslationExtensions : False
SerialNumber :
Stepping : 1
SystemCreationClassName : Win32_ComputerSystem
SystemName : [hostname]
ThreadCount :
UniqueId :
UpgradeMethod : 4
VirtualizationFirmwareEnabled : True
VMMonitorModeExtensions : False
Scope : System.Management.ManagementScope
Path : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU2"
Options : System.Management.ObjectGetOptions
ClassPath : \\[hostname]\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture, AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
PSComputerName : [hostname]
Availability : 3
CpuStatus : 1
CurrentVoltage : 33
DeviceID : CPU3
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 2
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize : 512
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 2305
SocketDesignation : CPU socket #3
Version : Model 9, Stepping 1
VoltageCaps : 2
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU3"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : [hostname]
__NAMESPACE : root\cimv2
__PATH : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU3"
Architecture : 9
AssetTag :
Caption : AMD64 Family 16 Model 9 Stepping 1
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : AMD64 Family 16 Model 9 Stepping 1
Family : 2
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 16
Manufacturer : AuthenticAMD
Name : AMD Opteron(tm) Processor 6176 SE
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 078BFBFF00000F91
Role : CPU
SecondLevelAddressTranslationExtensions : False
SerialNumber :
Stepping : 1
SystemCreationClassName : Win32_ComputerSystem
SystemName : [hostname]
ThreadCount :
UniqueId :
UpgradeMethod : 4
VirtualizationFirmwareEnabled : True
VMMonitorModeExtensions : False
Scope : System.Management.ManagementScope
Path : \\[hostname]\root\cimv2:Win32_Processor.DeviceID="CPU3"
Options : System.Management.ObjectGetOptions
ClassPath : \\[hostname]\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture, AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
>>>>>> Board Info
PSComputerName : [hostname]
Status : OK
Name : Base Board
PoweredOn : True
__GENUS : 2
__CLASS : Win32_BaseBoard
__SUPERCLASS : CIM_Card
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_BaseBoard.Tag="Base Board"
__PROPERTY_COUNT : 29
__DERIVATION : {CIM_Card, CIM_PhysicalPackage, CIM_PhysicalElement, CIM_ManagedSystemElement}
__SERVER : [hostname]
__NAMESPACE : root\cimv2
__PATH : \\[hostname]\root\cimv2:Win32_BaseBoard.Tag="Base Board"
Caption : Base Board
ConfigOptions :
CreationClassName : Win32_BaseBoard
Depth :
Description : Base Board
Height :
HostingBoard : False
HotSwappable : False
InstallDate :
Manufacturer : Intel Corporation
Model :
OtherIdentifyingInfo :
PartNumber :
Product : 440BX Desktop Reference Platform
Removable : False
Replaceable : False
RequirementsDescription :
RequiresDaughterBoard : False
SerialNumber : None
SKU :
SlotLayout :
SpecialRequirements :
Tag : Base Board
Version : None
Weight :
Width :
Scope : System.Management.ManagementScope
Path : \\[hostname]\root\cimv2:Win32_BaseBoard.Tag="Base Board"
Options : System.Management.ObjectGetOptions
ClassPath : \\[hostname]\root\cimv2:Win32_BaseBoard
Properties : {Caption, ConfigOptions, CreationClassName, Depth...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
>>>>>> Installed Files
Directory: C:\Users\a-jew
Mode LastWriteTime Length Name
---- ------------- ------ ----
d-r--- 05/04/2018 10:41 Contacts
d-r--- 05/04/2018 10:41 Desktop
d-r--- 05/04/2018 12:26 Documents
d-r--- 05/04/2018 10:41 Downloads
d-r--- 05/04/2018 10:41 Favorites
d-r--- 05/04/2018 10:41 Links
d-r--- 05/04/2018 10:41 Music
d-r--- 05/04/2018 10:41 Pictures
d-r--- 05/04/2018 10:41 Saved Games
d-r--- 05/04/2018 10:41 Searches
d-r--- 05/04/2018 10:41 Videos
>>>>>> Installed Resources
Directory: C:\Users\a-jew\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 03/04/2018 09:48 5178 DockerDebugInfo.ps1
-a---- 05/04/2018 12:26 0 info.txt
>>>>>> Get-VMHost
LogicalProcessorCount : 4
ResourceMeteringSaveInterval : 01:00:00
HostNumaStatus : {[hostname]}
NumaStatus : {}
IovSupport : False
IovSupportReasons : {The Virtualization Infrastructure Driver (VID) is not running. Ensure that the VID is properly installed and enabled., SR-IOV cannot be used on this computer because the processor does not support second level address
translation (SLAT). For Intel processors, this feature might be referred to as Extended Page Tables (EPT). For AMD processors, this feature might be referred to as Rapid Virtualization Indexing (RVI) or Nested Page Tables
(NPT)., To use SR-IOV on this system, the system BIOS must be updated to allow Windows to control PCI Express. Contact your system manufacturer for an update., SR-IOV cannot be used on this system as the PCI Express hardware
does not support Access Control Services (ACS) at any root port. Contact your system vendor for further information.}
InternalNetworkAdapters : {Container Port 59d8a468, Container Port 74070142, HNS Internal NIC Port, Container Port 54fa0646...}
ExternalNetworkAdapters : {}
SupportedVmVersions : {5.0, 6.2, 7.0, 7.1...}
SecureBootTemplates : {MicrosoftWindows, MicrosoftUEFICertificateAuthority}
EnableEnhancedSessionMode : False
FibreChannelWwnn : C003FF0000FFFF00
FibreChannelWwpnMaximum : C003FFF6A44DFFFF
FibreChannelWwpnMinimum : C003FFF6A44D0000
MacAddressMaximum : 00155D001AFF
MacAddressMinimum : 00155D001A00
NumaSpanningEnabled : True
VirtualHardDiskPath : C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
VirtualMachinePath : C:\ProgramData\Microsoft\Windows\Hyper-V
FullyQualifiedDomainName : [fq domain name]
MemoryCapacity : 8589463552
Name : [hostname]
MaximumStorageMigrations : 2
MaximumVirtualMachineMigrations : 2
UseAnyNetworkForMigration : False
VirtualMachineMigrationAuthenticationType : CredSSP
VirtualMachineMigrationEnabled : False
VirtualMachineMigrationPerformanceOption : Compression
CimSession : CimSession: .
