Server Information Report for 192.168.196.10

INFOSEC Assessment and Vulnerability Windows Scanner version

Server report for 192.168.196.10
Produced Jan 28, 2002 at 9:12
Information is confidential and for internal use only

Base Server Information
Description	Values
Server Name	192.168.196.10
Domain Name
Server Mode	Windows Server
Server Uptime	24 hours 11 minutes 45 seconds
Processor Speed (Mhz)	450
Number of Processors	1
Processor Vendor	GenuineIntel
Physical Memory (MB)	160
Operating System	Microsoft Windows 2000
Service Pack Installed	Unknown
Processor Revision	x86 Family 6 Model 5 Stepping 2
BIOS Version	Phoenix ROM BIOS PLUS Version 1.10 A06
BIOS Date	04/28/99
Processor Type	Intel Pentium II or Pentium II Xeon or Celeron
System Manufacturer	Dell Computer Corporation
System Model	OptiPlex GX1 450MTbr+

Available Disk Drives Found and Current Space Limits
Drive Letter	Maximum Size	Available Free Space
C:	2.00 GB	0.81 GB
D:	2.00 GB	0.95 GB
E:	2.00 GB	0.84 GB
G:	3.87 GB	0.94 GB
H:	4.00 GB	0.81 GB
I:	19.01 GB	17.23 GB

IP Addressing
Address	Subnet	Gateway	DHCP
10.130.1.3	255.255.0.0		No
192.168.196.10	255.255.255.248	192.168.196.9	No

Current Local Security Auditing Settings
Auditable Event	Setting
Process Tracking	None
Restart and Shutdown System	Failure
User/Group Mgmt	Success and Failure
File and Object Access	None
Security Policy Changes	Failure
Logon and Logoff	Failure
Use of User Rights	Failure

List of Hotfixes found installed
Hotfix Name	Description
Q147222/
Q253934/	Windows 2000 Hotfix (Pre-Sp1) [See Q253934 for more information]
Q259728/	Windows 2000 Hotfix (Pre-SP1) [See Q259728 for more information]
Q280838/	Windows 2000 Hotfix (Pre-SP2) [See Q280838 for more information]
Q285985/	Windows 2000 Hotfix (Pre-SP3) [See Q285985 for more information]
Q291845/	Windows 2000 Hotfix (Pre-SP2) [See Q291845 for more information]
Q293826/	Windows 2000 Hotfix (Pre-SP3) [See Q293826 for more information]

List of Local User Accounts and Configuration Settings
User Name	Comment	User UID #	Last Logon	Last Logoff	Disabled	Password Expires	Account Expires	Password Locked	Account Locked Out	No Password Required
Administrator	Built-in account for administering the computer/domain	500	Mon Jan 28 09:08:49 2002	Mon Jan 28 09:08:49 2002	NO	NO	NO	NO	NO	NO
Guest	Built-in account for guest access to the computer/domain	501	Never	Never	YES	NO	NO	YES	NO	YES
home		1003	Wed Sep 26 16:29:40 2001	Wed Sep 26 16:29:40 2001	NO	YES	YES	NO	NO	NO
IUSR_NASHVILLE2000	Built-in account for anonymous access to Internet Information Services	1001	Mon Jan 28 09:09:36 2002	Mon Jan 28 09:09:36 2002	NO	NO	NO	YES	NO	YES
IWAM_NASHVILLE2000	Built-in account for Internet Information Services to start out of process applications	1002	Mon Jan 28 09:09:37 2002	Mon Jan 28 09:09:37 2002	NO	NO	NO	YES	NO	YES
SQLAgentCmdExec	SQL Server Agent CmdExec Job Step Account	1012	Never	Never	NO	NO	NO	YES	NO	NO
TsInternetUser	This user account is used by Terminal Services.	1000	Never	Never	NO	NO	NO	YES	NO	YES

List of Local Groups and Members
Group Name	Domain or Server Account	User Name
Administrators	UKSTAP0030	administrator
Guests	UKSTAP0030	Guest
Guests	UKSTAP0030	TsInternetUser
Guests	UKSTAP0030	IUSR_NASHVILLE2000
Guests	UKSTAP0030	IWAM_NASHVILLE2000
Users	NT AUTHORITY	INTERACTIVE
Users	NT AUTHORITY	Authenticated Users
Users	UKSTAP0030	home
Users	UKSTAP0030	SQLAgentCmdExec
NASHVILLE2000 Admins	BUILTIN	Administrators