ComputerName : [hostname]
IsDeleted : False
>>>>>> Get-WindowsOptionalFeature
FeatureName State
----------- -----
NetFx4ServerFeatures Enabled
NetFx4 Enabled
NetFx4Extended-ASPNET45 Disabled
MicrosoftWindowsPowerShellRoot Enabled
MicrosoftWindowsPowerShell Enabled
iSCSITargetServer-PowerShell Disabled
PKIClient-PSH-Cmdlets Disabled
KeyDistributionService-PSH-Cmdlets Enabled
TlsSessionTicketKey-PSH-Cmdlets Enabled
Tpm-PSH-Cmdlets Enabled
MicrosoftWindowsPowerShellV2 Enabled
WindowsPowerShellWebAccess Disabled
DataCenterBridging-LLDP-Tools Disabled
Server-Psh-Cmdlets Enabled
MicrosoftWindowsPowerShellISE Enabled
RemoteAccessMgmtTools Disabled
RemoteAccessPowerShell Disabled
RasServerAdminTools Disabled
DamgmtTools Disabled
WSS-Product-Package Disabled
ActiveDirectory-PowerShell Disabled
DirectoryServices-DomainController Disabled
DirectoryServices-ISM-Smtp Disabled
HostGuardianService-Package Disabled
DirectoryServices-AdministrativeCenter Disabled
RemoteAccess Disabled
RemoteAccessServer Disabled
RasRoutingProtocols Disabled
Web-Application-Proxy Disabled
RightsManagementServices-Role Disabled
RightsManagementServices Disabled
RMS-Federation Disabled
RightsManagementServices-AdminTools Disabled
IIS-WebServerRole Disabled
IIS-WebServer Disabled
IIS-CommonHttpFeatures Disabled
IIS-Security Disabled
IIS-RequestFiltering Disabled
IIS-StaticContent Disabled
IIS-DefaultDocument Disabled
IIS-DirectoryBrowsing Disabled
IIS-HttpErrors Disabled
IIS-HttpRedirect Disabled
IIS-WebDAV Disabled
IIS-ApplicationDevelopment Disabled
IIS-WebSockets Disabled
IIS-ApplicationInit Disabled
IIS-NetFxExtensibility Disabled
IIS-NetFxExtensibility45 Disabled
IIS-ISAPIExtensions Disabled
IIS-ISAPIFilter Disabled
IIS-ASPNET Disabled
IIS-ASPNET45 Disabled
IIS-ASP Disabled
IIS-CGI Disabled
IIS-ServerSideIncludes Disabled
IIS-HealthAndDiagnostics Disabled
IIS-HttpLogging Disabled
IIS-LoggingLibraries Disabled
IIS-RequestMonitor Disabled
IIS-HttpTracing Disabled
IIS-CustomLogging Disabled
IIS-ODBCLogging Disabled
IIS-CertProvider Disabled
IIS-BasicAuthentication Disabled
IIS-WindowsAuthentication Disabled
IIS-DigestAuthentication Disabled
IIS-ClientCertificateMappingAuthentication Disabled
IIS-IISCertificateMappingAuthentication Disabled
IIS-URLAuthorization Disabled
IIS-IPSecurity Disabled
IIS-Performance Disabled
IIS-HttpCompressionStatic Disabled
IIS-HttpCompressionDynamic Disabled
IIS-WebServerManagementTools Disabled
IIS-ManagementConsole Disabled
IIS-LegacySnapIn Disabled
IIS-ManagementScriptingTools Disabled
IIS-ManagementService Disabled
IIS-IIS6ManagementCompatibility Disabled
IIS-Metabase Disabled
IIS-WMICompatibility Disabled
IIS-LegacyScripts Disabled
IIS-FTPServer Disabled
IIS-FTPSvc Disabled
IIS-FTPExtensibility Disabled
WAS-WindowsActivationService Disabled
WAS-ProcessModel Disabled
WAS-NetFxEnvironment Disabled
WAS-ConfigurationAPI Disabled
IIS-HostableWebCore Disabled
MSMQ Disabled
MSMQ-Services Disabled
MSMQ-Server Disabled
MSMQ-Triggers Disabled
MSMQ-ADIntegration Disabled
MSMQ-HTTP Disabled
MSMQ-Multicast Disabled
MSMQ-DCOMProxy Disabled
MSMQ-RoutingServer Disabled
WCF-Services45 Enabled
WCF-HTTP-Activation45 Disabled
WCF-TCP-Activation45 Disabled
WCF-Pipe-Activation45 Disabled
WCF-MSMQ-Activation45 Disabled
WCF-TCP-PortSharing45 Enabled
IdentityServer-SecurityTokenService Disabled
ManagementOdata Disabled
DSC-Service Disabled
ADCertificateServicesRole Disabled
CertificateServices Disabled
OnlineRevocationServices Disabled
WebEnrollmentServices Disabled
NetworkDeviceEnrollmentServices Disabled
CertificateEnrollmentPolicyServer Disabled
CertificateEnrollmentServer Disabled
IPAMServerFeature Disabled
DeviceHealthAttestationService Disabled
BITSExtensions-AdminPack Disabled
Gateway-UI Disabled
BITSExtensions-Upload Disabled
WCF-HTTP-Activation Disabled
WCF-NonHTTP-Activation Disabled
Smtpsvc-Admin-Update-Name Disabled
Smtpsvc-Service-Update-Name Disabled
WebAccess Disabled
Microsoft-Windows-Web-Services-for-Management-IIS-Extension Disabled
BusScan-ScanServer Disabled
Printing-InternetPrinting-Server Disabled
RPC-HTTP_Proxy Disabled
Gateway Disabled
UpdateServices Disabled
UpdateServices-Services Disabled
UpdateServices-Database Disabled
UpdateServices-WidDatabase Disabled
WorkFolders-Server Disabled
FSRM-Infrastructure Disabled
Microsoft-Windows-FCI-Client-Package Disabled
UpdateServices-RSAT Disabled
UpdateServices-API Disabled
UpdateServices-UI Disabled
FSRM-Infrastructure-Services Disabled
DirectoryServices-ADAM Disabled
IPAMClientFeature Disabled
Microsoft-Windows-ServerEssentials-ServerSetup Disabled
AuthManager Disabled
ServerCore-WOW64 Enabled
Printing-Server-Foundation-Features Disabled
Printing-Server-Role Disabled
Printing-LPDPrintService Disabled
Printing-Client Enabled
Printing-Client-Gui Enabled
ServerCore-EA-IME-WOW64 Enabled
NetFx3ServerFeatures Enabled
NetFx3 Enabled
Server-Shell Enabled
Internet-Explorer-Optional-amd64 Enabled
Server-Gui-Mgmt Enabled
Server-Gui-Mgmt_onecore Disabled
RSAT Enabled
Storage-Replica-AdminPack Disabled
Server-Manager-RSAT-File-Services Disabled
Server-RSAT-SNMP Enabled
DNS-Server-Tools Disabled
WINS-Server-Tools Disabled
DfsMgmt Disabled
ADCertificateServicesManagementTools Disabled
CertificateServicesManagementTools Disabled
OnlineRevocationServicesManagementTools Disabled
RSAT-AD-Tools-Feature Disabled
RSAT-ADDS-Tools-Feature Disabled
DirectoryServices-DomainController-Tools Disabled
DirectoryServices-ADAM-Tools Disabled
BitLocker-RemoteAdminTool Disabled
BdeAducExtTool Disabled
NPSMMC Disabled
Licensing-UI Disabled
Licensing-Diagnosis-UI Disabled
Microsoft-Windows-Deployment-Services-Admin-Pack Disabled
DHCPServer-Tools Disabled
FailoverCluster-Mgmt Disabled
NetworkLoadBalancingManagementClient Disabled
NFS-Administration Disabled
WindowsServerBackupSnapin Enabled
FaxServiceConfigRole Disabled
NPSManagementTools Disabled
RightsManagementServicesManagementTools Disabled
Security-SPP-Vmw Disabled
FSRM-Management Disabled
Windows-Defender-Gui Enabled
Microsoft-Hyper-V Disabled
Microsoft-Hyper-V-Offline Disabled
Microsoft-Hyper-V-Online Disabled
RSAT-Hyper-V-Tools-Feature Disabled
Microsoft-Hyper-V-Management-Clients Disabled
Microsoft-Hyper-V-Management-PowerShell Disabled
VmHostAgent Disabled
AppServer Disabled
Microsoft-Windows-Deployment-Services Disabled
Microsoft-Windows-Deployment-Services-Deployment-Server Disabled
Microsoft-Windows-Deployment-Services-Transport-Server Disabled
BitLocker Disabled
Bitlocker-Utilities Disabled
ShieldedVMToolsAdminPack Disabled
BitLocker-NetworkUnlock Disabled
SearchEngine-Server-Package Disabled
File-Services-Search-Service Disabled
FaxServiceRole Disabled
NPAS-Role Disabled
OEM-Appliance-OOBE Disabled
ServerMediaFoundation Disabled
MediaPlayback Enabled
WindowsMediaPlayer Enabled
WebDAV-Redirector Disabled
LegacyComponents Disabled
DirectPlay Disabled
Printing-LPRPortMonitor Disabled
Printing-InternetPrinting-Client Disabled
Printing-AdminTools-Collection Disabled
Windows-Identity-Foundation Disabled
Microsoft-Hyper-V-Common-Drivers-Package Enabled
Microsoft-Hyper-V-Guest-Integration-Drivers-Package Enabled
Microsoft-Windows-NetFx-VCRedist-Package Enabled
Microsoft-Windows-Printing-PrintToPDFServices-Package Enabled
Microsoft-Windows-Printing-XPSServices-Package Enabled
Microsoft-Windows-Client-EmbeddedExp-Package Enabled
Printing-PrintToPDFServices-Features Enabled
Printing-XPSServices-Features Enabled
MSRDC-Infrastructure Disabled
TelnetClient Enabled
TFTP Disabled
TIFFIFilter Disabled
SMB1Protocol Enabled
MultiPoint-Connector Disabled
MultiPoint-Connector-Services Disabled
MultiPoint-Tools Disabled
ServerManager-Core-RSAT Enabled
ServerManager-Core-RSAT-Role-Tools Disabled
ServerManager-Core-RSAT-Feature-Tools Enabled
FailoverCluster-AdminPak Disabled
FailoverCluster-PowerShell Disabled
HardenedFabricEncryptionTask Disabled
ServicesForNFS-ServerAndClient Disabled
ServerForNFS-Infrastructure Disabled
ClientForNFS-Infrastructure Disabled
SimpleTCP Disabled
SmbDirect Enabled
Windows-Defender-Features Enabled
Windows-Defender Enabled
EnhancedStorage Disabled
Microsoft-Windows-GroupPolicy-ServerAdminTools-Update Disabled
RSAT-RDS-Tools-Feature Disabled
BiometricFramework Disabled
WindowsServerBackup Enabled
DFSR-Infrastructure-ServerEdition Disabled
DNS-Server-Full-Role Disabled
Windows-Internal-Database Disabled
iSCSITargetStorageProviders Disabled
BITS Disabled
LightweightServer Disabled
MultipathIo Disabled
NetworkLoadBalancingFullServer Disabled
Containers Enabled
PeerDist Disabled
RemoteAssistance Disabled
ServerCore-EA-IME Enabled
DataCenterBridging Disabled
DiskIo-QoS Disabled
Server-Drivers-General Enabled
Server-Drivers-Printers Enabled
SNMP Enabled
WMISnmpProvider Enabled
WindowsStorageManagementService Disabled
Remote-Desktop-Services Disabled
SessionDirectory Disabled
SBMgr-UI Disabled
VolumeActivation-Full-Role Disabled
WirelessNetworking Disabled
Xps-Foundation-Xps-Viewer Disabled
SMBBW Disabled
SetupAndBootEventCollection Disabled
RasCMAK Disabled
DFSN-Server Disabled
DHCPServer Disabled
FailoverCluster-AutomationServer Disabled
FailoverCluster-CmdInterface Disabled
FRS-Infrastructure Disabled
FileServerVSSAgent Disabled
WINSRuntime Disabled
iSCSITargetServer Disabled
iSNS_Service Disabled
P2P-PnrpOnly Disabled
QWAVE Disabled
ServerMigration Disabled
SMBHashGeneration Disabled
Licensing Disabled
FailoverCluster-FullServer Disabled
CCFFilter Disabled
Dedup-Core Disabled
MultiPoint-Role Disabled
ResumeKeyFilter Disabled
SmbWitness Disabled
FabricShieldedTools Disabled
RasRip Disabled
SearchEngine-Client-Package Enabled
Client-DeviceLockdown Disabled
Client-EmbeddedShellLauncher Disabled
Client-EmbeddedBootExp Disabled
Client-EmbeddedLogon Disabled
Client-KeyboardFilter Disabled
Client-UnifiedWriteFilter Disabled
FileAndStorage-Services Enabled
Storage-Services Enabled
File-Services Disabled
CoreFileServer Disabled
ServerCore-Drivers-General Enabled
ServerCore-Drivers-General-WOW64 Enabled
>>>>>> bcdedit
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
bootshutdowndisabled Yes
default {current}
resumeobject {44a17e3d-f724-11e7-9516-f5ef2102b874}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows Server 2016
locale en-US
inherit {bootloadersettings}
recoverysequence {44a17e3f-f724-11e7-9516-f5ef2102b874}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {44a17e3d-f724-11e7-9516-f5ef2102b874}
nx OptOut
>>>>>> Get-Process
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
1610 105 144336 187424 295.23 2432 0 agent
391 23 17544 28576 4.38 3304 0 AgentMaint
195 14 4704 18656 2.14 6996 2 ApplicationFrameHost
336 33 11104 19352 144.25 2176 0 BASupSrvc
256 34 11584 25808 55.78 5580 2 BASupSrvcCnfg
267 21 9192 17544 11.64 2188 0 BASupSrvcUpdater
166 12 5880 17228 23.98 1020 2 conhost
167 11 3276 14744 5.95 3576 2 conhost
166 11 3424 14604 0.80 3852 2 conhost
82 7 1120 5092 0.19 4792 0 conhost
82 7 1120 5088 0.17 4828 0 conhost
92 7 1348 5568 7.28 5072 0 conhost
83 7 1148 5168 0.73 5204 0 conhost
168 11 3296 13796 14.31 6220 2 conhost
560 14 2248 4564 12.52 452 0 csrss
116 8 1672 3784 2.94 532 1 csrss
366 14 2040 4776 18.64 4616 2 csrss
220 13 3676 12524 1.48 3644 0 dllhost
162 11 3532 11472 3.75 6752 2 dllhost
132 11 9432 15896 0.42 904 2 docker
134 11 8040 15600 0.44 6592 2 docker
483 18 25392 42148 169.13 6784 0 dockerd
309 19 14396 30200 12.41 924 1 dwm
362 37 27704 78832 66.30 4788 2 dwm
578 30 20744 832 5.13 5168 2 epconsole
645 28 6812 12948 6.91 2240 0 epintegrationservice
1530 120 358752 186092 305.97 2284 0 epsecurityservice
251 17 5472 7008 4.14 2412 0 epupdateservice
1938 109 35444 104532 136.66 5856 2 explorer
0 0 0 4 0 0 Idle
409 24 9452 41352 6.92 912 1 LogonUI
1252 31 7548 18352 16.59 668 0 lsass
194 13 3008 9612 3.53 3864 0 msdtc
500 66 109504 50160 196.48 2268 0 MsMpEng
402 35 25728 29616 5.17 6012 0 NableAVDBridge
512 33 26684 34324 4.75 4804 0 NableReactiveManagement
331 27 21512 19140 10.47 4760 0 NableSixtyFourBitManager
342 23 15992 27180 11.92 2420 0 Netwrix.WSA.AgentService
523 30 57124 67728 4.39 3836 2 powershell
995 45 125028 151164 21.58 4008 2 powershell
547 29 56732 66312 5.06 5184 2 powershell
484 29 57404 96936 5.11 6204 2 powershell
274 15 3408 11432 53.86 5352 2 rdpclip
400 23 9716 26460 7.72 5372 2 RuntimeBroker
959 63 59960 109724 19.47 3436 2 SearchUI
334 10 4152 8256 16.25 660 0 services
692 29 23960 62440 11.86 6128 2 ShellExperienceHost
372 17 5100 20520 5.00 5464 2 sihost
54 2 376 1220 1.45 296 0 smss
184 13 3108 8212 24.78 2564 0 snmp
535 26 8088 22280 4.28 2056 0 spoolsv
649 33 12700 24264 18.33 396 0 svchost
582 24 16256 25276 338.16 412 0 svchost
1030 40 11248 28380 8.39 420 0 svchost
698 22 6932 20640 10.98 760 0 svchost
704 18 5624 12168 18.33 820 0 svchost
800 28 78608 102108 85.64 968 0 svchost
2130 61 50968 79932 897.66 980 0 svchost
672 39 8524 22440 10.14 1060 0 svchost
444 34 12816 18920 10.86 1216 0 svchost
158 9 1724 6888 0.38 1520 0 svchost
142 12 1492 6676 0.77 1672 0 svchost
404 20 10760 24156 5.91 2248 0 svchost
218 16 5324 16448 3.75 2392 0 svchost
214 11 2340 8212 2.80 2440 0 svchost
183 14 1728 6696 0.77 3572 0 svchost
306 18 4516 19752 1.08 5472 2 svchost
2567 0 128 140 828.72 4 0 System
312 27 5616 15404 2.42 5492 2 taskhostw
351 23 14088 32596 251.06 1976 2 Taskmgr
168 9 7556 11720 5.44 5824 0 TiWorker
101 8 1856 6836 0.19 2156 0 TrustedInstaller
138 11 4720 12188 0.69 2452 0 VGAuthService
211 14 4556 12684 3.84 4388 0 vmcompute
642 26 48828 35816 7.78 2384 0 vmms
361 24 11128 21312 15.36 2404 0 vmtoolsd
206 19 4668 14220 12.08 4812 2 vmtoolsd
96 8 992 4824 1.77 516 0 wininit
160 8 1604 8112 1.52 608 1 winlogon
201 9 2144 8968 2.19 4692 2 winlogon
378 19 13028 22992 424.16 3172 0 WmiPrvSE
261 14 10088 17784 116.66 3988 0 WmiPrvSE
262 10 1844 7908 0.53 1392 0 WUDFHost
>>>>>> Services
Image Name PID Services
========================= ======== ============================================
svchost.exe 760 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
svchost.exe 820 RpcEptMapper, RpcSs
svchost.exe 968 TermService
svchost.exe 980 Appinfo, CertPropSvc, gpsvc, hns, IKEEXT,
iphlpsvc, lfsvc, NetSetupSvc, ProfSvc,
Schedule, SENS, SessionEnv,
ShellHWDetection, Themes, UserManager,
Winmgmt, WpnService
svchost.exe 396 NcbService, PcaSvc, ScDeviceEnum, StorSvc,
TrkWks, UALSVC, UmRdpService, wudfsvc
svchost.exe 412 Dhcp, EventLog, lmhosts, TimeBrokerSvc
svchost.exe 420 CDPSvc, EventSystem, FontCache,
LicenseManager, netprofm, nsi, W32Time,
WinHttpAutoProxySvc
svchost.exe 1060 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, WinRM
svchost.exe 1216 BFE, CoreMessagingRegistrar, DPS, MpsSvc
svchost.exe 1520 Wcmsvc
svchost.exe 1672 PolicyAgent
svchost.exe 2248 DiagTrack
svchost.exe 2392 StateRepository, tiledatamodelsvc
svchost.exe 2440 LanmanServer
svchost.exe 5472 CDPUserSvc_a89fa, OneSyncSvc_a89fa
svchost.exe 3572 SSDPSRV
>>>>>> Environment
Name Value
---- -----
ALLUSERSPROFILE C:\ProgramData
APPDATA C:\Users\a-jew\AppData\Roaming
CommonProgramFiles C:\Program Files\Common Files
CommonProgramFiles(x86) C:\Program Files (x86)\Common Files
CommonProgramW6432 C:\Program Files\Common Files
COMPUTERNAME [hostname]
ComSpec C:\Windows\system32\cmd.exe
HOMEDRIVE C:
HOMEPATH \Users\a-jew
LOCALAPPDATA C:\Users\a-jew\AppData\Local
LOGONSERVER \\[dcserver]
NUMBER_OF_PROCESSORS 4
OS Windows_NT
Path C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Docker;C:\Users\a-jew\AppData\Local\Microsoft\WindowsApps
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
PROCESSOR_ARCHITECTURE AMD64
PROCESSOR_IDENTIFIER AMD64 Family 16 Model 9 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL 16
PROCESSOR_REVISION 0901
ProgramData C:\ProgramData
ProgramFiles C:\Program Files
ProgramFiles(x86) C:\Program Files (x86)
ProgramW6432 C:\Program Files
PSModulePath C:\Users\a-jew\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
PUBLIC C:\Users\Public
SystemDrive C:
SystemRoot C:\Windows
TEMP C:\Users\a-jew\AppData\Local\Temp
TMP C:\Users\a-jew\AppData\Local\Temp
USERDNSDOMAIN [fq domain name]
USERDOMAIN [domain name]
USERDOMAIN_ROAMINGPROFILE [domain name]
USERNAME a-jew
USERPROFILE C:\Users\a-jew
windir C:\Windows
>>>>>> Get-VM Details
>>>>>> Get-VM Version
>>>>>> Get-VMComPort
>>>>>> Get-VMDvdDrive
>>>>>> Get-VMIntegrationService
>>>>>> Get-VMMemory
>>>>>> Get-VMProcessor
>>>>>> Get-VMScsiController
>>>>>> Get-VMSecurity
>>>>>> SystemStartOptions
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
bootshutdowndisabled Yes
default {current}
resumeobject {44a17e3d-f724-11e7-9516-f5ef2102b874}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows Server 2016
locale en-US
inherit {bootloadersettings}
recoverysequence {44a17e3f-f724-11e7-9516-f5ef2102b874}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {44a17e3d-f724-11e7-9516-f5ef2102b874}