Installed Server Services and Status
Display Name	Service Name	State	Account	Executable	Startup
Adiscon EvntSLog	Adiscon EvntSLog	Stopped	LocalSystem	I:\syslog\evntslog.exe	Manual
Alerter	Alerter	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
Network Associates Alert Manager	AlertManager	Running	LocalSystem	H:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE	Automatic
Apache	Apache	Stopped	LocalSystem	"H:\Program Files\Apache Group\Apache\Apache.exe" --ntservice	Manual
Application Management	AppMgmt	Stopped	LocalSystem	H:\WINNT\system32\services.exe	Manual
ASGMonitor	ASGMonitor	Stopped	.\administrator	c:\winnt\system32\srvany.exe	Manual
BlackICE	BlackICE	Stopped	LocalSystem	"H:\Program Files\Network ICE\BlackICE\blackd.exe"	Manual
Computer Browser	Browser	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
Indexing Service	cisvc	Stopped	LocalSystem	H:\WINNT\system32\cisvc.exe	Manual
ClipBook	ClipSrv	Stopped	LocalSystem	H:\WINNT\system32\clipsrv.exe	Manual
Distributed File System	Dfs	Running	LocalSystem	H:\WINNT\system32\Dfssvc.exe	Automatic
DHCP Client	Dhcp	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
DHCP Server	DHCPServer	Stopped	LocalSystem	H:\WINNT\System32\tcpsvcs.exe	Manual
Logical Disk Manager Administrative Service	dmadmin	Stopped	LocalSystem	H:\WINNT\System32\dmadmin.exe /com	Manual
Logical Disk Manager	dmserver	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
DNS Server	DNS	Stopped	LocalSystem	H:\WINNT\System32\dns.exe	Disabled
DNS Client	Dnscache	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
ACE-SNMP Element Manager	ELMTMGR	Stopped	LocalSystem	c:\ace-elmmgr\system\ElmServ.exe	Manual
Enterprise Monitor	EMonitor	Running	LocalSystem	C:\EnterpriseMonitor\em50.exe	Automatic
Event Log	Eventlog	Running	LocalSystem	H:\WINNT\system32\services.exe	Automatic
COM+ Event System	EventSystem	Running	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Manual
Fax Service	Fax	Stopped	LocalSystem	H:\WINNT\system32\faxsvc.exe	Manual
Internet Authentication Service	IAS	Running	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Automatic
IIS Admin Service	IISADMIN	Running	LocalSystem	H:\WINNT\System32\inetsrv\inetinfo.exe	Automatic
Intersite Messaging	IsmServ	Stopped	LocalSystem	H:\WINNT\System32\ismserv.exe	Disabled
Kerberos Key Distribution Center	kdc	Stopped	LocalSystem	H:\WINNT\System32\lsass.exe	Disabled
Kiwi's Syslog Daemon	Kiwi's Syslog Daemon	Running	LocalSystem	H:\Program Files\Syslogd\Syslogd_Service.exe	Automatic
Server	lanmanserver	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
Workstation	lanmanworkstation	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
License Logging Service	LicenseService	Running	LocalSystem	H:\WINNT\System32\llssrv.exe	Automatic
TCP/IP NetBIOS Helper Service	LmHosts	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
TCP/IP Print Server	LPDSVC	Running	LocalSystem	H:\WINNT\System32\tcpsvcs.exe	Automatic
Network Associates McShield	McShield	Running	LocalSystem	"H:\Program Files\Network Associates\NetShield NT\MCSHIELD.EXE"	Automatic
Network Associates Task Manager	McTaskManager	Running	LocalSystem	H:\PROGRA~1\NETWOR~1\NETSHI~1\VSTSKMGR.EXE	Automatic
Messenger	Messenger	Running	LocalSystem	H:\WINNT\System32\services.exe	Automatic
NetMeeting Remote Desktop Sharing	mnmsrvc	Paused	LocalSystem	H:\WINNT\System32\mnmsrvc.exe	Automatic
Distributed Transaction Coordinator	MSDTC	Stopped	LocalSystem	H:\WINNT\System32\msdtc.exe	Manual
FTP Publishing Service	MSFTPSVC	Running	LocalSystem	H:\WINNT\System32\inetsrv\inetinfo.exe	Automatic
Windows Installer	MSIServer	Stopped	LocalSystem	H:\WINNT\system32\msiexec.exe /V	Manual
MSSQLServer	MSSQLServer	Stopped	LocalSystem	H:\MSSQL7\binn\sqlservr.exe	Automatic
Network DDE	NetDDE	Stopped	LocalSystem	H:\WINNT\system32\netdde.exe	Manual
Network DDE DSDM	NetDDEdsdm	Stopped	LocalSystem	H:\WINNT\system32\netdde.exe	Manual
Net Logon	Netlogon	Stopped	LocalSystem	H:\WINNT\System32\lsass.exe	Manual
Network Connections	Netman	Running	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Manual
Network News Transport Protocol (NNTP)	NntpSvc	Stopped	LocalSystem	H:\WINNT\System32\inetsrv\inetinfo.exe	Manual
File Replication	NtFrs	Stopped	LocalSystem	H:\WINNT\system32\ntfrs.exe	Manual
NT LM Security Support Provider	NtLmSsp	Stopped	LocalSystem	H:\WINNT\System32\lsass.exe	Manual
Removable Storage	NtmsSvc	Running	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Automatic
Office Server Extensions Notification Service	OWSTimer	Running	LocalSystem	H:\Program Files\Microsoft Office\Office\OWSTIMER.EXE	Automatic
Perl Socket Service	PerlSock	Running	LocalSystem	G:\Perl\bin\PerlSock.exe	Automatic
PGPsdkService	PGPsdkServ	Running	LocalSystem	H:\WINNT\System32\PGPsdkServ.exe	Automatic
PGPService	PGPService	Running	LocalSystem	"H:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe"	Automatic
Plug and Play	PlugPlay	Running	LocalSystem	H:\WINNT\system32\services.exe	Automatic
IPSEC Policy Agent	PolicyAgent	Stopped	LocalSystem	H:\WINNT\System32\lsass.exe	Disabled
Protected Storage	ProtectedStorage	Running	LocalSystem	H:\WINNT\system32\services.exe	Automatic
Remote Access Auto Connection Manager	RasAuto	Stopped	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Manual
Remote Access Connection Manager	RasMan	Running	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Manual
Routing and Remote Access	RemoteAccess	Running	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Automatic
Remote Registry Service	RemoteRegistry	Running	LocalSystem	H:\WINNT\system32\regsvc.exe	Automatic
Remote Procedure Call (RPC) Locator	RpcLocator	Stopped	LocalSystem	H:\WINNT\System32\locator.exe	Manual
Remote Procedure Call (RPC)	RpcSs	Running	LocalSystem	H:\WINNT\system32\svchost -k rpcss	Automatic
QoS RSVP	RSVP	Stopped	LocalSystem	H:\WINNT\System32\rsvp.exe -s	Manual
Security Accounts Manager	SamSs	Running	LocalSystem	H:\WINNT\system32\lsass.exe	Automatic
Smart Card Helper	SCardDrv	Stopped	LocalSystem	H:\WINNT\System32\SCardSvr.exe	Manual
Smart Card	SCardSvr	Stopped	LocalSystem	H:\WINNT\System32\SCardSvr.exe	Manual
Task Scheduler	Schedule	Running	LocalSystem	H:\WINNT\system32\MSTask.exe	Automatic
RunAs Service	seclogon	Running	LocalSystem	H:\WINNT\system32\services.exe	Automatic
System Event Notification	SENS	Running	LocalSystem	H:\WINNT\system32\svchost.exe -k netsvcs	Automatic
Internet Connection Sharing	SharedAccess	Stopped	LocalSystem	H:\WINNT\System32\svchost.exe -k netsvcs	Manual
Simple Mail Transport Protocol (SMTP)	SMTPSVC	Running	LocalSystem	H:\WINNT\System32\inetsrv\inetinfo.exe	Automatic
SNMP Service	SNMP	Running	LocalSystem	H:\WINNT\System32\snmp.exe	Automatic
SNMP-Sentry Framework	SNMP-Sentry	Stopped	LocalSystem	c:\snmp-sentry\system\FxServ.exe	Manual
SNMP Trap Service	SNMPTRAP	Stopped	LocalSystem	H:\WINNT\System32\snmptrap.exe	Manual
Print Spooler	Spooler	Stopped	LocalSystem	H:\WINNT\system32\spoolsv.exe	Manual
SQLServerAgent	SQLServerAgent	Stopped	LocalSystem	H:\MSSQL7\binn\sqlagent.exe	Manual
Performance Logs and Alerts	SysmonLog	Stopped	LocalSystem	H:\WINNT\system32\smlogsvc.exe	Manual
Telephony	TapiSrv	Running	LocalSystem	H:\WINNT\System32\svchost.exe -k tapisrv	Manual
Terminal Services	TermService	Running	LocalSystem	H:\WINNT\System32\termsrv.exe	Automatic
Telnet	TlntSvr	Stopped	LocalSystem	H:\WINNT\system32\tlntsvr.exe	Manual
Distributed Link Tracking Server	TrkSvr	Stopped	LocalSystem	H:\WINNT\system32\services.exe	Manual
Distributed Link Tracking Client	TrkWks	Running	LocalSystem	H:\WINNT\system32\services.exe	Automatic
Uninterruptible Power Supply	UPS	Stopped	LocalSystem	H:\WINNT\System32\ups.exe	Manual
Utility Manager	UtilMan	Stopped	LocalSystem	H:\WINNT\System32\UtilMan.exe	Manual
Windows Time	W32Time	Stopped	LocalSystem	H:\WINNT\System32\services.exe	Manual
World Wide Web Publishing Service	W3SVC	Running	LocalSystem	H:\WINNT\System32\inetsrv\inetinfo.exe	Automatic
Windows Management Instrumentation	WinMgmt	Running	LocalSystem	H:\WINNT\System32\WBEM\WinMgmt.exe	Automatic
Windows Internet Name Service (WINS)	WINS	Stopped	LocalSystem	H:\WINNT\System32\wins.exe	Manual
VNC Server	winvnc	Stopped	LocalSystem	"H:\Program Files\ORL\VNC\WinVNC.exe" -service	Manual
WMDM PMSP Service	WMDM PMSP Service	Running	LocalSystem	H:\WINNT\System32\mspmspsv.exe	Automatic
Windows Management Instrumentation Driver Extensions	Wmi	Running	LocalSystem	H:\WINNT\system32\Services.exe	Manual
MySql	MySql	Stopped	LocalSystem	G:/php-nuke/m/bin/mysqld-shareware.exe	Disabled