nx OptOut
SystemStartOptions : NOEXECUTE=OPTOUT
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
PSChildName : Control
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
>>>>>> Get-WinEvent SMB
ProviderName: Microsoft-Windows-SMBClient
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
05/04/2018 12:07:18 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC e0d07145)
InterfaceIndex: 0x34
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:07:17 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC e0d07145)
InterfaceIndex: 0x34
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:07:17 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC e0d07145)
InterfaceIndex: 0x34
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:06:59 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 74070142)
InterfaceIndex: 0x2F
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:06:58 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 74070142)
InterfaceIndex: 0x2F
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:06:58 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 74070142)
InterfaceIndex: 0x2F
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:06:27 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 59d8a468)
InterfaceIndex: 0x2A
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:06:26 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 59d8a468)
InterfaceIndex: 0x2A
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 12:06:26 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 59d8a468)
InterfaceIndex: 0x2A
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:46:13 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 84eeff8b)
InterfaceIndex: 0x25
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:46:12 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 84eeff8b)
InterfaceIndex: 0x25
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:46:12 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 84eeff8b)
InterfaceIndex: 0x25
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:16:36 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 5a34b7f8)
InterfaceIndex: 0x20
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:16:35 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 5a34b7f8)
InterfaceIndex: 0x20
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:16:35 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 5a34b7f8)
InterfaceIndex: 0x20
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:10:37 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 54fa0646)
InterfaceIndex: 0x1B
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:10:36 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 54fa0646)
InterfaceIndex: 0x1B
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:10:36 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 54fa0646)
InterfaceIndex: 0x1B
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:07:09 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 6f8dc50c)
InterfaceIndex: 0x16
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
05/04/2018 11:07:08 30810 Information Added a TCP/IP transport interface.
Name: vEthernet (Container NIC 6f8dc50c)
InterfaceIndex: 0x16
Guidance:
A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer
restarts or when a previously disabled network adaptor is re-enabled. No user action is required.
ProviderName: Microsoft-Windows-SMBServer
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
05/04/2018 10:55:59 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: fe80::3c5c:1ceb:8157:a8d2
Flags: 0x1
Interface Index: 7
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
05/04/2018 10:55:59 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: 10.200.0.26
Flags: 0x1
Interface Index: 7
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
05/04/2018 10:55:59 1010 Information Endpoint added.
Name: [hostname]
Domain Name: [domain name]
Transport Name: \Device\NetBT_Tcpip_{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
05/04/2018 10:55:56 1010 Information Endpoint added.
Name: [hostname]
Domain Name: [domain name]
Transport Name: \Device\NetbiosSmb
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
26/03/2018 16:33:42 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: fe80::3c5c:1ceb:8157:a8d2
Flags: 0x1
Interface Index: 7
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
26/03/2018 16:33:42 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: 10.200.0.26
Flags: 0x1
Interface Index: 7
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
26/03/2018 16:33:42 1010 Information Endpoint added.
Name: [hostname]
Domain Name: [domain name]
Transport Name: \Device\NetBT_Tcpip_{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
26/03/2018 16:33:38 1010 Information Endpoint added.
Name: [hostname]
Domain Name: [domain name]
Transport Name: \Device\NetbiosSmb
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
26/03/2018 15:17:58 1010 Information Endpoint added.
Name: WIN-2BKF9LVSARD
Domain Name: WORKGROUP
Transport Name: \Device\NetBT_Tcpip_{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
26/03/2018 15:17:49 1011 Information Endpoint removed.
Name:
Domain Name:
Transport Name: \Device\NetBT_Tcpip_{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
Guidance:
You should expect this event when the server stops listening on an interface, such as during shutdown or when disabling a network adaptor. No user action is required.
26/03/2018 15:17:25 1010 Information Endpoint added.
Name: WIN-2BKF9LVSARD
Domain Name: WORKGROUP
Transport Name: \Device\NetBT_Tcpip_{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
26/03/2018 15:17:22 1011 Information Endpoint removed.
Name:
Domain Name:
Transport Name: \Device\NetBT_Tcpip_{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
Guidance:
You should expect this event when the server stops listening on an interface, such as during shutdown or when disabling a network adaptor. No user action is required.
26/03/2018 14:11:19 1027 Information The file and printer sharing firewall ports are currently closed. This is the default configuration for a system that is not sharing content or is on a Public network.
Guidance:
You should expect this event when Windows Firewall is not configured to enable the File and Printer Sharing rule, which allows inbound SMB traffic. This event occurs on a computer that does not have custom shares
configured. Clients cannot access SMB shares on this computer until SMB traffic is allowed through the firewall.
26/03/2018 14:11:18 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: fe80::3c5c:1ceb:8157:a8d2
Flags: 0x1
Interface Index: 4
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
26/03/2018 14:11:18 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: 169.254.168.210
Flags: 0x1
Interface Index: 4
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
26/03/2018 14:11:18 1010 Information Endpoint added.
Name: WIN-2BKF9LVSARD
Domain Name: WORKGROUP
Transport Name: \Device\NetBT_Tcpip_{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
26/03/2018 14:11:15 1010 Information Endpoint added.
Name: WIN-2BKF9LVSARD
Domain Name: WORKGROUP
Transport Name: \Device\NetbiosSmb
Transport Flags: 0x1
Guidance:
You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required.
11/01/2018 19:26:43 1027 Information The file and printer sharing firewall ports are currently closed. This is the default configuration for a system that is not sharing content or is on a Public network.
Guidance:
You should expect this event when Windows Firewall is not configured to enable the File and Printer Sharing rule, which allows inbound SMB traffic. This event occurs on a computer that does not have custom shares
configured. Clients cannot access SMB shares on this computer until SMB traffic is allowed through the firewall.
11/01/2018 19:26:39 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: fe80::74f9:1c5a:c699:bbb0
Flags: 0x1
Interface Index: 4
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
11/01/2018 19:26:39 1012 Information The network name information changed.
Change Type: Add
Net Name: *
IP Address: 10.200.0.45
Flags: 0x1
Interface Index: 4
Capability: 0x1
Link Speed: 1000000000
Guidance:
You should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required.
ProviderName: Microsoft-Windows-SMBServer
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
05/04/2018 02:33:43 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:43866
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
05/04/2018 02:33:43 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:43866
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
04/04/2018 02:06:55 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:57259
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
04/04/2018 02:06:55 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:57259
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
03/04/2018 01:39:49 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:49347
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
03/04/2018 01:39:49 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:49347
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
02/04/2018 01:13:26 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:45708
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
02/04/2018 01:13:26 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:45708
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
01/04/2018 00:46:56 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:40861
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
01/04/2018 00:46:56 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:40861
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
31/03/2018 00:20:41 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:57504
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
31/03/2018 00:20:41 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:57504
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
29/03/2018 23:53:06 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:52465
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
29/03/2018 23:53:06 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:52465
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
28/03/2018 23:26:55 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:46014
User Name: ANONYMOUS LOGON
Session ID: 0x0
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights. (0xC0000022)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
28/03/2018 23:26:55 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.5
Client Address: 10.200.240.5:46014
User Name: guest
Session ID: 0x0
Status: The referenced account is currently disabled and may not be logged on to. (0xC0000072)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
28/03/2018 18:19:19 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.7
Client Address: 10.200.240.7:47528
User Name:
Session ID: 0x2403F8000029
Status: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xC000006D)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
28/03/2018 18:19:19 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.7
Client Address: 10.200.240.7:32851
User Name:
Session ID: 0x2403F800000D
Status: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xC000006D)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
28/03/2018 18:19:19 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.7
Client Address: 10.200.240.7:53945
User Name:
Session ID: 0x24039C000011
Status: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xC000006D)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
28/03/2018 18:19:19 551 Error SMB Session Authentication Failure
Client Name: \\10.200.240.7
Client Address: 10.200.240.7:60609
User Name:
Session ID: 0x2403F4000079
Status: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xC000006D)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal
names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
>>>>>> Get-WinEvent Hyper-V
ProviderName: Microsoft-Windows-Hyper-V-Compute
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
05/04/2018 10:56:30 1001 Information The Host Compute Service started successfully.
ProviderName: Microsoft-Windows-Hyper-V-Compute
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
05/04/2018 12:07:17 2008 Information [0f3ee629c5a6726647ac1c7d58252f0f19931e73d72a950b096ae289363d0c1e] Query compute system notification, result 0x00000000, notification 2 / 0x00000000
05/04/2018 12:07:17 2000 Information [0f3ee629c5a6726647ac1c7d58252f0f19931e73d72a950b096ae289363d0c1e] Create compute system, result 0xC0370103
05/04/2018 12:07:17 2009 Information [0f3ee629c5a6726647ac1c7d58252f0f19931e73d72a950b096ae289363d0c1e] Queue system notification: 2 / 0x00000000
05/04/2018 12:07:15 2010 Information [0f3ee629c5a6726647ac1c7d58252f0f19931e73d72a950b096ae289363d0c1e] Create Container, type 'Windows Container', settings '{"SystemType":"Container","Name":"0f3ee629c5a6726647ac1c7d58252f0f19931e73d72a950b096ae289363d0c1
e","Owner":"docker","IsDummy":false,"VolumePath":"\\\\?\\Volume{6a1589e7-38b7-11e8-a2b4-005056847a65}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\0f3ee629c5a6726647ac1c7d5
8252f0f19931e73d72a950b096ae289363d0c1e","Layers":[{"ID":"2ea17ed9-32d1-57c1-9aa6-7894c4c39acb","Path":"C:\\ProgramData\\docker\\windowsfilter\\40ba475ab13f16aa1605d7f7064cad3e4cd2629c661f304bb53dee65e801c45a"},{"ID":"
540f3d67-b6f9-5fd9-8c70-58983e1cad3f","Path":"C:\\ProgramData\\docker\\windowsfilter\\81eed801fcc7dca58e22f38db6412a77fc7ef8ae898537780331520cefefc84b"},{"ID":"6f21f60c-9179-5dd4-852c-7b4dc8407550","Path":"C:\\ProgramD
ata\\docker\\windowsfilter\\3b41729c91b9af3df8df49efc66b636405b36b6f242501bac7ed8adeefbdb328"},{"ID":"3134e44d-f3de-53e8-aefe-3ecfb6e41bb4","Path":"C:\\ProgramData\\docker\\windowsfilter\\9484bed8c58bdf64f67554a2bfd5e3
a3397ad79bf289961ec302c90a87d88538"}],"HostName":"0f3ee629c5a6","MappedDirectories":[],"HvPartition":false,"EndpointList":["e0d07145-95f6-47b0-bb41-80fc15bf7ed6"],"Servicing":false,"AllowUnqualifiedDNSQuery":true}'
05/04/2018 12:06:58 2008 Information [b377552d243b972b4422d50d4610415c5a359ac6755be05ad9b4b76ae0c54b59] Query compute system notification, result 0x00000000, notification 2 / 0x00000000
05/04/2018 12:06:58 2000 Information [b377552d243b972b4422d50d4610415c5a359ac6755be05ad9b4b76ae0c54b59] Create compute system, result 0xC0370103
05/04/2018 12:06:58 2009 Information [b377552d243b972b4422d50d4610415c5a359ac6755be05ad9b4b76ae0c54b59] Queue system notification: 2 / 0x00000000
05/04/2018 12:06:56 2010 Information [b377552d243b972b4422d50d4610415c5a359ac6755be05ad9b4b76ae0c54b59] Create Container, type 'Windows Container', settings '{"SystemType":"Container","Name":"b377552d243b972b4422d50d4610415c5a359ac6755be05ad9b4b76ae0c54b5
9","Owner":"docker","IsDummy":false,"VolumePath":"\\\\?\\Volume{6a1589d7-38b7-11e8-a2b4-005056847a65}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\b377552d243b972b4422d50d4
610415c5a359ac6755be05ad9b4b76ae0c54b59","Layers":[{"ID":"2ea17ed9-32d1-57c1-9aa6-7894c4c39acb","Path":"C:\\ProgramData\\docker\\windowsfilter\\40ba475ab13f16aa1605d7f7064cad3e4cd2629c661f304bb53dee65e801c45a"},{"ID":"
540f3d67-b6f9-5fd9-8c70-58983e1cad3f","Path":"C:\\ProgramData\\docker\\windowsfilter\\81eed801fcc7dca58e22f38db6412a77fc7ef8ae898537780331520cefefc84b"},{"ID":"6f21f60c-9179-5dd4-852c-7b4dc8407550","Path":"C:\\ProgramD
ata\\docker\\windowsfilter\\3b41729c91b9af3df8df49efc66b636405b36b6f242501bac7ed8adeefbdb328"},{"ID":"3134e44d-f3de-53e8-aefe-3ecfb6e41bb4","Path":"C:\\ProgramData\\docker\\windowsfilter\\9484bed8c58bdf64f67554a2bfd5e3
a3397ad79bf289961ec302c90a87d88538"}],"HostName":"b377552d243b","MappedDirectories":[],"HvPartition":false,"EndpointList":["74070142-1925-4419-a2bc-3a31efbbc7a8"],"Servicing":false,"AllowUnqualifiedDNSQuery":true}'
05/04/2018 12:06:26 2008 Information [ecb741545d65f46624a337aec41388553b93c2cc6f02264022e478b3db0f8532] Query compute system notification, result 0x00000000, notification 2 / 0x00000000
05/04/2018 12:06:26 2000 Information [ecb741545d65f46624a337aec41388553b93c2cc6f02264022e478b3db0f8532] Create compute system, result 0xC0370103