Installed Software Found Listed Under The Uninstall Key
Software Description
1st Page 2000 2.00 Free
AY Spy
AceHTML 4 Freeware
ActivePerl Build 620
ActivePerl build 518
ActiveState Komodo 1.1.2 Build 23917
ActiveState Perl Dev Kit Build 208
Adobe Acrobat 4.0
Advanced Administrative Tools
Apache HTTP Server 1.3.22
Aventail Connect 4.1.2
BlackICE
Citrix ICA Client
Copernic 2001 Basic
Cybercop Scanner
DBTools
EventReporter
Excel Key - 4.1.1 Demo
Extranet Access Client
GNATBox
HWTools
IPsearch
Java 2 Runtime Environment Standard Edition v1.3.1
Kiwi Logfile Viewer
Kiwi Syslog Daemon
Kiwi's CatTools
L0phtCrack 2.5
LANgaurd Network Scanner
MSN Messenger 4.6
Microsoft FrontPage 98
Microsoft Image Composer 1.5
Microsoft Internet Explorer 6
Microsoft Money 2001
Microsoft Office 2000 SR-1 Professional
Microsoft SQL Server 7.0
NetLab for Win95/NT
NetShield NT v4.0.3a (Licensed)
Netscape Communicator 4.77
New.net Application
Office Server Extensions
Opera 5 (Win32)
PGP Desktop Security 7.0
QuickCam
RealDownload
RealJukebox
RealPlayer 5.0
RealPlayer Basic
Remote Desktop Connection
Retina
Sam Spade version 1.14
SystemTools DumpSec
TaxCut 2001
UltraEdit-32 Uninstall
Van Dyke Technologies SecureCRT 3.3
Visio Enterprise
Web Page Creator
WebFldrs
WebStripper
WinVNC 3.3.3
WinZip
Windows 2000 Hotfix (Pre-SP1) [See Q259728 for more information]
Windows 2000 Hotfix (Pre-SP2) [See Q280838 for more information]
Windows 2000 Hotfix (Pre-SP2) [See Q291845 for more information]
Windows 2000 Hotfix (Pre-SP3) [See Q285985 for more information]
Windows 2000 Hotfix (Pre-SP3) [See Q293826 for more information]
Windows 2000 Hotfix (Pre-Sp1) [See Q253934 for more information]
Windows Media Player 7.1
Windows Registry Guide
b3d Projector
inzider
webHancer Customer Companion

Local Security Policy Settings and Recommendations
Key Description	Current Value	Recommended Value	Rating
Additional restrictions for anonymous connections	1	2	Recommended
Allow server operators to schedule tasks (domain controllers only)	0	0	Recommended
Allow system to be shut down without having to log on	0	Disabled	Critical
Allowed to eject removable NTFS media	0	Administrators
Amount of idle time required before disconnecting session	15	0x3c 60 minutes	Recommended
Audit the access of global system objects	0	0	Recommended
Audit use of Backup and Restore privilege	0	0	Recommended
Automatically log off users when logon time expires	1	1	Critical
Clear virtual memory pagefile when system shuts down	0	Disabled	Recommended
Digitally sign client communication (always)	0	0	Recommended
Digitally sign client communication (when possible)	1	1	Recommended
Digitally sign server communication (always)	0	0	Recommended
Digitally sign server communication (when possible)	0	1	Recommended
Disable Ctrl+Alt+Del requirement for to logon	0	Disabled	Critical
Do not display last username in logon screen	0	Enabled	Critical
LAN Manager Authentication Level	0	1	Critical
Message text for users attempting to log on			Critical
Message title for users attempting to log on			Critical
Number of previous logons to cache (in case domain controller is not available)	10	10 logons	Recommended
Prevent system maintenance of server account password	0	Enabled	Recommended
Prevent users from installing printer drivers	1	1	Recommended
Prompt user to change password before expiration	14	0x0e 14 days	Recommended
Recovery Console - Allow automatic administrative logon	0	Disabled
Recovery Console - Allow floppy copy and access to all drives and all folders	0	Disabled
Restrict CD-ROM access to locally logged-on user only	0	Disabled	Recommended
Restrict floppy access to locally logged-on user only	0	Disabled	Recommended
Encrypt or sign secure channel data (always)	0	Disabled	Recommended
Encrypt secure channel data (when possible)	1	Enabled	Recommended
Sign secure channel data (when possible)	1	Enabled	Recommended
Require strong (Windows 2000) session key	0	Disabled	Recommended
Send unencrypted password to connect to SMB servers	0	Disabled	Recommended
Shut down system if unable to log security audits	0	Disabled	Recommended
Smart card removal behavior	0	No Action	Recommended
Strengthen default permissions of global system objects (e.g. Symbolic Links)	1	Enabled	Recommended