05/04/2018 12:06:26 2009 Information [ecb741545d65f46624a337aec41388553b93c2cc6f02264022e478b3db0f8532] Queue system notification: 2 / 0x00000000
05/04/2018 12:06:24 2010 Information [ecb741545d65f46624a337aec41388553b93c2cc6f02264022e478b3db0f8532] Create Container, type 'Windows Container', settings '{"SystemType":"Container","Name":"ecb741545d65f46624a337aec41388553b93c2cc6f02264022e478b3db0f853
2","Owner":"docker","IsDummy":false,"VolumePath":"\\\\?\\Volume{6a1588cf-38b7-11e8-a2b4-005056847a65}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\ecb741545d65f46624a337aec
41388553b93c2cc6f02264022e478b3db0f8532","Layers":[{"ID":"2ea17ed9-32d1-57c1-9aa6-7894c4c39acb","Path":"C:\\ProgramData\\docker\\windowsfilter\\40ba475ab13f16aa1605d7f7064cad3e4cd2629c661f304bb53dee65e801c45a"},{"ID":"
540f3d67-b6f9-5fd9-8c70-58983e1cad3f","Path":"C:\\ProgramData\\docker\\windowsfilter\\81eed801fcc7dca58e22f38db6412a77fc7ef8ae898537780331520cefefc84b"},{"ID":"6f21f60c-9179-5dd4-852c-7b4dc8407550","Path":"C:\\ProgramD
ata\\docker\\windowsfilter\\3b41729c91b9af3df8df49efc66b636405b36b6f242501bac7ed8adeefbdb328"},{"ID":"3134e44d-f3de-53e8-aefe-3ecfb6e41bb4","Path":"C:\\ProgramData\\docker\\windowsfilter\\9484bed8c58bdf64f67554a2bfd5e3
a3397ad79bf289961ec302c90a87d88538"}],"HostName":"ecb741545d65","MappedDirectories":[],"HvPartition":false,"EndpointList":["59d8a468-c40d-4b13-aec9-9cae26f470fe"],"Servicing":false,"AllowUnqualifiedDNSQuery":true}'
05/04/2018 11:46:12 2008 Information [a56a3a5853ade744e68940e9c05f913da0d0a1e570cd577018d4acbcc4e06621] Query compute system notification, result 0x00000000, notification 2 / 0x00000000
05/04/2018 11:46:12 2000 Information [a56a3a5853ade744e68940e9c05f913da0d0a1e570cd577018d4acbcc4e06621] Create compute system, result 0xC0370103
05/04/2018 11:46:12 2009 Information [a56a3a5853ade744e68940e9c05f913da0d0a1e570cd577018d4acbcc4e06621] Queue system notification: 2 / 0x00000000
05/04/2018 11:46:09 2010 Information [a56a3a5853ade744e68940e9c05f913da0d0a1e570cd577018d4acbcc4e06621] Create Container, type 'Windows Container', settings '{"SystemType":"Container","Name":"a56a3a5853ade744e68940e9c05f913da0d0a1e570cd577018d4acbcc4e0662
1","Owner":"docker","IsDummy":false,"VolumePath":"\\\\?\\Volume{6a157c8f-38b7-11e8-a2b4-005056847a65}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\a56a3a5853ade744e68940e9c
05f913da0d0a1e570cd577018d4acbcc4e06621","Layers":[{"ID":"2ea17ed9-32d1-57c1-9aa6-7894c4c39acb","Path":"C:\\ProgramData\\docker\\windowsfilter\\40ba475ab13f16aa1605d7f7064cad3e4cd2629c661f304bb53dee65e801c45a"},{"ID":"
540f3d67-b6f9-5fd9-8c70-58983e1cad3f","Path":"C:\\ProgramData\\docker\\windowsfilter\\81eed801fcc7dca58e22f38db6412a77fc7ef8ae898537780331520cefefc84b"},{"ID":"6f21f60c-9179-5dd4-852c-7b4dc8407550","Path":"C:\\ProgramD
ata\\docker\\windowsfilter\\3b41729c91b9af3df8df49efc66b636405b36b6f242501bac7ed8adeefbdb328"},{"ID":"3134e44d-f3de-53e8-aefe-3ecfb6e41bb4","Path":"C:\\ProgramData\\docker\\windowsfilter\\9484bed8c58bdf64f67554a2bfd5e3
a3397ad79bf289961ec302c90a87d88538"}],"HostName":"a56a3a5853ad","MappedDirectories":[],"HvPartition":false,"EndpointList":["84eeff8b-24da-4a83-904f-5dd156e39420"],"Servicing":false,"AllowUnqualifiedDNSQuery":true}'
05/04/2018 11:16:35 2008 Information [aaa38eabd150055b6fecb38afda69f4c3fbeb2acffd1302ac8abd9782324ad3b] Query compute system notification, result 0x00000000, notification 2 / 0x00000000
05/04/2018 11:16:35 2000 Information [aaa38eabd150055b6fecb38afda69f4c3fbeb2acffd1302ac8abd9782324ad3b] Create compute system, result 0xC0370103
05/04/2018 11:16:35 2009 Information [aaa38eabd150055b6fecb38afda69f4c3fbeb2acffd1302ac8abd9782324ad3b] Queue system notification: 2 / 0x00000000
05/04/2018 11:16:32 2010 Information [aaa38eabd150055b6fecb38afda69f4c3fbeb2acffd1302ac8abd9782324ad3b] Create Container, type 'Windows Container', settings '{"SystemType":"Container","Name":"aaa38eabd150055b6fecb38afda69f4c3fbeb2acffd1302ac8abd9782324ad3
b","Owner":"docker","IsDummy":false,"VolumePath":"\\\\?\\Volume{6a1578db-38b7-11e8-a2b4-005056847a65}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\aaa38eabd150055b6fecb38af
da69f4c3fbeb2acffd1302ac8abd9782324ad3b","Layers":[{"ID":"2a921d38-0031-5bd6-9ab7-c1bfd247178c","Path":"C:\\ProgramData\\docker\\windowsfilter\\0411a2726904bf629c2f707163a8c4cc171f0ea6bdb40ef927c77812cec3ec21"},{"ID":"
3cb30949-4c94-57ae-ae46-23e0911c3437","Path":"C:\\ProgramData\\docker\\windowsfilter\\fcfb820a390dc9629cf87b6990d67e51f6c83d78b6ec1a645fd687750ace7e83"},{"ID":"094b4518-e9a5-59f3-ae79-55aaab897ac9","Path":"C:\\ProgramD
ata\\docker\\windowsfilter\\8d070c08395c92bbf3e02c57da3cdded0d944f9100c5a1066bc58d7724a1a408"},{"ID":"461871ca-1331-557a-9d32-d7ad5d155663","Path":"C:\\ProgramData\\docker\\windowsfilter\\693adf7c72161806b04a6534ad6be3
6fbfbdd3592d0b7faddfcdb283bc7f5e26"},{"ID":"5d510306-f283-5509-8a35-714323e4315f","Path":"C:\\ProgramData\\docker\\windowsfilter\\fce09e5c39f615e64209ecbccb101db42ef41a000e36b2d0c09bfe9a5acf00a6"},{"ID":"3ad12b1e-5369-
5c65-bba0-07fb34406a52","Path":"C:\\ProgramData\\docker\\windowsfilter\\181c56b543ec23b2b7a43404a3e03ad694fd44a883c182469ec9b61361ab9efc"},{"ID":"3134e44d-f3de-53e8-aefe-3ecfb6e41bb4","Path":"C:\\ProgramData\\docker\\w
indowsfilter\\9484bed8c58bdf64f67554a2bfd5e3a3397ad79bf289961ec302c90a87d88538"}],"HostName":"aaa38eabd150","MappedDirectories":[],"HvPartition":false,"EndpointList":["5a34b7f8-1e30-4fef-95bd-de5053ea6739"],"Servicing"
:false,"AllowUnqualifiedDNSQuery":true}'
ProviderName: Microsoft-Windows-Hyper-V-VMMS
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
05/04/2018 10:56:45 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible.
05/04/2018 10:56:45 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible.
05/04/2018 10:56:45 19020 Information The WMI provider 'VmmsWmiEventProvider' has started.
05/04/2018 10:56:45 19020 Information The WMI provider 'VmmsWmiInstanceAndMethodProvider' has started.
05/04/2018 10:56:45 15310 Information Created configuration store for 'Snapshot Groups Cache'.
05/04/2018 10:56:45 15310 Information Created configuration store for 'Snapshot Groups'.
05/04/2018 10:56:45 15310 Information Created configuration store for 'Groups Cache'.
05/04/2018 10:56:45 15310 Information Created configuration store for 'Groups'.
05/04/2018 10:56:44 14094 Information Virtual Machine Management service is started successfully.
05/04/2018 10:56:37 14052 Information The Virtual Machine Management service successfully registered service principal name for 'Hyper-V Replica Service'.
05/04/2018 10:56:37 14052 Information The Virtual Machine Management service successfully registered service principal name for 'Microsoft Virtual System Migration Service'.
05/04/2018 10:56:37 14052 Information The Virtual Machine Management service successfully registered service principal name for 'Microsoft Virtual Console Service'.
05/04/2018 10:56:37 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible.
05/04/2018 10:56:37 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible.
05/04/2018 10:56:37 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible.
05/04/2018 10:56:37 33483 Information Incremental Replication will timeout after 360 hours. Minimum value for timeout is 6 hours.
05/04/2018 10:56:37 33834 Information Hyper-V would age out CDP reference points after 720 hours.
05/04/2018 10:56:37 33481 Information Change tracking has defined following limits for pending log file size.
Error limit : 50% (Minimum value 10%. Maximum value 100%).
Warning limit : 40%.
Information limit : 30%.
05/04/2018 10:56:37 33480 Information Change tracking has defined following limits for free disk space.
Free Disk space error limit 3072 MBs (Minimum value can be 1024 MBs).
Free Disk space warning limit 4915 MBs.
05/04/2018 10:56:31 20410 Information Successfully started the Virtual Machine migration connection manager.