Registry Settings Current and Recommended
Key Description	Current Value	Recommended Value	Rating
Default Domain Name	UKSTAP0030	US	Info
Number of Cached Logons	10	3	Info
Automatic Admin Logon	0	0	Required
Shutdown without loggin in	0	0	Required
Restrict Anonymous network access	1	1	Required
Restrict Null Sessions		1	Info
Restrict adding Print Drivers	1	1	Info
Restrict access to Command Scheduler	0	0	Required
Disable CDROM Autorun	1	1	Info
Enable truncationg file extensions	1	0	Info
Idle Network time	15	30	Info
Disable auto admin share creation		0	Info
Reboot on BSOD	1	1	Info
Dump swap on crash	1	1	Info
Send alerts to		1	Info
Restrict Application log		1	Required
Restrict System log		1	Required
Restrict Security log		1	Required
Posix subsystem existance	Not Found	Not Found	Required
OS/2 subsystem existance	Not Found	Not Found	Required
Os2LibPath existance	Not Found	Not Found	Required
Restrict 8.3 compatable file names	0	1	Info
Authentication Scheme	0	1	Info
Disable save password for RAS		1	Info
Stop Known DLL Exploits	1	1	Required
CDROM local access only	0	1	Info
Floppy drive local access only	0	1	Info
Disable IP Source Routing		1	Info
Enable SynAttackProtection		2	Required
W2K - Do not display last username	0	1	Required
W2K - Legal Notice Caption		1	Required
W2K - Legal Notice Text		1	Required
W2K - Shutdown without loggin in	0	0	Required
W2K - Terminal Server enabled		1
W2K - Terminal Server version	5.0	5.0
Def Watch	Not Found
Nav Corp	Not Found

Key Values of \System\CurrentControlSet\Services\EventLog\Application
Key Name	Values
/DisplayNameFile	%SystemRoot%\system32\els.dll
/DisplayNameID	256
/File	%SystemRoot%\system32\config\AppEvent.Evt
/MaxSize	524288
/PrimaryModule	Application
/Retention	0
/	mnmsrvc
/Sources	Visio Data CollectorADAL SNMPWSHWMDM PMSP ServiceWinsCtrsWinMgmtWinlogonWindows 3.1 MigrationW3CtrsVBRuntimeUserinitUserenvTlntsvrTimbuktu ProSysmonLogSQLServerProfilerSQLServerAgentSQLCTR70SpoolerCtrsSoftware InstallationSclgNtfySceSrvSceCliPlugPlayManagerPhone Book ServicePGPservicePGPsdkServPerlMsgPerfProcPerfOSPerfNetPerfmonPerflibPerfDiskPerfctrsOffline FilesOffice Web ServerOakleyntbackupMSSQLServerMsiInstallerMSDTC ClientMSDTCmnmsrvcMcLogEventMcAutoUpdateLPR Print MonitorLoadPerfLicenseServiceLANGuard Port ScannerKiwi's Syslog DaemonKiwi Syslog DaemonJava VMIPSECPolicyStorageIISInfoCtrsIISADMINIExploreHTTPEXThpmonHostMIBAgentFtpCtrsFrontPage 4.0FrontPage 3.0Folder RedirectionFile DeploymentFax ServiceEvntAgntEventSystemESENTEnterprise MonitorDrWatsonDiskQuotaDataTransformationServicesCOM+CiChkdskCertSvcAutochkApplication ManagementAPGTSApache ServiceAlertManagerAdiscon EvntSLogActive Server PagesApplication

Key Values of \system\CurrentControlSet\Services\EventLog\Security
Key Name	Values
/DisplayNameFile	%SystemRoot%\system32\els.dll
/DisplayNameID	257
/File	%SystemRoot%\System32\config\SecEvent.Evt
/MaxSize	524288
/PrimaryModule	Security
/Retention	0
/Security	��0��x�� #� � %�
/Sources	SpoolerSecurity Account ManagerSC ManagerNetDDE ObjectLSADSSecurity

Key Values of \system\CurrentControlSet\Services\EventLog\System
Key Name	Values
/DisplayNameFile	%SystemRoot%\system32\els.dll
/DisplayNameID	258
/File	%SystemRoot%\system32\config\SysEvent.Evt
/MaxSize	524288
/PrimaryModule	System
/Retention	0
/Sources	WorkstationWmiWINSWindows Script HostWindows File ProtectionWin32kWAMW3SVCW32TimeVgaSaveUPSultra66udfsTermServiceTermServDevicesTermDDtdiTCPMonTcpipsym_hisymc8xxsymc810StillImageSrvsparrowSNMPTRAPSNMPsndblstSMTPSVCSimbadsglfbsfloppyService Control ManagerServerserialscsiportScheduleSchannelSCardSvrSave DumpSAMRSVPRemovable Storage ServiceRemoteAccessredbookRdbssRasManRasAutoql2100ql1240ql10wntql1080PrintPptpMiniportPolicyAgentPGPdiskpcmciapciidepciparvdmparportparallelOSPFMibOSPFnullNtServicePackNTMSntfsnpfsNNTPSVCNetlogonNetDDENetBTNetBIOSNdisWanndisncrc710MupMSFTPSVCmsfsmsadlibMrxSmbmraid35xmouclassModemLsaSrvLPDSVClp6nds35LmHostsLDMSLDMlbrtfdcKerberosKDCkbdclassisapnpIPXSAPIPXRouterManagerIPXRIPIPXCPipsraidnIPSECIPRouterManagerIPRIP2IPNATHLPIPBOOTPintelideini910uIISMAPIISLOGIISCTLSIASi8042prtftdiskfs_recflpydiskflashpntfireportfdcfd16_700fastfateventlogEL90XefsE100BDnscacheDnsapidmiodmbootDistributed Link Tracking ServerDistributed Link Tracking ClientdiskperfdiskDHCPServerDhcpDfsSvcDfsDriverdeckzpsxDCOMdac960ntcpqfws2ecpqfcalmcpqarry2cpqarraychangercdromCdmcdfscdaudiocd20xrntbuslogicBrowserbeepAtmElanAtmarpcatirage3atdiskatapiAsyncMacasc3550asc3350pascApplication Popupamsintami0ntAlerteraic78xxaic78u2aic116xaha154xadpu160macpiecacpiabp480n5abiosdskSystem

Key Values of \System\CurrentControlSet\Services\Lanmanserver\parameters
Key Name	Values
/autodisconnect	15
/enableforcedlogoff	1
/enablesecuritysignature	0
/requiresecuritysignature	0
/NullSessionPipes	COMNAPCOMNODESQL\QUERYSPOOLSSLLSRPCEPMAPPERLOCATORTrkWksTrkSvrCERTPlughNTCommand
/NullSessionShares	COMCFGDFS$
/Lmannounce	0
/Size	3
/Guid	MN��PS�C��G�<
/CachedOpenLimit	0
/IRPStackSize	8
/MaxMpxCt	511

Key Values of \System\CurrentControlSet\Services\RemoteAccess\Parameters\Ip
Key Name	Values
/AllowClientIpAddresses	0
/AllowNetworkAccess	1
/EnableIn	1
/UseDhcpAddressing	0
/EnableRoute	1
/NetworkAdapterGUID	{40FAA3CA-D08E-4464-AB8D-59A80F9EBF8E}

Key Values of \System\CurrentControlSet\Services\SNMP
Key Name	Values
/Type	16
/Start	2
/ErrorControl	1
/ImagePath	%SystemRoot%\System32\snmp.exe
/DisplayName	SNMP Service
/DependOnService	EventLog
/DependOnGroup
/ObjectName	LocalSystem
/Description	Includes agents that monitor the activity in network devices and report to the network console workstation.

Key Values of \System\CurrentControlSet\Services\SNMP\Parameters
Key Name	Values
/EnableAuthenticationTraps	1
/NameResolutionRetries	16

Key Values of \System\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents
Key Name	Values
/1	SOFTWARE\Microsoft\LANManagerMIB2Agent\CurrentVersion
/2	SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion
/3	SOFTWARE\Microsoft\HostMIB\CurrentVersion
/4	SOFTWARE\Microsoft\SNMPMIB\CurrentVersion
/5	SOFTWARE\Microsoft\SNMP_EVENTS\CurrentVersion
/6	SOFTWARE\Microsoft\ACS\CurrentVersion
/7	SOFTWARE\Microsoft\IGMPMibAgent\CurrentVersion
/8	SOFTWARE\Microsoft\IPMulticastMibAgent\CurrentVersion
/9	SOFTWARE\Microsoft\RIPMibAgent\CurrentVersion
/10	SOFTWARE\Microsoft\OSPFMibAgent\CurrentVersion
/11	SOFTWARE\Microsoft\BOOTPMibAgent\CurrentVersion
/12	SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion
/13	SOFTWARE\Microsoft\WINSMibAgent\CurrentVersion
/14	SOFTWARE\Microsoft\IASAgent\CurrentVersion
/0	Software\Microsoft\W3SVC\CurrentVersion
/15	Software\Microsoft\MSFTPSVC\CurrentVersion
/McALSNMP	SOFTWARE\McAfee\McAlSNMP\CurrentVersion
/19	SOFTWARE\Microsoft\DHCPMibAgent\CurrentVersion
/PerfAgent	SOFTWARE\Microsoft\PerformanceAgent\CurrentVersion
/20	SOFTWARE\Microsoft\MSSQLServer\SNMP\CurrentVersion

Key Values of \System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers
Key Name	Values

Key Values of \System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities
Key Name	Values
/kaitli2	4
/noaccess	4

Key Values of \System\CurrentControlSet\Services\TCPIP\Parameters
Key Name	Values
/NV Hostname	ukstap0030
/DataBasePath	%SystemRoot%\System32\drivers\etc
/NameServer
/ForwardBroadcasts	0
/IPEnableRouter	0
/Domain	home.com
/Hostname	ukstap0030
/SearchList
/UseDomainNameDevolution	1
/EnableICMPRedirect	0
/DeadGWDetectDefault	0
/DontAddDefaultGatewayDefault	1
/EnableSecurityFilters	0
/AllowUnqualifiedQuery	0
/PrioritizeRecordData	1
/NV Domain	home.com

Key Values of \System\CurrentControlSet\Services\TCPIP\Parameters\PersistentRoutes
Key Name	Values

Key Values of \System\CurrentControlSet\Services\MSFTPSVC\Parameters
Key Name	Values
/MajorVersion	5
/MinorVersion	0
/InstallPath	H:\WINNT\System32\inetsrv
/AllowGuestAccess	0
/EnablePortAttack	0

Key Values of \System\CurrentControlSet\Services\MSFTPSVC\Parameters\Vitual Roots
Key Name	Values

Key Values of \system\CurrentControlSet\Services\W3SVC\Parameters
Key Name	Values
/MajorVersion	5
/MinorVersion	0
/InstallPath	H:\WINNT\System32\inetsrv
/CertMapList	H:\WINNT\System32\inetsrv\iiscrmap.dll
/AccessDeniedMessage	Error: Access is Denied.
/Filter DLLs
/LogFileDirectory	H:\WINNT\System32\LogFiles

Key Values of \system\CurrentControlSet\Services\W3SVC\Parameters\Script Map
Key Name	Values

Key Values of \system\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots
Key Name	Values
//	C:\netsecadmin.com,,201
//PBServer	H:\Program Files\Phone Book Service\Bin,,5
//PBSData	H:\Program Files\Phone Book Service\Data,,1
//MSOffice	H:\Program Files\Microsoft Office\Office\Scripts1\1033\,,205
//cgi-bin	C:\netsecadmin.com\cgi-bin,,207
//Printers	H:\WINNT\web\printers,,201
//_vti_bin	H:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\isapi,,205

Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Key Name	Values
/WinVNC	"H:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
/ShStatEXE	"H:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE" /STANDALONE
/PrinTray	H:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
/LVComs	H:\WINNT\System32\LVComS.exe
/RealTray	H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
/New.net Startup	rundll32 H:\WINNT\NEWDOT~2.DLL,NewDotNetStartup
/LoadQM	loadqm.exe
/webHancer Agent	"H:\Program Files\webHancer\Programs\whAgent.exe"

Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Key Name	Values

Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Key Name	Values

Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Key Name	Values

Key Values of \SOFTWARE\Microsoft\MSSQLServer\Setup
Key Name	Values
/SQLPath	H:\MSSQL7
/SQLDataRoot	H:\MSSQL7
/SourcePath	F:

Key Values of \SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion
Key Name	Values
/checksum	7822c158ae7d4cd750da034b7dc37b47526edba6c365c54d4a2a37f30b6e1918aa8105ab7d9ead515134652719c9f63d8bd739d0f91a623cbe10600cc4554c7a9d0748c0a3c3c22e7a2598a73fed13
/RegisteredOwner	bb
/SerialNumber	2160263232
/CurrentVersion	7.00.623

Key Values of \Software\Microsoft\Windows\CurrentVersion\Uninstall
Key Name	Values

Display of Selected Configuration Files

File = boot.ini
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(2)\WINNT [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Server" /fastdetect signature(85c4d37b)disk(1)rdisk(0)partition(3)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00" multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00 [VGA mode]" /basevideo /sos

Display of Selected Configuration Files

File = boot.ini

[boot loader]
 timeout=30
 default=multi(0)disk(0)rdisk(0)partition(2)\WINNT
 [operating systems]
 multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Server" /fastdetect
 signature(85c4d37b)disk(1)rdisk(0)partition(3)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect
 multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00" 
 multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00 [VGA mode]" /basevideo /sos