>>>>>> Get-VMSwitch
Name : nat
Id : 2771a78f-efd0-4d1d-bdfe-80c545755cb1
Notes :
Extensions : {Microsoft Windows Filtering Platform, Microsoft Azure VFP Switch Extension, Microsoft NDIS Capture}
BandwidthReservationMode : Absolute
PacketDirectEnabled : False
EmbeddedTeamingEnabled : False
IovEnabled : False
SwitchType : Internal
AllowManagementOS : True
NetAdapterInterfaceDescription :
NetAdapterInterfaceDescriptions :
IovSupport : False
IovSupportReasons :
AvailableIPSecSA : 0
NumberIPSecSAAllocated : 0
AvailableVMQueues : 0
NumberVmqAllocated : 0
IovQueuePairCount : 0
IovQueuePairsInUse : 0
IovVirtualFunctionCount : 0
IovVirtualFunctionsInUse : 0
PacketDirectInUse : False
DefaultQueueVrssEnabledRequested : True
DefaultQueueVrssEnabled : False
DefaultQueueVmmqEnabledRequested : False
DefaultQueueVmmqEnabled : False
DefaultQueueVmmqQueuePairsRequested : 16
DefaultQueueVmmqQueuePairs : 0
BandwidthPercentage : 0
DefaultFlowMinimumBandwidthAbsolute : 0
DefaultFlowMinimumBandwidthWeight : 0
CimSession : CimSession: .
ComputerName : [hostname]
IsDeleted : False
>>>>>> Which VM uses DockerNAT?
>>>>>> Get-VMNetworkAdapter
>>>>>> Get-NetNAT
Name : H7eb5b405-d34e-43f7-936b-fcb5f01dd772
ExternalIPInterfaceAddressPrefix :
InternalIPInterfaceAddressPrefix : 172.20.176.0/20
IcmpQueryTimeout : 30
TcpEstablishedConnectionTimeout : 1800
TcpTransientConnectionTimeout : 120
TcpFilteringBehavior : AddressDependentFiltering
UdpFilteringBehavior : AddressDependentFiltering
UdpIdleSessionTimeout : 120
UdpInboundRefresh : False
Store : Local
Active : True
>>>>>> Get-NetIPAddress
IPAddress : fe80::3c5c:1ceb:8157:a8d2%7
InterfaceIndex : 7
InterfaceAlias : Ethernet0
AddressFamily : IPv6
Type : Unicast
PrefixLength : 64
PrefixOrigin : WellKnown
SuffixOrigin : Link
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore
IPAddress : fe80::5efe:10.200.0.26%2
InterfaceIndex : 2
InterfaceAlias : isatap.{55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
AddressFamily : IPv6
Type : Unicast
PrefixLength : 128
PrefixOrigin : WellKnown
SuffixOrigin : Link
AddressState : Deprecated
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore
IPAddress : ::1
InterfaceIndex : 1
InterfaceAlias : Loopback Pseudo-Interface 1
AddressFamily : IPv6
Type : Unicast
PrefixLength : 128
PrefixOrigin : WellKnown
SuffixOrigin : WellKnown
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore
IPAddress : 10.200.0.26
InterfaceIndex : 7
InterfaceAlias : Ethernet0
AddressFamily : IPv4
Type : Unicast
PrefixLength : 24
PrefixOrigin : Manual
SuffixOrigin : Manual
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore
IPAddress : 127.0.0.1
InterfaceIndex : 1
InterfaceAlias : Loopback Pseudo-Interface 1
AddressFamily : IPv4
Type : Unicast
PrefixLength : 8
PrefixOrigin : WellKnown
SuffixOrigin : WellKnown
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore
>>>>>> Get-NetIPInterface
ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp ConnectionState PolicyStore
------- -------------- ------------- ------------ --------------- ---- --------------- -----------
7 Ethernet0 IPv6 1500 25 Enabled Connected ActiveStore
2 isatap.{55EA03B9-CCE1-42F4-B... IPv6 1280 75 Disabled Disconnected ActiveStore
1 Loopback Pseudo-Interface 1 IPv6 4294967295 75 Disabled Connected ActiveStore
7 Ethernet0 IPv4 1500 25 Disabled Connected ActiveStore
1 Loopback Pseudo-Interface 1 IPv4 4294967295 75 Disabled Connected ActiveStore
>>>>>> First DNS server
Server: [dcserver]
Address: 192.168.0.10
>>>>>> Test default DNS server
Server: [dcserver]
Address: 192.168.0.10
Name: www.google.com
Addresses: 2a00:1450:4009:80d::2004
216.58.208.164
>>>>>> Query DNS servers
PSComputerName : [hostname]
DHCPLeaseExpires :
Index : 1
Description : Intel(R) 82574L Gigabit Network Connection
DHCPEnabled : False
DHCPLeaseObtained :
DHCPServer :
DNSDomain :
DNSDomainSuffixSearchOrder : {[fq domain name]}
DNSEnabledForWINSResolution : False
DNSHostName : [hostname]
DNSServerSearchOrder : {192.168.0.10, 192.168.0.13}
DomainDNSRegistrationEnabled : False
FullDNSRegistrationEnabled : True
IPAddress : {10.200.0.26, fe80::3c5c:1ceb:8157:a8d2}
IPConnectionMetric : 25
IPEnabled : True
IPFilterSecurityEnabled : False
WINSEnableLMHostsLookup : True
WINSHostLookupFile :
WINSPrimaryServer :
WINSScopeID :
WINSSecondaryServer :
__GENUS : 2
__CLASS : Win32_NetworkAdapterConfiguration
__SUPERCLASS : CIM_Setting
__DYNASTY : CIM_Setting
__RELPATH : Win32_NetworkAdapterConfiguration.Index=1
__PROPERTY_COUNT : 61
__DERIVATION : {CIM_Setting}
__SERVER : [hostname]
__NAMESPACE : root\cimv2
__PATH : \\[hostname]\root\cimv2:Win32_NetworkAdapterConfiguration.Index=1
ArpAlwaysSourceRoute :
ArpUseEtherSNAP :
Caption : [00000001] Intel(R) 82574L Gigabit Network Connection
DatabasePath : %SystemRoot%\System32\drivers\etc
DeadGWDetectEnabled :
DefaultIPGateway : {10.200.0.1}
DefaultTOS :
DefaultTTL :
ForwardBufferMemory :
GatewayCostMetric : {256}
IGMPLevel :
InterfaceIndex : 7
IPPortSecurityEnabled :
IPSecPermitIPProtocols : {}
IPSecPermitTCPPorts : {}
IPSecPermitUDPPorts : {}
IPSubnet : {255.255.255.0, 64}
IPUseZeroBroadcast :
IPXAddress :
IPXEnabled :
IPXFrameType :
IPXMediaType :
IPXNetworkNumber :
IPXVirtualNetNumber :
KeepAliveInterval :
KeepAliveTime :
MACAddress : 00:50:56:84:7A:65
MTU :
NumForwardPackets :
PMTUBHDetectEnabled :
PMTUDiscoveryEnabled :
ServiceName : e1iexpress
SettingID : {55EA03B9-CCE1-42F4-BC0B-2AE7A8EEC6F1}
TcpipNetbiosOptions : 0
TcpMaxConnectRetransmissions :
TcpMaxDataRetransmissions :
TcpNumConnections :
TcpUseRFC1122UrgentPointer :
TcpWindowSize :
Scope : System.Management.ManagementScope
Path : \\[hostname]\root\cimv2:Win32_NetworkAdapterConfiguration.Index=1
Options : System.Management.ObjectGetOptions
ClassPath : \\[hostname]\root\cimv2:Win32_NetworkAdapterConfiguration
Properties : {ArpAlwaysSourceRoute, ArpUseEtherSNAP, Caption, DatabasePath...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
>>>>>> Internet settings
DisableCachingOfSSLPages : 1
IE5_UA_Backup_Flag : 5.0
PrivacyAdvanced : 1
SecureProtocols : 2688
User Agent : Mozilla/4.0 (compatible; MSIE 8.0; Win32)
CertificateRevocation : 1
ZonesSecurityUpgrade : {46, 59, 232, 14...}
WarnonZoneCrossing : 1
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
PSChildName : Internet Settings
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry
>>>>>> netstat -abno
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 820
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING 2384
[vmms.exe]
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 968
TermService
[svchost.exe]
TCP 0.0.0.0:5948 0.0.0.0:0 LISTENING 2176
[BASupSrvc.exe]
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 516
Can not obtain ownership information
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 412
EventLog
[svchost.exe]
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 980
Schedule
[svchost.exe]
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 668
[lsass.exe]
TCP 0.0.0.0:49691 0.0.0.0:0 LISTENING 2056
[spoolsv.exe]
TCP 0.0.0.0:49695 0.0.0.0:0 LISTENING 668
[lsass.exe]
TCP 0.0.0.0:49699 0.0.0.0:0 LISTENING 1672