Running Processes
PID	Process	CPU	CPU-Time	Memory	PF	Virtual	Priority	Threads
0	Idle	95.30	23:54:44	16	1	0	Unknown	1
8	System	0.17	0:0:39	212	5238	24	Normal	47
184	smss	0.00	0:0:0	348	628	1092	High	6
212	csrss	0.00	0:0:27	1108	7376	1604	High	12
236	winlogon	0.00	0:0:2	2480	5838	5620	High	17
264	services	0.00	0:0:23	5384	6448	4756	Normal	38
276	lsass	0.00	0:0:2	5424	2607	3432	High	14
372	rundll32	0.00	0:0:0	4700	1251	3552	Normal	4
456	svchost	0.00	0:0:0	3000	1560	2896	Normal	10
484	Languard	0.00	0:5:19	968	4513	5392	Normal	6
524	amgrsrvc	0.00	0:0:0	3240	846	1952	Normal	4
544	em50	0.00	0:0:0	1392	1062	2828	Normal	5
560	svchost	0.00	0:0:4	5912	14008	9052	Normal	30
592	Syslogd_Service	0.00	0:0:0	4804	2269	4676	Normal	8
688	llssrv	0.00	0:0:0	1916	478	724	Normal	10
732	tcpsvcs	0.00	0:0:0	1552	936	2384	Normal	5
752	Mcshield	0.00	0:1:18	4328	99162	2912	High	11
792	VsTskMgr	0.00	0:0:0	2640	1610	3000	Normal	9
856	mnmsrvc	0.00	0:0:0	1508	374	452	Normal	2
908	OWSTIMER	0.00	0:0:2	3372	1908	2688	Normal	4
920	PerlSock	0.00	0:0:1	1976	2208	10712	Normal	5
932	PGPsdkServ	0.00	0:0:0	1616	512	460	Normal	4
968	regsvc	4.01	0:0:2	1336	7552	632	Normal	4
980	mstask	0.00	0:0:0	2336	1143	2424	Normal	8
1000	snmp	0.00	0:0:0	2876	1606	3436	Normal	9
1072	termsrv	0.00	0:0:0	3316	1047	1872	Normal	12
1076	UEDIT32	0.00	0:0:33	2628	10137	2360	Normal	3
1100	explorer	0.00	0:0:44	8096	133618	9884	Normal	17
1108	winmgmt	0.00	0:0:10	176	6650	664	Normal	3
1144	mspmspsv	0.00	0:0:0	1368	339	400	Normal	2
1160	inetinfo	0.00	0:0:6	5300	4180	7736	Normal	31
1184	PGPservice	0.00	0:0:0	2228	793	792	Normal	5
1196	sqlmangr	0.00	0:0:0	2476	731	772	Normal	3
1236	svchost	0.00	0:0:0	3044	893	1484	Normal	11
1292	whAgent	0.00	0:0:2	4776	7715	4340	Normal	15
1328	IEXPLORE	0.00	0:0:20	9912	9774	9848	Normal	14
1336	dfssvc	0.00	0:0:0	1236	310	360	Normal	2
1468	shstat	0.00	0:0:0	2768	772	1380	Normal	1
1540	PGPtray	0.00	0:0:0	3836	1371	3172	Normal	6
1576	OUTLOOK	0.00	0:2:1	6420	34775	9996	Normal	18
1604	blackice	0.00	0:0:1	3336	846	1008	Normal	2
1612	msmsgs	0.00	0:0:0	2356	2414	7472	Normal	7
1628	loadqm	0.00	0:0:0	1936	1574	3056	Normal	7
1640	realplay	0.00	0:0:21	3004	5490	3204	Normal	7
1644	LVComS	0.00	0:0:0	1984	495	660	Normal	2
1676	winmysqladmin.e	0.00	0:0:4	1640	1501	2684	Normal	2
1932	dllhost	0.00	0:0:0	7136	1826	4232	Normal	30
1984	cmd	0.00	0:0:0	80	1646	880	Normal	2
2204	Copernic	0.00	0:0:15	1528	8841	7944	Normal	11
2244	mstsc	0.00	0:0:12	3756	5484	7228	Normal	12
2308	dllhost	0.00	0:0:0	3508	2791	1324	Normal	10
2452	mdm	0.00	0:0:0	2116	671	724	Normal	4

Check SQL SA account for bad passwords
Username	Password	Status
No SQL server connection established

Query SNMP Service

Check SNMP access using default community strings Public and Private
Community	Access
Public	Failed
Private	Failed

URL Exploit Scan of Web Server
Status	Response Code	URL used
FOUND	200	/_vti_inf.html

Open TCPIP ports found
Port Number	Description
21	ftp
25	smtp
80	http
135	ntrpc-or-dce
139	netbios-ssn
443	https
445	microsoft-ds
515	printer
1723	pptp
3389	TermServ
8080	WWW-Proxy