PolicyAgent
[svchost.exe]
TCP 0.0.0.0:49736 0.0.0.0:0 LISTENING 660
Can not obtain ownership information
TCP 10.200.0.26:135 10.200.0.3:51101 ESTABLISHED 820
RpcSs
[svchost.exe]
TCP 10.200.0.26:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 10.200.0.26:3389 10.200.8.152:4415 ESTABLISHED 968
TermService
[svchost.exe]
TCP 10.200.0.26:49668 10.200.0.3:62827 ESTABLISHED 980
Schedule
[svchost.exe]
TCP 10.200.0.26:49746 154.61.132.97:443 ESTABLISHED 2176
[BASupSrvc.exe]
TCP 10.200.0.26:49761 5.153.87.62:443 ESTABLISHED 2432
[agent.exe]
TCP 10.200.0.26:49769 5.153.87.62:443 ESTABLISHED 2432
[agent.exe]
TCP 10.200.0.26:49783 5.153.87.62:443 CLOSE_WAIT 2432
[agent.exe]
TCP 10.200.0.26:49794 40.77.229.41:443 ESTABLISHED 5856
[Explorer.EXE]
TCP 127.0.0.1:49704 127.0.0.1:49705 ESTABLISHED 2284
[EPSecurityService.exe]
TCP 127.0.0.1:49705 127.0.0.1:49704 ESTABLISHED 2284
[EPSecurityService.exe]
TCP 127.0.0.1:49706 127.0.0.1:49707 ESTABLISHED 2284
[EPSecurityService.exe]
TCP 127.0.0.1:49707 127.0.0.1:49706 ESTABLISHED 2284
[EPSecurityService.exe]
TCP 127.0.0.1:49719 0.0.0.0:0 LISTENING 2176
[BASupSrvc.exe]
TCP 127.0.0.1:49719 127.0.0.1:49797 ESTABLISHED 2176
[BASupSrvc.exe]
TCP 127.0.0.1:49719 127.0.0.1:49798 ESTABLISHED 2176
[BASupSrvc.exe]
TCP 127.0.0.1:49797 127.0.0.1:49719 ESTABLISHED 5580
[BASupSrvcCnfg.exe]
TCP 127.0.0.1:49798 127.0.0.1:49719 ESTABLISHED 5580
[BASupSrvcCnfg.exe]
TCP 127.0.0.1:49842 127.0.0.1:49843 ESTABLISHED 2284
[EPSecurityService.exe]
TCP 127.0.0.1:49843 127.0.0.1:49842 ESTABLISHED 2284
[EPSecurityService.exe]
TCP 127.0.0.1:50576 127.0.0.1:49719 TIME_WAIT 0
TCP 127.0.0.1:50577 127.0.0.1:49719 TIME_WAIT 0
TCP 127.0.0.1:50580 127.0.0.1:49719 TIME_WAIT 0
TCP 127.0.0.1:50581 127.0.0.1:49719 TIME_WAIT 0
TCP 127.0.0.1:50583 127.0.0.1:49719 TIME_WAIT 0
TCP 127.0.0.1:50584 127.0.0.1:49719 TIME_WAIT 0
TCP 127.0.0.1:50585 127.0.0.1:49719 TIME_WAIT 0
TCP 127.0.0.1:50587 127.0.0.1:49719 TIME_WAIT 0
TCP [::]:135 [::]:0 LISTENING 820
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:2179 [::]:0 LISTENING 2384
[vmms.exe]
TCP [::]:3389 [::]:0 LISTENING 968
TermService
[svchost.exe]
TCP [::]:5985 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:47001 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:49664 [::]:0 LISTENING 516
Can not obtain ownership information
TCP [::]:49665 [::]:0 LISTENING 412
EventLog
[svchost.exe]
TCP [::]:49668 [::]:0 LISTENING 980
Schedule
[svchost.exe]
TCP [::]:49669 [::]:0 LISTENING 668
[lsass.exe]
TCP [::]:49691 [::]:0 LISTENING 2056
[spoolsv.exe]
TCP [::]:49695 [::]:0 LISTENING 668
[lsass.exe]
TCP [::]:49699 [::]:0 LISTENING 1672
PolicyAgent
[svchost.exe]
TCP [::]:49736 [::]:0 LISTENING 660
Can not obtain ownership information
UDP 0.0.0.0:123 *:* 420
W32Time
[svchost.exe]
UDP 0.0.0.0:161 *:* 2564
[snmp.exe]
UDP 0.0.0.0:500 *:* 980
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3389 *:* 968
TermService
[svchost.exe]
UDP 0.0.0.0:4500 *:* 980
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5050 *:* 420
CDPSvc
[svchost.exe]
UDP 0.0.0.0:5353 *:* 1060
Dnscache
[svchost.exe]
UDP 0.0.0.0:5355 *:* 1060
Dnscache
[svchost.exe]
UDP 0.0.0.0:43212 *:* 2176
[BASupSrvc.exe]
UDP 0.0.0.0:61796 *:* 2176
[BASupSrvc.exe]
UDP 10.200.0.26:137 *:* 4
Can not obtain ownership information
UDP 10.200.0.26:138 *:* 4
Can not obtain ownership information
UDP 10.200.0.26:1900 *:* 3572
SSDPSRV
[svchost.exe]
UDP 10.200.0.26:55821 *:* 3572
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:1900 *:* 3572
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:52630 *:* 1060
NlaSvc
[svchost.exe]
UDP 127.0.0.1:54696 *:* 2384
[vmms.exe]
UDP 127.0.0.1:55822 *:* 3572
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:61051 *:* 668
[lsass.exe]
UDP 127.0.0.1:65508 *:* 980
SessionEnv
[svchost.exe]
UDP [::]:123 *:* 420
W32Time
[svchost.exe]
UDP [::]:161 *:* 2564
[snmp.exe]
UDP [::]:500 *:* 980
IKEEXT
[svchost.exe]
UDP [::]:3389 *:* 968
TermService
[svchost.exe]
UDP [::]:4500 *:* 980
IKEEXT
[svchost.exe]
UDP [::]:5353 *:* 1060
Dnscache
[svchost.exe]
UDP [::]:5355 *:* 1060
Dnscache
[svchost.exe]
UDP [::1]:1900 *:* 3572
SSDPSRV
[svchost.exe]
UDP [::1]:55820 *:* 3572
SSDPSRV
[svchost.exe]
UDP [fe80::3c5c:1ceb:8157:a8d2%7]:1900 *:* 3572
SSDPSRV
[svchost.exe]
UDP [fe80::3c5c:1ceb:8157:a8d2%7]:55819 *:* 3572
SSDPSRV
[svchost.exe]
>>>>>> netstat -rs
IPv4 Statistics
Packets Received = 1035938
Received Header Errors = 0
Received Address Errors = 91
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 392
Received Packets Delivered = 602927
Output Requests = 231576
Routing Discards = 0
Discarded Output Packets = 3
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
IPv6 Statistics
Packets Received = 491
Received Header Errors = 0
Received Address Errors = 126
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 14
Received Packets Delivered = 365
Output Requests = 1191
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 2
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMPv4 Statistics
Received Sent
Messages 122 104
Errors 0 0
Destination Unreachable 0 11
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 31 0
Echo Replies 0 91
Echos 91 2
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0
ICMPv6 Statistics
Received Sent
Messages 21 40
Errors 0 0
Destination Unreachable 0 0
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 24
Router Advertisements 0 0
Neighbor Solicitations 0 8
Neighbor Advertisements 21 8
Redirects 0 0
Router Renumberings 0 0
TCP Statistics for IPv4
Active Opens = 819
Passive Opens = 410
Failed Connection Attempts = 1
Reset Connections = 72
Current Connections = 18
Segments Received = 587614
Segments Sent = 214675
Segments Retransmitted = 433
TCP Statistics for IPv6
Active Opens = 10
Passive Opens = 10
Failed Connection Attempts = 0
Reset Connections = 4
Current Connections = 0
Segments Received = 7377
Segments Sent = 7377
Segments Retransmitted = 0
UDP Statistics for IPv4
Datagrams Received = 16216
No Ports = 54
Receive Errors = 0
Datagrams Sent = 21931
UDP Statistics for IPv6
Datagrams Received = 172
No Ports = 14
Receive Errors = 0
Datagrams Sent = 21
===========================================================================
Interface List
7...00 50 56 84 7a 65 ......Intel(R) 82574L Gigabit Network Connection
1...........................Software Loopback Interface 1
2...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.200.0.1 10.200.0.26 281
10.200.0.0 255.255.255.0 On-link 10.200.0.26 281
10.200.0.26 255.255.255.255 On-link 10.200.0.26 281
10.200.0.255 255.255.255.255 On-link 10.200.0.26 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.200.0.26 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.200.0.26 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.200.0.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
7 281 fe80::/64 On-link
7 281 fe80::3c5c:1ceb:8157:a8d2/128
On-link
1 331 ff00::/8 On-link
7 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
>>>>>> net share
New connections will be remembered.
There are no entries in the list.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment